piodor utworzono 30 czerwca 2008 utworzono 30 czerwca 2008 (edytowane) Nie wiem czy zamieszczam temat w odpowiednim miejscu.. Jeśli nie to prosze o przeniesienie.. Mam problem zainstalowalem jakis syf ostatnio i zamula mi kompa... Wszystko byłoby ok gdyby nie to ze on nie chce sie usunąć, a po drugie zablokował mi dostęp do managera zadań... Dam teraz kilka screenów żeby bardziej zobrazować problem.. 1 : http://www.fotosik.pl/pokaz_obrazek/049ffe207358f483.html 2 : http://www.fotosik.pl/pokaz_obrazek/7f0856d9940515dc.html 3 : http://www.fotosik.pl/pokaz_obrazek/58a326e422e4787d.html 4 : http://www.fotosik.pl/pokaz_obrazek/9bc5be0656d191f8.html 5 : http://www.fotosik.pl/pokaz_obrazek/bd80d38e39dfe337.html 6 : http://www.fotosik.pl/pokaz_obrazek/bd5bd26283abc93b.html Proszę o szybką pomoc ...z góry dziękje //no fakt , nie ten dział //przenoszę -> bezpieczeństwo
Jaskol komentarz 30 czerwca 2008 komentarz 30 czerwca 2008 Daj logi z HijackThis i ComboFix przeskanuj kompa http://www.kaspersky.pl/virusscanner.html
rcwawa komentarz 30 czerwca 2008 komentarz 30 czerwca 2008 tez mialem kiedys cos podobnego do odinstalowania uzyj revo uninstaller i daj zeby odinstalowal w trybie tym zaawansowany czy jakos tak, w kazdym razie jest na samym dole. I jeszcze podeslij logi
piodor komentarz 30 czerwca 2008 Autor komentarz 30 czerwca 2008 tylko chodzi o to że nie za bardzo jest co odinstalowywać bo nie ma tego nawet w katalogu program files ani na c ani na zadnej innej partycji... revo nie znajduje tego... nadal mi wyskakuje "wykrzyknik w trójkącie" w trayu, jak na niego najade i klikne to znika, a jak zmienie tapete to zaraz wraca do takiej jaka pokazalem na screenach ... pls help
rcwawa komentarz 30 czerwca 2008 komentarz 30 czerwca 2008 musisz dac te logi z HijackThis i ComboFix'a
piodor komentarz 30 czerwca 2008 Autor komentarz 30 czerwca 2008 LOG Z HAJDZAKA Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:38:37, on 2008-06-30Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20661)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\netdde.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\cGlvZG9y\command.exeC:\Program Files\Network Monitor\netmon.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\SMC\SMC2862W-G EZ Connect g 802.11g Wireless USB 2.0 Adapter\PRISMSVR.EXEC:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exeC:\Program Files\Ad Muncher\AdMunch.exeC:\WINDOWS\Fonts\svchost.exeC:\Documents and Settings\dorsz\winlogon.exeC:\Documents and Settings\dorsz\lsass.exeC:\WINDOWS\mrofinu1000106.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Gadu-Gadu\gg.exeC:\WINDOWS\system32\jswnw64o.exeC:\WINDOWS\system32\devldr32.exeC:\WINDOWS\system32\scnttkdm.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\regedit.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaF2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initializeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\SMC\SMC2862W-G EZ Connect g 802.11g Wireless USB 2.0 Adapter\PRISMSVR.EXE" /APPLYO4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exeO4 - HKLM\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /btO4 - HKLM\..\Run: [GammaAdjuster] C:\DOCUME~1\dorsz\USTAWI~1\Temp\Rar$EX00.713\GammaAdjuster\GammaAdjuster.exeO4 - HKLM\..\Run: [bearShare] "C:\Program Files\BearShare\BearShare.exe" /pauseO4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exeO4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\dorsz\winlogon.exeO4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\dorsz\lsass.exeO4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310O4 - HKLM\..\Run: [{E9-95-59-99-DW}] C:\WINDOWS\system32\jswnw64o.exe DWrvgFFO4 - HKLM\..\Run: [0c7e9536] rundll32.exe "C:\WINDOWS\system32\snnqdrcl.dll",bO4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\scnttkdm.exe DWrvgFFO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -hO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\scnttkdm.exeO4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jswnw64o.exeO8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_frameO8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_imageO8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_i...id=menu_ie_linkO8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_i...menu_ie_excludeO8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_i...=menu_ie_reportO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virussca...can_unicode.cabO23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\cGlvZG9y\command.exeO23 - Service: hpdj - HP - C:\DOCUME~1\dorsz\USTAWI~1\Temp\hpdj.exeO23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe--End of file - 7871 bytes LOG Z SDFix: catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-06-30 19:07:34Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ...scanning hidden services & system hive ...[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016930007ce]"00188d400e69"=hex:48,e3,be,3a,46,15,a3,e5,74,1a,e2,ea,34,05,74,76[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016930007ce]"00188d400e69"=hex:48,e3,be,3a,46,15,a3,e5,74,1a,e2,ea,34,05,74,76scanning hidden registry entries ...scanning hidden files ... i jeszcze Z COMBOFIX: 2005-07-29 16:24 472 --a------ C:\Qoobox\Quarantine\C\WINDOWS\cGlvZG9y\w35St36V.vbs.vir2005-08-02 16:46 187904 --a------ C:\Qoobox\Quarantine\C\WINDOWS\cGlvZG9y\asappsrv.dll.vir2005-08-02 16:58 293888 --a------ C:\Qoobox\Quarantine\C\WINDOWS\cGlvZG9y\command.exe.vir2006-01-03 17:45 1989 --a------ C:\Qoobox\Quarantine\C\WINDOWS\uninstall_nmon.vbs.vir2006-01-04 18:09 94208 --a------ C:\Qoobox\Quarantine\C\Program Files\Network Monitor\netmon.exe.vir2007-04-26 06:30 29184 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\MSINET.oca.vir2007-09-24 02:05 279600 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pac.txt.vir2008-06-30 12:00 278545 --a------ C:\Qoobox\Quarantine\C\WINDOWS\Fonts\svchost.exe.vir2008-06-30 12:01 52224 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\dorsz\lsass.exe.vir2008-06-30 12:02 4 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\hljwugsf.bin.vir2008-06-30 12:02 41984 --a------ C:\Qoobox\Quarantine\C\WINDOWS\mrofinu1000106.exe.vir2008-06-30 12:02 41984 --a------ C:\Qoobox\Quarantine\C\WINDOWS\mrofinu1188.exe.vir2008-06-30 12:02 687592 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\atmtd.dll._.vir2008-06-30 12:02 687592 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\atmtd.dll.vir2008-06-30 12:03 399944 --a------ C:\Qoobox\Quarantine\C\WINDOWS\84.exe.vir2008-06-30 12:03 49156 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rwwnw64d.exe.vir2008-06-30 12:05 278546 --a------ C:\Qoobox\Quarantine\C\WINDOWS\Fonts\Setup.exe.vir2008-06-30 12:06 284672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wvUlliIX.dll.vir2008-06-30 12:13 148 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\msnav32.ax.vir2008-06-30 12:14 200774 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\scnttkdm.exe.vir2008-06-30 12:14 858 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\winpfz33.sys.vir2008-06-30 12:26 21 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\zxdnt3d.cfg.vir2008-06-30 17:43 680 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\dorsz\Menu Start\Programy\Autostart\Deewoo.lnk.vir2008-06-30 17:44 35840 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\dorsz\services.exe.vir2008-06-30 17:48 113240 --a------ C:\Qoobox\Quarantine\C\WINDOWS\Fonts\a.zip.vir2008-06-30 19:12 143 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mcrh.tmp.vir2008-06-30 19:20 14 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Dane aplikacji\NetMon\domains.txt.vir2008-06-30 19:20 2241 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\XIillUvw.ini.vir2008-06-30 19:20 2241 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\XIillUvw.ini2.vir2008-06-30 19:20 6324 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Dane aplikacji\NetMon\log.txt.vir2008-06-30 19:30 1072 --a------ C:\Qoobox\Quarantine\Registry_backups\Legacy_CMDSERVICE.reg.dat2008-06-30 19:30 1122 --a------ C:\Qoobox\Quarantine\Registry_backups\Legacy_NETWORK_MONITOR.reg.dat2008-06-30 19:30 2522 --a------ C:\Qoobox\Quarantine\Registry_backups\Service_cmdService.reg.dat2008-06-30 19:30 2822 --a------ C:\Qoobox\Quarantine\Registry_backups\Service_Network Monitor.reg.dat2008-06-30 19:32 54 --a------ C:\Qoobox\Quarantine\catchme.log2008-06-30 19:36 11008 --a------ C:\Qoobox\Quarantine\C\WINDOWS\cpan.dll.vir2008-06-30 19:36 12800 --a------ C:\Qoobox\Quarantine\C\WINDOWS\astctl32.ocx.vir2008-06-30 19:36 14592 --a------ C:\Qoobox\Quarantine\C\WINDOWS\helpcvs.exe.vir2008-06-30 19:36 15872 --a------ C:\Qoobox\Quarantine\C\WINDOWS\avpcc.dll.vir2008-06-30 19:36 15872 --a------ C:\Qoobox\Quarantine\C\WINDOWS\gfmnaaa.dll.vir2008-06-30 19:36 16128 --a------ C:\Qoobox\Quarantine\C\WINDOWS\directx32.exe.vir2008-06-30 19:36 17920 --a------ C:\Qoobox\Quarantine\C\WINDOWS\funny.exe.vir2008-06-30 19:36 19712 --a------ C:\Qoobox\Quarantine\C\WINDOWS\editpad.exe.vir2008-06-30 19:36 20480 --a------ C:\Qoobox\Quarantine\C\WINDOWS\explorer32.exe.vir2008-06-30 19:36 25856 --a------ C:\Qoobox\Quarantine\C\WINDOWS\ctfmon32.exe.vir2008-06-30 19:36 28928 --a------ C:\Qoobox\Quarantine\C\WINDOWS\dnsrelay.dll.vir2008-06-30 19:36 29440 --a------ C:\Qoobox\Quarantine\C\WINDOWS\clrssn.exe.vir2008-06-30 19:36 29440 --a------ C:\Qoobox\Quarantine\C\WINDOWS\funniest.exe.vir2008-06-30 19:36 31744 --a------ C:\Qoobox\Quarantine\C\WINDOWS\accesss.exe.vir2008-06-30 19:36 32512 --a------ C:\Qoobox\Quarantine\C\WINDOWS\ctrlpan.dll.vir2008-06-30 19:36 32512 --a------ C:\Qoobox\Quarantine\C\WINDOWS\explore.exe.vir2008-06-30 19:37 11520 --a------ C:\Qoobox\Quarantine\C\WINDOWS\qttasks.exe.vir2008-06-30 19:37 11776 --a------ C:\Qoobox\Quarantine\C\WINDOWS\users32.exe.vir2008-06-30 19:37 12032 --a------ C:\Qoobox\Quarantine\C\WINDOWS\msspi.dll.vir2008-06-30 19:37 12032 --a------ C:\Qoobox\Quarantine\C\WINDOWS\svcinit.exe.vir2008-06-30 19:37 12800 --a------ C:\Qoobox\Quarantine\C\WINDOWS\msupdate.exe.vir2008-06-30 19:37 13056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\olehelp.exe.vir2008-06-30 19:37 14336 --a------ C:\Qoobox\Quarantine\C\WINDOWS\sistem.exe.vir2008-06-30 19:37 15104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\internet.exe.vir2008-06-30 19:37 15360 --a------ C:\Qoobox\Quarantine\C\WINDOWS\mssys.exe.vir2008-06-30 19:37 15872 --a------ C:\Qoobox\Quarantine\C\WINDOWS\x.exe.vir2008-06-30 19:37 16128 --a------ C:\Qoobox\Quarantine\C\WINDOWS\window.exe.vir2008-06-30 19:37 16384 --a------ C:\Qoobox\Quarantine\C\WINDOWS\iedll.exe.vir2008-06-30 19:37 16896 --a------ C:\Qoobox\Quarantine\C\WINDOWS\mtwirl32.dll.vir2008-06-30 19:37 17920 --a------ C:\Qoobox\Quarantine\C\WINDOWS\rundll32.vbe.vir2008-06-30 19:37 18432 --a------ C:\Qoobox\Quarantine\C\WINDOWS\rundll16.exe.vir2008-06-30 19:37 18432 --a------ C:\Qoobox\Quarantine\C\WINDOWS\systemcritical.exe.vir2008-06-30 19:37 19712 --a------ C:\Qoobox\Quarantine\C\WINDOWS\searchword.dll.vir2008-06-30 19:37 19712 --a------ C:\Qoobox\Quarantine\C\WINDOWS\waol.exe.vir2008-06-30 19:37 2022 --a------ C:\Qoobox\Quarantine\C\WINDOWS\default.htm.vir2008-06-30 19:37 20992 --a------ C:\Qoobox\Quarantine\C\WINDOWS\msconfd.dll.vir2008-06-30 19:37 20992 --a------ C:\Qoobox\Quarantine\C\WINDOWS\notepad32.exe.vir2008-06-30 19:37 22272 --a------ C:\Qoobox\Quarantine\C\WINDOWS\winajbm.dll.vir2008-06-30 19:37 23040 --a------ C:\Qoobox\Quarantine\C\WINDOWS\mswsc10.dll.vir2008-06-30 19:37 24320 --a------ C:\Qoobox\Quarantine\C\WINDOWS\systeem.exe.vir2008-06-30 19:37 26112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\win32e.exe.vir2008-06-30 19:37 27136 --a------ C:\Qoobox\Quarantine\C\WINDOWS\loader.exe.vir2008-06-30 19:37 27904 --a------ C:\Qoobox\Quarantine\C\WINDOWS\iexplorer.exe.vir2008-06-30 19:37 28160 --a------ C:\Qoobox\Quarantine\C\WINDOWS\y.exe.vir2008-06-30 19:37 28416 --a------ C:\Qoobox\Quarantine\C\WINDOWS\win64.exe.vir2008-06-30 19:37 28672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\time.exe.vir2008-06-30 19:37 294 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\lcrdqnns.ini.vir2008-06-30 19:37 30464 --a------ C:\Qoobox\Quarantine\C\WINDOWS\quicken.exe.vir2008-06-30 19:37 30720 --a------ C:\Qoobox\Quarantine\C\WINDOWS\winmgnt.exe.vir2008-06-30 19:37 31488 --a------ C:\Qoobox\Quarantine\C\WINDOWS\xxxvideo.hta.vir2008-06-30 19:37 32256 --a------ C:\Qoobox\Quarantine\C\WINDOWS\xplugin.dll.vir2008-06-30 19:37 644 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\dorsz\Menu Start\Programy\Autostart\DW_Start.lnk.vir2008-06-30 19:37 8960 --a------ C:\Qoobox\Quarantine\C\WINDOWS\svchost32.exe.vir2008-06-30 19:37 9216 --a------ C:\Qoobox\Quarantine\C\WINDOWS\inetinf.exe.vir2008-06-30 19:37 9472 --a------ C:\Qoobox\Quarantine\C\WINDOWS\mswsc20.dll.vir
snip91 komentarz 30 czerwca 2008 komentarz 30 czerwca 2008 C:\WINDOWS\[b]cGlvZG9y[/b]\command.exeC:\Program Files\[b]Network Monitor[/b]\netmon.exe Foldery pogrubione do usunięcia. C:\WINDOWS\Fonts\svchost.exeC:\Documents and Settings\dorsz\winlogon.exeC:\Documents and Settings\dorsz\lsass.exeC:\WINDOWS\mrofinu1000106.exeC:\WINDOWS\system32\jswnw64o.exeC:\WINDOWS\system32\scnttkdm.exe Pliki do usunięcia. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exeO4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\dorsz\winlogon.exeO4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\dorsz\lsass.exeO4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310O4 - HKLM\..\Run: [{E9-95-59-99-DW}] C:\WINDOWS\system32\jswnw64o.exe DWrvgFFO4 - HKLM\..\Run: [0c7e9536] rundll32.exe "C:\WINDOWS\system32\snnqdrcl.dll",bO4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\scnttkdm.exe DWrvgFFO4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\scnttkdm.exeO4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jswnw64o.exeO23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\cGlvZG9y\command.exeO23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe FIX Masz chłopie wirusów.. Log ComboFix i Silent Runners ucięty, daj w całości.
piodor komentarz 30 czerwca 2008 Autor komentarz 30 czerwca 2008 całość 2005-07-29 16:24 472 --a------ C:\Qoobox\Quarantine\C\WINDOWS\cGlvZG9y\w35St36V.vbs.vir2005-08-02 16:46 187904 --a------ C:\Qoobox\Quarantine\C\WINDOWS\cGlvZG9y\asappsrv.dll.vir2005-08-02 16:58 293888 --a------ C:\Qoobox\Quarantine\C\WINDOWS\cGlvZG9y\command.exe.vir2006-01-03 17:45 1989 --a------ C:\Qoobox\Quarantine\C\WINDOWS\uninstall_nmon.vbs.vir2006-01-04 18:09 94208 --a------ C:\Qoobox\Quarantine\C\Program Files\Network Monitor\netmon.exe.vir2007-04-26 06:30 29184 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\MSINET.oca.vir2007-09-24 02:05 279600 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pac.txt.vir2008-06-30 12:00 278545 --a------ C:\Qoobox\Quarantine\C\WINDOWS\Fonts\svchost.exe.vir2008-06-30 12:01 52224 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\dorsz\lsass.exe.vir2008-06-30 12:02 4 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\hljwugsf.bin.vir2008-06-30 12:02 41984 --a------ C:\Qoobox\Quarantine\C\WINDOWS\mrofinu1000106.exe.vir2008-06-30 12:02 41984 --a------ C:\Qoobox\Quarantine\C\WINDOWS\mrofinu1188.exe.vir2008-06-30 12:02 687592 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\atmtd.dll._.vir2008-06-30 12:02 687592 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\atmtd.dll.vir2008-06-30 12:03 399944 --a------ C:\Qoobox\Quarantine\C\WINDOWS\84.exe.vir2008-06-30 12:03 49156 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rwwnw64d.exe.vir2008-06-30 12:05 278546 --a------ C:\Qoobox\Quarantine\C\WINDOWS\Fonts\Setup.exe.vir2008-06-30 12:06 284672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wvUlliIX.dll.vir2008-06-30 12:13 148 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\msnav32.ax.vir2008-06-30 12:14 200774 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\scnttkdm.exe.vir2008-06-30 12:14 858 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\winpfz33.sys.vir2008-06-30 12:26 21 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\zxdnt3d.cfg.vir2008-06-30 17:43 680 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\dorsz\Menu Start\Programy\Autostart\Deewoo.lnk.vir2008-06-30 17:44 35840 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\dorsz\services.exe.vir2008-06-30 17:48 113240 --a------ C:\Qoobox\Quarantine\C\WINDOWS\Fonts\a.zip.vir2008-06-30 19:12 143 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mcrh.tmp.vir2008-06-30 19:20 14 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Dane aplikacji\NetMon\domains.txt.vir2008-06-30 19:20 2241 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\XIillUvw.ini.vir2008-06-30 19:20 2241 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\XIillUvw.ini2.vir2008-06-30 19:20 6324 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Dane aplikacji\NetMon\log.txt.vir2008-06-30 19:30 1072 --a------ C:\Qoobox\Quarantine\Registry_backups\Legacy_CMDSERVICE.reg.dat2008-06-30 19:30 1122 --a------ C:\Qoobox\Quarantine\Registry_backups\Legacy_NETWORK_MONITOR.reg.dat2008-06-30 19:30 2522 --a------ C:\Qoobox\Quarantine\Registry_backups\Service_cmdService.reg.dat2008-06-30 19:30 2822 --a------ C:\Qoobox\Quarantine\Registry_backups\Service_Network Monitor.reg.dat2008-06-30 19:32 54 --a------ C:\Qoobox\Quarantine\catchme.log2008-06-30 19:36 11008 --a------ C:\Qoobox\Quarantine\C\WINDOWS\cpan.dll.vir2008-06-30 19:36 12800 --a------ C:\Qoobox\Quarantine\C\WINDOWS\astctl32.ocx.vir2008-06-30 19:36 14592 --a------ C:\Qoobox\Quarantine\C\WINDOWS\helpcvs.exe.vir2008-06-30 19:36 15872 --a------ C:\Qoobox\Quarantine\C\WINDOWS\avpcc.dll.vir2008-06-30 19:36 15872 --a------ C:\Qoobox\Quarantine\C\WINDOWS\gfmnaaa.dll.vir2008-06-30 19:36 16128 --a------ C:\Qoobox\Quarantine\C\WINDOWS\directx32.exe.vir2008-06-30 19:36 17920 --a------ C:\Qoobox\Quarantine\C\WINDOWS\funny.exe.vir2008-06-30 19:36 19712 --a------ C:\Qoobox\Quarantine\C\WINDOWS\editpad.exe.vir2008-06-30 19:36 20480 --a------ C:\Qoobox\Quarantine\C\WINDOWS\explorer32.exe.vir2008-06-30 19:36 25856 --a------ C:\Qoobox\Quarantine\C\WINDOWS\ctfmon32.exe.vir2008-06-30 19:36 28928 --a------ C:\Qoobox\Quarantine\C\WINDOWS\dnsrelay.dll.vir2008-06-30 19:36 29440 --a------ C:\Qoobox\Quarantine\C\WINDOWS\clrssn.exe.vir2008-06-30 19:36 29440 --a------ C:\Qoobox\Quarantine\C\WINDOWS\funniest.exe.vir2008-06-30 19:36 31744 --a------ C:\Qoobox\Quarantine\C\WINDOWS\accesss.exe.vir2008-06-30 19:36 32512 --a------ C:\Qoobox\Quarantine\C\WINDOWS\ctrlpan.dll.vir2008-06-30 19:36 32512 --a------ C:\Qoobox\Quarantine\C\WINDOWS\explore.exe.vir2008-06-30 19:37 11520 --a------ C:\Qoobox\Quarantine\C\WINDOWS\qttasks.exe.vir2008-06-30 19:37 11776 --a------ C:\Qoobox\Quarantine\C\WINDOWS\users32.exe.vir2008-06-30 19:37 12032 --a------ C:\Qoobox\Quarantine\C\WINDOWS\msspi.dll.vir2008-06-30 19:37 12032 --a------ C:\Qoobox\Quarantine\C\WINDOWS\svcinit.exe.vir2008-06-30 19:37 12800 --a------ C:\Qoobox\Quarantine\C\WINDOWS\msupdate.exe.vir2008-06-30 19:37 13056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\olehelp.exe.vir2008-06-30 19:37 14336 --a------ C:\Qoobox\Quarantine\C\WINDOWS\sistem.exe.vir2008-06-30 19:37 15104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\internet.exe.vir2008-06-30 19:37 15360 --a------ C:\Qoobox\Quarantine\C\WINDOWS\mssys.exe.vir2008-06-30 19:37 15872 --a------ C:\Qoobox\Quarantine\C\WINDOWS\x.exe.vir2008-06-30 19:37 16128 --a------ C:\Qoobox\Quarantine\C\WINDOWS\window.exe.vir2008-06-30 19:37 16384 --a------ C:\Qoobox\Quarantine\C\WINDOWS\iedll.exe.vir2008-06-30 19:37 16896 --a------ C:\Qoobox\Quarantine\C\WINDOWS\mtwirl32.dll.vir2008-06-30 19:37 17920 --a------ C:\Qoobox\Quarantine\C\WINDOWS\rundll32.vbe.vir2008-06-30 19:37 18432 --a------ C:\Qoobox\Quarantine\C\WINDOWS\rundll16.exe.vir2008-06-30 19:37 18432 --a------ C:\Qoobox\Quarantine\C\WINDOWS\systemcritical.exe.vir2008-06-30 19:37 19712 --a------ C:\Qoobox\Quarantine\C\WINDOWS\searchword.dll.vir2008-06-30 19:37 19712 --a------ C:\Qoobox\Quarantine\C\WINDOWS\waol.exe.vir2008-06-30 19:37 2022 --a------ C:\Qoobox\Quarantine\C\WINDOWS\default.htm.vir2008-06-30 19:37 20992 --a------ C:\Qoobox\Quarantine\C\WINDOWS\msconfd.dll.vir2008-06-30 19:37 20992 --a------ C:\Qoobox\Quarantine\C\WINDOWS\notepad32.exe.vir2008-06-30 19:37 22272 --a------ C:\Qoobox\Quarantine\C\WINDOWS\winajbm.dll.vir2008-06-30 19:37 23040 --a------ C:\Qoobox\Quarantine\C\WINDOWS\mswsc10.dll.vir2008-06-30 19:37 24320 --a------ C:\Qoobox\Quarantine\C\WINDOWS\systeem.exe.vir2008-06-30 19:37 26112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\win32e.exe.vir2008-06-30 19:37 27136 --a------ C:\Qoobox\Quarantine\C\WINDOWS\loader.exe.vir2008-06-30 19:37 27904 --a------ C:\Qoobox\Quarantine\C\WINDOWS\iexplorer.exe.vir2008-06-30 19:37 28160 --a------ C:\Qoobox\Quarantine\C\WINDOWS\y.exe.vir2008-06-30 19:37 28416 --a------ C:\Qoobox\Quarantine\C\WINDOWS\win64.exe.vir2008-06-30 19:37 28672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\time.exe.vir2008-06-30 19:37 294 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\lcrdqnns.ini.vir2008-06-30 19:37 30464 --a------ C:\Qoobox\Quarantine\C\WINDOWS\quicken.exe.vir2008-06-30 19:37 30720 --a------ C:\Qoobox\Quarantine\C\WINDOWS\winmgnt.exe.vir2008-06-30 19:37 31488 --a------ C:\Qoobox\Quarantine\C\WINDOWS\xxxvideo.hta.vir2008-06-30 19:37 32256 --a------ C:\Qoobox\Quarantine\C\WINDOWS\xplugin.dll.vir2008-06-30 19:37 644 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\dorsz\Menu Start\Programy\Autostart\DW_Start.lnk.vir2008-06-30 19:37 8960 --a------ C:\Qoobox\Quarantine\C\WINDOWS\svchost32.exe.vir2008-06-30 19:37 9216 --a------ C:\Qoobox\Quarantine\C\WINDOWS\inetinf.exe.vir2008-06-30 19:37 9472 --a------ C:\Qoobox\Quarantine\C\WINDOWS\mswsc20.dll.vir o co chodzi z tym fix co napisałeś code R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exeO4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\dorsz\winlogon.exeO4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\dorsz\lsass.exeO4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310O4 - HKLM\..\Run: [{E9-95-59-99-DW}] C:\WINDOWS\system32\jswnw64o.exe DWrvgFFO4 - HKLM\..\Run: [0c7e9536] rundll32.exe "C:\WINDOWS\system32\snnqdrcl.dll",bO4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\scnttkdm.exe DWrvgFFO4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\scnttkdm.exeO4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jswnw64o.exeO23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\cGlvZG9y\command.exeO23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe btw. nic się nie zmieniło nadal wyskakuje ten syf... zapomniełem napisać że co jakiś czas wyłącza się pulpit tak jakby coś kończyło proces explorer.exe No pls help.... Na pulpicie mam niebieską tapete z żółtym napisem : Warning: Spyware threat has been detected on your PC. pod tym jest biały napis: Your computer has several fatal errors due to spyware activity.. pod tym : It is strongly recommended to install an antispyware software to close all security vulnerabilities. Antispyware software helps protect your PC against spyware and other security threats... pod tym jest link: CLICK HERE TO SCAN YOUR PC FOR SPYWARE
Jaskol komentarz 30 czerwca 2008 komentarz 30 czerwca 2008 Dajesz "Do a system scan only" i jak skonczy to zaznacz te wpisy co podal sniper i daj Fix Checked
rcwawa komentarz 30 czerwca 2008 komentarz 30 czerwca 2008 zeby ta tapeta zniknela robisz PPM>wlasciwosci>pulpit>dostosuj pulpit pozniej zakladka "sieci web" i odznaczas tam wszystko co jest
piodor komentarz 30 czerwca 2008 Autor komentarz 30 czerwca 2008 Ok dzięki wam za pomoc... Przejechałem system jeszcze raz ComboFix'em i jest ok oto log : ComboFix 08-06-20.4 - dorsz 2008-06-30 21:34:58.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.75 [GMT 2:00]Running from: C:\Documents and Settings\dorsz\Moje dokumenty\Instalatory\Internet\ComboFix.exe[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\dorsz\Menu Start\Programy\Autostart\Deewoo.lnkC:\Documents and Settings\dorsz\Menu Start\Programy\Autostart\DW_Start.lnkC:\Documents and Settings\dorsz\services.exeC:\WINDOWS\accesss.exeC:\WINDOWS\astctl32.ocxC:\WINDOWS\avpcc.dllC:\WINDOWS\clrssn.exeC:\WINDOWS\cpan.dllC:\WINDOWS\ctfmon32.exeC:\WINDOWS\ctrlpan.dllC:\WINDOWS\default.htmC:\WINDOWS\directx32.exeC:\WINDOWS\dnsrelay.dllC:\WINDOWS\editpad.exeC:\WINDOWS\explore.exeC:\WINDOWS\explorer32.exeC:\WINDOWS\funniest.exeC:\WINDOWS\funny.exeC:\WINDOWS\gfmnaaa.dllC:\WINDOWS\helpcvs.exeC:\WINDOWS\iedll.exeC:\WINDOWS\iexplorer.exeC:\WINDOWS\inetinf.exeC:\WINDOWS\internet.exeC:\WINDOWS\loader.exeC:\WINDOWS\msconfd.dllC:\WINDOWS\msspi.dllC:\WINDOWS\mssys.exeC:\WINDOWS\msupdate.exeC:\WINDOWS\mswsc10.dllC:\WINDOWS\mswsc20.dllC:\WINDOWS\mtwirl32.dllC:\WINDOWS\notepad32.exeC:\WINDOWS\olehelp.exeC:\WINDOWS\qttasks.exeC:\WINDOWS\quicken.exeC:\WINDOWS\rundll16.exeC:\WINDOWS\rundll32.vbeC:\WINDOWS\searchword.dllC:\WINDOWS\sistem.exeC:\WINDOWS\svchost32.exeC:\WINDOWS\svcinit.exeC:\WINDOWS\systeem.exeC:\WINDOWS\system32\_{177d912f-3d4f-6cb4-3b78-7638877d9726}.dllC:\WINDOWS\system32\awgjlcyi.iniC:\WINDOWS\system32\efcCuVpm.dllC:\WINDOWS\system32\g44.exeC:\WINDOWS\system32\gside.exeC:\WINDOWS\system32\hgGyyywT.dllC:\WINDOWS\system32\mcrh.tmpC:\WINDOWS\system32\mpVuCcfe.iniC:\WINDOWS\system32\mpVuCcfe.ini2C:\WINDOWS\system32\msnav32.axC:\WINDOWS\system32\mysidesearch_sidebar.dllC:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exeC:\WINDOWS\system32\pdggsefa.iniC:\WINDOWS\system32\rwwnw64d.exeC:\WINDOWS\system32\scntstdm.exeC:\WINDOWS\system32\TwyyyGgh.iniC:\WINDOWS\system32\TwyyyGgh.ini2C:\WINDOWS\system32\winpfz33.sysC:\WINDOWS\system32\zxdnt3d.cfgC:\WINDOWS\systemcritical.exeC:\WINDOWS\time.exeC:\WINDOWS\users32.exeC:\WINDOWS\waol.exeC:\WINDOWS\win32e.exeC:\WINDOWS\win64.exeC:\WINDOWS\winajbm.dllC:\WINDOWS\window.exeC:\WINDOWS\winmgnt.exeC:\WINDOWS\x.exeC:\WINDOWS\xplugin.dllC:\WINDOWS\xxxvideo.htaC:\WINDOWS\y.exe.---- Previous Run -------.C:\Documents and Settings\All Users\Dane aplikacji\RabioC:\Documents and Settings\dorsz\lsass.exeC:\Documents and Settings\dorsz\Menu Start\Programy\Autostart\Deewoo.lnkC:\Documents and Settings\dorsz\Menu Start\Programy\Autostart\DW_Start.lnkC:\Documents and Settings\dorsz\services.exeC:\Documents and Settings\LocalService\Dane aplikacji\NetMonC:\Documents and Settings\LocalService\Dane aplikacji\NetMon\domains.txtC:\Documents and Settings\LocalService\Dane aplikacji\NetMon\log.txtC:\Program Files\network monitorC:\Program Files\network monitor\netmon.exeC:\WINDOWS\84.exeC:\WINDOWS\accesss.exeC:\WINDOWS\astctl32.ocxC:\WINDOWS\avpcc.dllC:\WINDOWS\cGlvZG9y\C:\WINDOWS\cGlvZG9y\\asappsrv.dllC:\WINDOWS\cGlvZG9y\\command.exeC:\WINDOWS\cGlvZG9y\\w35St36V.vbsC:\WINDOWS\cGlvZG9y\command.exeC:\WINDOWS\clrssn.exeC:\WINDOWS\cpan.dllC:\WINDOWS\ctfmon32.exeC:\WINDOWS\ctrlpan.dllC:\WINDOWS\default.htmC:\WINDOWS\directx32.exeC:\WINDOWS\dnsrelay.dllC:\WINDOWS\editpad.exeC:\WINDOWS\explore.exeC:\WINDOWS\explorer32.exeC:\WINDOWS\Fonts\'C:\WINDOWS\Fonts\a.zipC:\WINDOWS\Fonts\Setup.exeC:\WINDOWS\Fonts\svchost.exeC:\WINDOWS\funniest.exeC:\WINDOWS\funny.exeC:\WINDOWS\gfmnaaa.dllC:\WINDOWS\helpcvs.exeC:\WINDOWS\iedll.exeC:\WINDOWS\iexplorer.exeC:\WINDOWS\inetinf.exeC:\WINDOWS\internet.exeC:\WINDOWS\loader.exeC:\WINDOWS\mrofinu1000106.exeC:\WINDOWS\mrofinu1188.exeC:\WINDOWS\msconfd.dllC:\WINDOWS\msspi.dllC:\WINDOWS\mssys.exeC:\WINDOWS\msupdate.exeC:\WINDOWS\mswsc10.dllC:\WINDOWS\mswsc20.dllC:\WINDOWS\mtwirl32.dllC:\WINDOWS\notepad32.exeC:\WINDOWS\olehelp.exeC:\WINDOWS\qttasks.exeC:\WINDOWS\quicken.exeC:\WINDOWS\rundll16.exeC:\WINDOWS\rundll32.vbeC:\WINDOWS\searchword.dllC:\WINDOWS\sistem.exeC:\WINDOWS\svchost32.exeC:\WINDOWS\svcinit.exeC:\WINDOWS\systeem.exeC:\WINDOWS\system32\atmtd.dllC:\WINDOWS\system32\atmtd.dll._C:\WINDOWS\system32\hljwugsf.binC:\WINDOWS\system32\lcrdqnns.iniC:\WINDOWS\system32\mcrh.tmpC:\WINDOWS\system32\MSINET.ocaC:\WINDOWS\system32\msnav32.axC:\WINDOWS\system32\pac.txtC:\WINDOWS\system32\rwwnw64d.exeC:\WINDOWS\system32\scnttkdm.exeC:\WINDOWS\system32\winpfz33.sysC:\WINDOWS\system32\wvUlliIX.dllC:\WINDOWS\system32\XIillUvw.iniC:\WINDOWS\system32\XIillUvw.ini2C:\WINDOWS\system32\zxdnt3d.cfgC:\WINDOWS\systemcritical.exeC:\WINDOWS\time.exeC:\WINDOWS\uninstall_nmon.vbsC:\WINDOWS\users32.exeC:\WINDOWS\waol.exeC:\WINDOWS\win32e.exeC:\WINDOWS\win64.exeC:\WINDOWS\winajbm.dllC:\WINDOWS\window.exeC:\WINDOWS\winmgnt.exeC:\WINDOWS\x.exeC:\WINDOWS\xplugin.dllC:\WINDOWS\xxxvideo.htaC:\WINDOWS\y.exe.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_CMDSERVICE-------\Legacy_NETWORK_MONITOR-------\Service_cmdService-------\Service_Network Monitor((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 ))))))))))))))))))))))))))))))).2008-06-30 21:42 . 2008-06-30 21:42 35,840 --a------ C:\Documents and Settings\dorsz\services.exe2008-06-30 21:41 . 2008-06-30 21:41 114 --a------ C:\WINDOWS\system32\msnav32.ax2008-06-30 20:43 . 2008-06-30 20:43 86,528 --a------ C:\WINDOWS\system32\afesggdp.dll2008-06-30 20:38 . 2008-06-30 20:39 63,918 --a------ C:\WINDOWS\system32\{177d912f-3d4f-6cb4-3b78-7638877d9726}.dll-uninst.exe2008-06-30 20:38 . 2008-06-30 20:38 49,200 --a------ C:\WINDOWS\system32\rswnw64o.exe2008-06-30 19:41 . 2008-06-30 19:41 294 ---hs---- C:\WINDOWS\system32\lcrdqnns.ini2008-06-30 18:47 . 2008-07-01 03:24 <DIR> d-------- C:\SDFix2008-06-30 18:37 . 2008-06-30 18:37 <DIR> d-------- C:\Program Files\Trend Micro2008-06-30 18:13 . 2008-06-30 18:13 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab2008-06-30 18:13 . 2008-06-30 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab2008-06-30 17:50 . 2008-06-30 17:50 <DIR> d-------- C:\Program Files\VS Revo Group2008-06-30 12:57 . 2008-06-30 12:57 49,177 --a------ C:\WINDOWS\system32\jswnw64o.exe2008-06-30 12:05 . 2008-06-30 12:05 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll2008-06-30 12:03 . 2008-06-30 12:03 223,076 --a------ C:\WINDOWS\ism611.exe2008-06-30 12:03 . 2008-06-30 12:03 178,616 --a------ C:\WINDOWS\plate611.exe2008-06-30 12:03 . 2008-06-30 12:03 49,152 --a------ C:\WINDOWS\dw611.exe2008-06-30 12:02 . 2008-06-30 12:02 <DIR> d-------- C:\WINDOWS\system32\vi2008-06-30 12:02 . 2008-06-30 12:02 <DIR> d-------- C:\WINDOWS\system32\gI52008-06-30 12:01 . 2008-06-30 12:01 <DIR> d-------- C:\WINDOWS\system32\modtrux182008-06-30 12:01 . 2008-06-30 12:27 <DIR> d-------- C:\Temp2008-06-30 12:01 . 2008-06-27 18:38 53,248 ---hs---- C:\Documents and Settings\dorsz\winlogon.exe2008-06-30 12:01 . 2008-06-30 12:01 34,304 --a------ C:\WINDOWS\system32\khfGaaXo.dll2008-06-30 11:46 . 2008-06-30 12:38 <DIR> d-------- C:\Program Files\BearShare2008-06-21 00:34 . 2008-06-21 00:34 <DIR> d--h----- C:\WINDOWS\PIF2008-06-20 16:41 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll2008-06-20 16:41 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll2008-06-20 16:41 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax2008-06-20 05:40 . 2008-06-20 05:40 90,073 --a------ C:\WINDOWS\system32\iftuyszv.exe2008-06-19 19:00 . 2008-06-29 20:14 <DIR> d-------- C:\Program Files\Steam2008-06-19 17:20 . 2008-06-19 17:20 <DIR> d-------- C:\Documents and Settings\dorsz\Dane aplikacji\DonationCoder2008-06-19 17:20 . 2008-06-19 17:20 58 --a------ C:\WINDOWS\system32\DonationCoder_ScreenshotCaptor_InstallInfo.dat2008-06-19 17:15 . 2008-06-30 18:04 <DIR> d-------- C:\Program Files\ScreenshotCaptor2008-06-19 17:15 . 2008-06-19 17:15 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\DonationCoder2008-06-18 23:49 . 2008-06-18 23:49 <DIR> d-------- C:\Program Files\WinPcap2008-06-18 23:48 . 2008-06-18 23:48 <DIR> d-------- C:\Program Files\RzK2008-06-18 21:28 . 2008-06-18 21:28 <DIR> d-------- C:\Program Files\XnView2008-06-18 21:28 . 2008-06-18 21:35 <DIR> d-------- C:\Documents and Settings\dorsz\Dane aplikacji\XnView2008-06-17 12:36 . 2008-06-17 12:36 <DIR> d-------- C:\Program Files\Half-Life Model Viewer2008-06-10 17:15 . 2008-06-10 17:15 <DIR> d-------- C:\Program Files\Ad Muncher2008-06-05 15:58 . 2008-06-05 15:58 <DIR> d-------- C:\Program Files\Trust2008-06-05 15:45 . 2004-08-03 23:08 26,624 --a------ C:\WINDOWS\system32\drivers\usbehci.sys2008-06-05 15:45 . 2004-08-03 23:08 26,624 --a--c--- C:\WINDOWS\system32\dllcache\usbehci.sys2008-06-05 15:45 . 2004-08-04 00:44 7,168 --a------ C:\WINDOWS\system32\hccoin.dll2008-06-05 15:45 . 2004-08-04 00:44 7,168 --a--c--- C:\WINDOWS\system32\dllcache\hccoin.dll2008-06-05 15:41 . 2004-08-03 23:08 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys2008-06-05 15:41 . 2004-08-03 23:08 17,024 --a--c--- C:\WINDOWS\system32\dllcache\usbohci.sys2008-05-27 15:32 . 2008-05-27 15:32 372,224 --a------ C:\WINDOWS\system32\{177d912f-3d4f-6cb4-3b78-7638877d9726}.dll2008-05-25 21:02 . 2008-05-25 21:02 <DIR> d-------- C:\Program Files\HLTooLz2008-05-24 23:02 . 2008-05-24 23:15 <DIR> d-------- C:\Documents and Settings\dorsz\Dane aplikacji\Dev-Cpp2008-05-24 23:01 . 2008-05-24 23:01 <DIR> d-------- C:\Dev-Cpp2008-05-22 14:30 . 2008-05-22 14:30 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Prism2008-05-22 14:29 . 2004-09-10 18:59 381,088 -ra------ C:\WINDOWS\system32\drivers\2862WICB.sys2008-05-22 14:28 . 2008-05-22 14:28 <DIR> d-------- C:\Program Files\SMC2008-05-22 14:28 . 2008-05-22 14:28 15,781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys2008-05-14 19:40 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys2008-05-14 19:40 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys2008-05-14 19:39 . 2008-05-14 19:39 <DIR> d-------- C:\Program Files\Huawei technologies2008-05-14 19:39 . 2007-04-20 10:40 100,992 --a------ C:\WINDOWS\system32\drivers\ewusbmdm.sys2008-05-14 19:39 . 2007-04-20 10:40 24,448 --a------ C:\WINDOWS\system32\drivers\ewdcsc.sys2008-05-02 21:43 . 2008-06-30 13:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn2008-05-02 21:43 . 2008-05-02 21:43 1,409 --a------ C:\WINDOWS\QTFont.for2008-05-02 21:41 . 2008-05-02 21:42 <DIR> d-------- C:\Program Files\QuickTime2008-05-02 21:41 . 2008-05-02 21:41 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-06-30 19:41 49,215 ----a-w C:\WINDOWS\system32\rwwnw64d.exe2008-06-22 11:38 --------- d-----w C:\Program Files\Common Files\Adobe2008-06-22 11:20 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-05-25 19:02 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE2008-05-25 19:02 249,856 ------w C:\WINDOWS\Setup1.exe2008-05-19 17:09 --------- d-----w C:\Documents and Settings\dorsz\Dane aplikacji\gtk-2.02008-05-14 17:39 --------- d-----w C:\Program Files\Common Files\InstallShield2008-04-28 13:18 --------- d-----w C:\Program Files\NAPI-PROJEKT2008-03-23 20:20 164,352 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe2008-03-02 17:12 8,464 ----a-w C:\WINDOWS\system32\sporder.dll1995-05-26 09:57 81,968 ----a-w C:\Documents and Settings\dorsz\FTP.EXE1995-05-26 09:57 69,465 ----a-w C:\Documents and Settings\dorsz\NETSTAT.EXE1995-05-26 09:57 63,904 ----a-w C:\Documents and Settings\dorsz\TCP32UI.DLL1995-05-26 09:57 60,551 ----a-w C:\Documents and Settings\dorsz\ARP.EXE1995-05-26 09:57 6,960 ----a-w C:\Documents and Settings\dorsz\WSASRV.EXE1995-05-26 09:57 58,307 ----a-w C:\Documents and Settings\dorsz\PING.EXE1995-05-26 09:57 57,703 ----a-w C:\Documents and Settings\dorsz\ROUTE.EXE1995-05-26 09:57 57,216 ----a-w C:\Documents and Settings\dorsz\TELNET.EXE1995-05-26 09:57 55,277 ----a-w C:\Documents and Settings\dorsz\TRACERT.EXE1995-05-26 09:57 42,195 ----a-w C:\Documents and Settings\dorsz\IPCONFIG.EXE1995-05-26 09:57 41,440 ----a-w C:\Documents and Settings\dorsz\WINSOCK.DLL1995-05-26 09:57 33,227 ----a-w C:\Documents and Settings\dorsz\NBTSTAT.EXE2008-01-02 22:02 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat2008-01-02 22:02 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat2008-01-02 22:02 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008010220080103\index.dat2008-01-02 22:02 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat.((((((((((((((((((((((((((((( snapshot@2008-06-30_19.40.04.09 ))))))))))))))))))))))))))))))))))))))))).- 2008-06-30 17:34:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat+ 2008-06-30 19:40:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat+ 2008-06-30 18:39:09 63,918 ----a-w C:\WINDOWS\system32\{177d912f-3d4f-6cb4-3b78-7638877d9726}.dll-uninst.exe+ 2008-05-27 13:32:06 372,224 ----a-w C:\WINDOWS\system32\{177d912f-3d4f-6cb4-3b78-7638877d9726}.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68950839-2675-49E2-B6A5-442E0B0D1BA4}]2008-06-30 12:01 34304 --a------ C:\WINDOWS\system32\khfGaaXo.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c47f6302-5d40-e605-04a2-da7bb507aefe}]2008-05-27 15:32 372224 --a------ C:\WINDOWS\system32\{177d912f-3d4f-6cb4-3b78-7638877d9726}.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]"ares"="C:\Program Files\Ares\Ares.exe" [ ][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Windows Logon Applicationedc"="C:\Documents and Settings\dorsz\winlogon.exe" [2008-06-27 18:38 53248]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]"BluetoothAuthenticationAgent"="bthprops.cpl,,BluetoothAuthenticationAgent" []"NvCplDaemon"="NvQTwk,NvCplDaemon initialize" []"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]"PRISMSVR.EXE"="C:\Program Files\SMC\SMC2862W-G EZ Connect g 802.11g" [ ]"WheelMouse"="C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe" [2006-09-29 11:00 163840]"Ad Muncher"="C:\Program Files\Ad Muncher\AdMunch.exe" [2008-06-10 17:15 705024]"BearShare"="C:\Program Files\BearShare\BearShare.exe" [ ]"{E9-95-59-99-DW}"="c:\windows\system32\rwwnw64d.exe" [ ]"{61a6fc92-a899-52df-0ac5-28c1973ff053}"="C:\WINDOWS\system32\{177d912f-3d4f-6cb4-3b78-7638877d9726}.dll" [2008-05-27 15:32 372224]"0c7e9536"="C:\WINDOWS\system32\afesggdp.dll" [2008-06-30 20:43 86528][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:44 15360][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_2"="regsvr32" [][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoExpandedNewMenu"= 1 (0x1)[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]"{68950839-2675-49E2-B6A5-442E0B0D1BA4}"= C:\WINDOWS\system32\khfGaaXo.dll [2008-06-30 12:01 34304][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfGaaXo]khfGaaXo.dll 2008-06-30 12:01 34304 C:\WINDOWS\system32\khfGaaXo.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=NVDESK32.DLL[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux"= ctwdm32.dll"VIDC.YV12"= yv12vfw.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Mechanic]C:\Program Files\Network Mechanic\netmch.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"UpdatesDisableNotify"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Steam\\steamapps\\dorszu6\\counter-strike\\hl.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"=R3 SMC2862W;SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter Driver;C:\WINDOWS\system32\DRIVERS\2862WICB.sys [2004-09-10 18:59]S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-06-29 02:01][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98c6ad50-21dc-11dd-874a-0004e2d78685}]\Shell\AutoRun\command - H:\AutoRun.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98c6ad52-21dc-11dd-874a-0004e2d78685}]\Shell\AutoRun\command - H:\AutoRun.exe.Contents of the 'Scheduled Tasks' folder"2008-06-17 14:25:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"- C:\Program Files\Apple Software Update\SoftwareUpdate.exe.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-06-30 21:41:47Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------PROCESS: C:\WINDOWS\system32\winlogon.exe-> C:\WINDOWS\system32\khfGaaXo.dll-> C:\Documents and Settings\dorsz\winlogon.exe-> C:\WINDOWS\system32\afesggdp.dll-> C:\Program Files\Ad Muncher\AM27105.dll-> C:\WINDOWS\system32\khfGaaXo.dllPROCESS: C:\WINDOWS\explorer.exe-> C:\WINDOWS\system32\afesggdp.dll-> C:\Program Files\Ad Muncher\AM27105.dll.------------------------ Other Running Processes ------------------------.C:\WINDOWS\system32\netdde.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\SMC\SMC2862W-G EZ Connect g 802.11g Wireless USB 2.0 Adapter\PRISMSVR.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\system32\devldr32.exeC:\Qoobox\Quarantine\C\WINDOWS\system32\rwwnw64d.exe.virED1}C:\WINDOWS\system32\wscntfy.exe.**************************************************************************.Completion time: 2008-06-30 21:44:22 - machine was rebooted [dorsz]ComboFix-quarantined-files.txt 2008-06-30 19:44:12Pre-Run: 3,891,212,288 bajtów wolnychPost-Run: 3,881,398,272 bajt˘w wolnych390
CatchMe komentarz 30 czerwca 2008 komentarz 30 czerwca 2008 Zamknij dziurawe porty programem WWDC. Zainstaluj porządną zaporę np. Outpost Firewall i antywirus np. Nod32. Start do trybu awaryjnego: użyj SDFix i ponownie ComboFix. W normalnym trybie przeskanuj dużą ilością skanerów antywirusowych on-line (np. Kaspersky, Panda). Następnie nowe logi HijackThis i ComboFix.
piodor komentarz 1 lipca 2008 Autor komentarz 1 lipca 2008 jak zamknąlem porty to siec a tym samym internet nie działa btw. prosze o nie zamykanie tematu dziś wieczorem spróbuje coś podziałać i dam logi z hj i CF
CatchMe komentarz 1 lipca 2008 komentarz 1 lipca 2008 To nie możliwe. Przeczytaj! http://www.searchengines.pl/phpbb203/index...amp;#entry26840
piodor komentarz 1 lipca 2008 Autor komentarz 1 lipca 2008 LOG HAJDZAK Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:30:45, on 2008-07-01Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20661)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\netdde.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\Explorer.EXEC:\Documents and Settings\dorsz\winlogon.exeC:\WINDOWS\system32\devldr32.exeC:\Program Files\Ad Muncher\AdMunch.exeC:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exeC:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.EXEC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\PROGRA~1\NETSCAPE\NAVIGA~1\NAVIGA~1.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {68950839-2675-49E2-B6A5-442E0B0D1BA4} - C:\WINDOWS\system32\khfGaaXo.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: (no name) - {F67AF0EF-38ED-4BA7-8F62-84BAAB0C594E} - C:\WINDOWS\system32\jkkLEXQg.dll (file missing)O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\dorsz\winlogon.exeO4 - HKLM\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /btO4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exeO4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.EXE" /APPLYO4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitserviceO4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startupO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [bM0f4da6aa] Rundll32.exe "C:\WINDOWS\system32\oopobels.dll",sO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=3874QY78&id=menu_ie_frameO8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=3874QY78&id=menu_ie_imageO8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=3874QY78&id=menu_ie_linkO8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=3874QY78&id=menu_ie_excludeO8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=3874QY78&id=menu_ie_reportO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO20 - AppInit_DLLs: NVDESK32.DLL C:\PROGRA~1\Agnitum\OUTPOS~1.0\wl_hook.dllO20 - Winlogon Notify: khfGaaXo - C:\WINDOWS\SYSTEM32\khfGaaXo.dllO23 - Service: Avira AntiVir Personal ? Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeO23 - Service: Avira AntiVir Personal ? Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\cGlvZG9y\command.exe (file missing)O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\dorsz\USTAWI~1\Temp\hpdj.exe (file missing)O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe--End of file - 6904 bytes
seba115 komentarz 1 lipca 2008 komentarz 1 lipca 2008 [...] //jeśli na czymś sie nie znasz to zamilcz! //jeszcze jeden taki post i poleci warn //vocativus
piodor komentarz 1 lipca 2008 Autor komentarz 1 lipca 2008 A to ComboFix ComboFix 08-06-20.4 - dorsz 2008-07-01 22:35:29.3 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.99 [GMT 2:00]Running from: C:\Documents and Settings\dorsz\Moje dokumenty\Instalatory\Instalatory\ComboFix.exe[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\LocalService\Dane aplikacji\NetMonC:\Documents and Settings\LocalService\Dane aplikacji\NetMon\domains.txtC:\Documents and Settings\LocalService\Dane aplikacji\NetMon\log.txtC:\Temp\1cbC:\Temp\1cb\syscheck.logC:\WINDOWS\BM0f4da6aa.xmlC:\WINDOWS\cGlvZG9y\C:\WINDOWS\cGlvZG9y\\asappsrv.dllC:\WINDOWS\cGlvZG9y\\w35St36V.vbsC:\WINDOWS\pskt.iniC:\WINDOWS\system32\gQXELkkj.iniC:\WINDOWS\system32\gQXELkkj.ini2C:\WINDOWS\system32\mcrh.tmpC:\WINDOWS\system32\MSINET.ocaC:\WINDOWS\system32\msnav32.axC:\WINDOWS\system32\pac.txtC:\WINDOWS\system32\winpfz33.sysC:\WINDOWS\system32\xdlewxne.iniC:\WINDOWS\system32\zxdnt3d.cfg.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_CMDSERVICE-------\Service_cmdService((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 ))))))))))))))))))))))))))))))).2008-07-01 21:48 . 1999-10-21 11:12 20,400 --a------ C:\WINDOWS\system32\drivers\entech.sys2008-07-01 21:47 . 2008-07-01 21:48 <DIR> d-------- C:\Program Files\AquaMark32008-07-01 20:56 . 2008-07-01 22:39 49 --a------ C:\WINDOWS\transp.gif2008-07-01 15:14 . 2008-07-01 15:14 <DIR> d-------- C:\Program Files\Avira2008-07-01 15:14 . 2008-07-01 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Avira2008-07-01 14:48 . 2008-07-01 22:39 153 --a------ C:\WINDOWS\ODBC.INI2008-07-01 14:36 . 2008-07-01 14:36 <DIR> d-------- C:\Program Files\Common Files\Agnitum Shared2008-07-01 14:36 . 2008-07-01 14:36 <DIR> d-------- C:\Program Files\Agnitum2008-07-01 13:44 . 2008-07-01 14:28 <DIR> d-------- C:\Program Files\Netscape2008-07-01 13:44 . 2008-07-01 13:44 <DIR> d-------- C:\Documents and Settings\dorsz\Dane aplikacji\Netscape2008-07-01 00:33 . 2008-07-01 00:33 86,528 --a------ C:\WINDOWS\system32\enxweldx.VIR2008-07-01 00:31 . 2008-07-01 00:31 94,208 --a------ C:\WINDOWS\system32\oopobels.VIR2008-07-01 00:30 . 2008-07-01 00:30 284,672 --a------ C:\WINDOWS\system32\jkkLEXQg.VIR2008-07-01 00:27 . 2008-07-01 00:27 687,592 --a------ C:\WINDOWS\system32\atmtd.dll._2008-07-01 00:27 . 2008-07-01 00:27 687,592 --a------ C:\WINDOWS\system32\atmtd.dll2008-07-01 00:26 . 2008-07-01 00:26 <DIR> d-------- C:\Temp\syschk32008-07-01 00:26 . 2008-07-01 00:26 152,212 --a------ C:\Temp\asxuk5.exe2008-07-01 00:26 . 2008-07-01 00:26 34,304 --a------ C:\WINDOWS\system32\geBuRIYq.VIR2008-06-30 22:28 . 2008-06-30 22:28 <DIR> d-------- C:\Documents and Settings\dorsz\Dane aplikacji\VSRevoGroup2008-06-30 21:51 . 2008-06-30 21:51 401,972 --a------ C:\WINDOWS\system32\g44.VIR2008-06-30 21:50 . 2008-06-30 21:50 150,096 --a------ C:\WINDOWS\system32\ssqOFYQi.dll2008-06-30 21:44 . 2008-06-30 22:05 474 ---hs---- C:\WINDOWS\system32\pdggsefa.ini2008-06-30 21:42 . 2008-07-01 00:26 35,840 --a------ C:\Documents and Settings\dorsz\services.exe2008-06-30 20:43 . 2008-06-30 20:43 86,528 --a------ C:\WINDOWS\system32\afesggdp.VIR2008-06-30 19:41 . 2008-06-30 19:41 294 ---hs---- C:\WINDOWS\system32\lcrdqnns.ini2008-06-30 18:47 . 2008-07-01 03:24 <DIR> d-------- C:\SDFix2008-06-30 18:37 . 2008-06-30 18:37 <DIR> d-------- C:\Program Files\Trend Micro2008-06-30 17:50 . 2008-06-30 17:50 <DIR> d-------- C:\Program Files\VS Revo Group2008-06-30 12:05 . 2008-06-30 12:05 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll2008-06-30 12:03 . 2008-06-30 12:03 223,076 --a------ C:\WINDOWS\ism611.exe2008-06-30 12:03 . 2008-06-30 12:03 178,616 --a------ C:\WINDOWS\plate611.exe2008-06-30 12:02 . 2008-07-01 17:32 <DIR> d-------- C:\WINDOWS\system32\vi2008-06-30 12:02 . 2008-07-01 17:32 <DIR> d-------- C:\WINDOWS\system32\gI52008-06-30 12:01 . 2008-06-30 12:01 <DIR> d-------- C:\WINDOWS\system32\modtrux182008-06-30 12:01 . 2008-07-01 22:35 <DIR> d-------- C:\Temp2008-06-30 12:01 . 2008-06-27 18:38 53,248 ---hs---- C:\Documents and Settings\dorsz\winlogon.exe2008-06-30 12:01 . 2008-06-30 12:01 34,304 --a------ C:\WINDOWS\system32\khfGaaXo.VIR2008-06-30 11:46 . 2008-06-30 12:38 <DIR> d-------- C:\Program Files\BearShare2008-06-21 00:34 . 2008-06-21 00:34 <DIR> d--h----- C:\WINDOWS\PIF2008-06-20 16:41 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll2008-06-20 16:41 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll2008-06-20 16:41 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax2008-06-19 19:00 . 2008-07-01 20:16 <DIR> d-------- C:\Program Files\Steam2008-06-19 17:20 . 2008-06-19 17:20 <DIR> d-------- C:\Documents and Settings\dorsz\Dane aplikacji\DonationCoder2008-06-19 17:20 . 2008-06-19 17:20 58 --a------ C:\WINDOWS\system32\DonationCoder_ScreenshotCaptor_InstallInfo.dat2008-06-19 17:15 . 2008-06-30 18:04 <DIR> d-------- C:\Program Files\ScreenshotCaptor2008-06-19 17:15 . 2008-06-19 17:15 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\DonationCoder2008-06-18 23:49 . 2008-06-18 23:49 <DIR> d-------- C:\Program Files\WinPcap2008-06-18 23:48 . 2008-06-30 22:23 <DIR> d-------- C:\Program Files\RzK2008-06-18 21:28 . 2008-06-30 22:28 <DIR> d-------- C:\Documents and Settings\dorsz\Dane aplikacji\XnView2008-06-17 12:36 . 2008-06-17 12:36 <DIR> d-------- C:\Program Files\Half-Life Model Viewer2008-06-10 17:15 . 2008-06-10 17:15 <DIR> d-------- C:\Program Files\Ad Muncher2008-06-05 15:58 . 2008-06-05 15:58 <DIR> d-------- C:\Program Files\Trust2008-06-05 15:45 . 2004-08-03 23:08 26,624 --a------ C:\WINDOWS\system32\drivers\usbehci.sys2008-06-05 15:45 . 2004-08-03 23:08 26,624 --a--c--- C:\WINDOWS\system32\dllcache\usbehci.sys2008-06-05 15:45 . 2004-08-04 00:44 7,168 --a------ C:\WINDOWS\system32\hccoin.dll2008-06-05 15:45 . 2004-08-04 00:44 7,168 --a--c--- C:\WINDOWS\system32\dllcache\hccoin.dll2008-06-05 15:41 . 2004-08-03 23:08 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys2008-06-05 15:41 . 2004-08-03 23:08 17,024 --a--c--- C:\WINDOWS\system32\dllcache\usbohci.sys.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-06-30 22:03 --------- d-----w C:\Program Files\SMC2008-06-30 20:25 --------- d-----w C:\Program Files\Huawei technologies2008-06-30 20:25 --------- d-----w C:\Program Files\Common Files\InstallShield2008-06-30 20:24 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-06-22 11:38 --------- d-----w C:\Program Files\Common Files\Adobe2008-05-25 19:02 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE2008-05-25 19:02 249,856 ------w C:\WINDOWS\Setup1.exe2008-05-25 19:02 --------- d-----w C:\Program Files\HLTooLz2008-05-24 21:15 --------- d-----w C:\Documents and Settings\dorsz\Dane aplikacji\Dev-Cpp2008-05-22 12:30 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Prism2008-05-22 12:28 15,781 ----a-w C:\WINDOWS\system32\drivers\mdc8021x.sys2008-05-19 17:09 --------- d-----w C:\Documents and Settings\dorsz\Dane aplikacji\gtk-2.02008-05-02 19:42 --------- d-----w C:\Program Files\QuickTime2008-05-02 19:41 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer1995-05-26 09:57 81,968 ----a-w C:\Documents and Settings\dorsz\FTP.EXE1995-05-26 09:57 69,465 ----a-w C:\Documents and Settings\dorsz\NETSTAT.EXE1995-05-26 09:57 63,904 ----a-w C:\Documents and Settings\dorsz\TCP32UI.DLL1995-05-26 09:57 60,551 ----a-w C:\Documents and Settings\dorsz\ARP.EXE1995-05-26 09:57 6,960 ----a-w C:\Documents and Settings\dorsz\WSASRV.EXE1995-05-26 09:57 58,307 ----a-w C:\Documents and Settings\dorsz\PING.EXE1995-05-26 09:57 57,703 ----a-w C:\Documents and Settings\dorsz\ROUTE.EXE1995-05-26 09:57 57,216 ----a-w C:\Documents and Settings\dorsz\TELNET.EXE1995-05-26 09:57 55,277 ----a-w C:\Documents and Settings\dorsz\TRACERT.EXE1995-05-26 09:57 42,195 ----a-w C:\Documents and Settings\dorsz\IPCONFIG.EXE1995-05-26 09:57 41,440 ----a-w C:\Documents and Settings\dorsz\WINSOCK.DLL1995-05-26 09:57 33,227 ----a-w C:\Documents and Settings\dorsz\NBTSTAT.EXE2008-01-02 22:02 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat2008-01-02 22:02 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat2008-01-02 22:02 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008010220080103\index.dat2008-01-02 22:02 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat.((((((((((((((((((((((((((((( snapshot@2008-06-30_19.40.04.09 ))))))))))))))))))))))))))))))))))))))))).- 2008-06-30 17:34:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat+ 2008-07-01 20:39:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat- 2004-09-10 16:59:00 381,088 ----a-r C:\WINDOWS\system32\drivers\2862WICB.sys+ 2005-06-28 16:28:00 349,856 ----a-w C:\WINDOWS\system32\drivers\2862WICB.sys+ 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys+ 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys+ 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys- 2008-06-04 19:04:15 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat+ 2008-06-30 22:10:05 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat- 2008-06-04 19:04:15 49,712 ----a-w C:\WINDOWS\system32\perfc015.dat+ 2008-06-30 22:10:05 49,712 ----a-w C:\WINDOWS\system32\perfc015.dat- 2008-06-04 19:04:15 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat+ 2008-06-30 22:10:05 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat- 2008-06-04 19:04:15 355,830 ----a-w C:\WINDOWS\system32\perfh015.dat+ 2008-06-30 22:10:05 355,830 ----a-w C:\WINDOWS\system32\perfh015.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68950839-2675-49E2-B6A5-442E0B0D1BA4}] C:\WINDOWS\system32\khfGaaXo.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F67AF0EF-38ED-4BA7-8F62-84BAAB0C594E}] C:\WINDOWS\system32\jkkLEXQg.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Windows Logon Applicationedc"="C:\Documents and Settings\dorsz\winlogon.exe" [2008-06-27 18:38 53248]"Ad Muncher"="C:\Program Files\Ad Muncher\AdMunch.exe" [2008-06-10 17:15 705024]"WheelMouse"="C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe" [2006-09-29 11:00 163840]"PRISMSVR.EXE"="C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g" [ ]"Outpost Firewall"="C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe" [2006-03-30 10:51 91648]"OutpostFeedBack"="C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe" [2006-05-11 12:05 356420]"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]"BM0f4da6aa"="C:\WINDOWS\system32\oopobels.dll" [ ][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:44 15360][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_2"="regsvr32" [][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoExpandedNewMenu"= 1 (0x1)[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]"{68950839-2675-49E2-B6A5-442E0B0D1BA4}"= C:\WINDOWS\system32\khfGaaXo.dll [ ][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfGaaXo]khfGaaXo.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=NVDESK32.DLL C:\PROGRA~1\Agnitum\OUTPOS~1.0\wl_hook.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux"= ctwdm32.dll"VIDC.YV12"= yv12vfw.dll[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk]path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnkbackup=C:\WINDOWS\pss\SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^dorsz^Menu Start^Programy^Autostart^Deewoo.lnk]path=C:\Documents and Settings\dorsz\Menu Start\Programy\Autostart\Deewoo.lnkbackup=C:\WINDOWS\pss\Deewoo.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\[u]0[/u]c7e9536]C:\WINDOWS\system32\enxweldx.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]C:\Program Files\Ares\Ares.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]C:\Program Files\BearShare\BearShare.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM0f4da6aa]C:\WINDOWS\system32\oopobels.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]C:\WINDOWS\system32\scntstdm.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Mechanic]C:\Program Files\Network Mechanic\netmch.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE]C:\Program Files\SMC\SMC2862W-G EZ Connect g 802.11g[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]C:\WINDOWS\mrofinu1000106.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{61a6fc92-a899-52df-0ac5-28c1973ff053}]C:\WINDOWS\system32\{177d912f-3d4f-6cb4-3b78-7638877d9726}.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{E9-95-59-99-DW}]c:\windows\system32\rwwnw64d.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"wuauserv"=2 (0x2)"wscsvc"=2 (0x2)"SharedAccess"=2 (0x2)"Schedule"=2 (0x2)"BthServ"=2 (0x2)[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"UpdatesDisableNotify"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Steam\\steamapps\\dorszu6\\counter-strike\\hl.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"=R1 VFILT;Outpost Firewall Kernel Driver;C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\2000\FILTNT.SYS [2006-03-30 10:53]R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\ADBLOCK.DLL [2006-03-30 10:53]R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\ARP.DLL [2006-03-30 10:53]R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\CONTENT.DLL [2006-03-30 10:53]R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\DNSCACHE.DLL [2006-03-30 10:53]R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\FTPFILT.DLL [2006-03-30 10:53]R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTMLFILT.DLL [2006-03-30 10:53]R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTTPFILT.DLL [2006-03-30 10:53]R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\IMAPFILT.DLL [2006-03-30 10:53]R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\MAILFILT.DLL [2006-03-30 10:53]R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\NNTPFILT.DLL [2006-03-30 10:53]R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\POP3FILT.DLL [2006-03-30 10:53]R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\PROTECT.DLL [2006-03-30 10:53]R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\SECRET.DLL [2006-03-30 10:53]R3 SMC2862W;SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter Driver;C:\WINDOWS\system32\DRIVERS\2862WICB.sys [2005-06-28 18:28]S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-06-29 02:01][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98c6ad50-21dc-11dd-874a-0004e2d78685}]\Shell\AutoRun\command - H:\AutoRun.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98c6ad52-21dc-11dd-874a-0004e2d78685}]\Shell\AutoRun\command - H:\AutoRun.exe.Contents of the 'Scheduled Tasks' folder"2008-06-17 14:25:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"- C:\Program Files\Apple Software Update\SoftwareUpdate.exe.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-01 22:40:19Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------PROCESS: C:\WINDOWS\system32\winlogon.exe-> C:\Documents and Settings\dorsz\winlogon.exePROCESS: C:\WINDOWS\explorer.exe-> C:\Program Files\Ad Muncher\AM27105.dll.------------------------ Other Running Processes ------------------------.C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\system32\netdde.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\devldr32.exeC:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.exeC:\Program Files\Common Files\Agnitum Shared\Aupdate\aupdrun.exe.**************************************************************************.Completion time: 2008-07-01 22:45:06 - machine was rebootedComboFix-quarantined-files.txt 2008-07-01 20:44:59ComboFix2.txt 2008-06-30 19:44:24Pre-Run: 3,892,731,904 bajtów wolnychPost-Run: 3,885,527,040 bajt˘w wolnych290 btw. to ze wskazesz mi kawałek logu mi nie pomoże ... moze coś dokładniej?? (do seby)
CatchMe komentarz 1 lipca 2008 komentarz 1 lipca 2008 Otwórz notatnik i wklej: File::C:\WINDOWS\transp.gifC:\WINDOWS\system32\jkkLEXQg.dllC:\WINDOWS\system32\enxweldx.VIRC:\WINDOWS\system32\oopobels.dllC:\WINDOWS\system32\oopobels.VIRC:\WINDOWS\system32\jkkLEXQg.VIRC:\WINDOWS\system32\jkkLEXQg.dllC:\WINDOWS\system32\atmtd.dll._C:\WINDOWS\system32\atmtd.dllC:\Temp\syschk3C:\Temp\asxuk5.exeC:\WINDOWS\system32\geBuRIYq.VIRC:\WINDOWS\system32\g44.VIRC:\WINDOWS\SYSTEM32\khfGaaXo.dllC:\WINDOWS\system32\ssqOFYQi.dllC:\WINDOWS\system32\pdggsefa.iniC:\Documents and Settings\dorsz\services.exeC:\WINDOWS\system32\afesggdp.VIRC:\WINDOWS\system32\lcrdqnns.iniC:\Documents and Settings\dorsz\winlogon.exeC:\WINDOWS\system32\khfGaaXo.VIRC:\WINDOWS\cGlvZG9y\command.exeC:\WINDOWS\system32\vbzip10.dllC:\WINDOWS\ism611.exeC:\WINDOWS\plate611.exeC:\WINDOWS\ST6UNST.EXEC:\WINDOWS\Setup1.exeC:\Documents and Settings\dorsz\FTP.EXEC:\Documents and Settings\dorsz\NETSTAT.EXEC:\Documents and Settings\dorsz\TCP32UI.DLLC:\Documents and Settings\dorsz\ARP.EXEC:\Documents and Settings\dorsz\WSASRV.EXEC:\Documents and Settings\dorsz\PING.EXEC:\Documents and Settings\dorsz\ROUTE.EXEC:\Documents and Settings\dorsz\TELNET.EXEC:\Documents and Settings\dorsz\TRACERT.EXEC:\Documents and Settings\dorsz\IPCONFIG.EXEC:\Documents and Settings\dorsz\WINSOCK.DLLC:\Documents and Settings\dorsz\NBTSTAT.EXEC:\WINDOWS\system32\perfc009.datC:\WINDOWS\system32\perfc009.datC:\WINDOWS\system32\perfc015.datC:\WINDOWS\system32\perfc015.datC:\WINDOWS\system32\perfh009.datC:\WINDOWS\system32\perfh009.datC:\WINDOWS\system32\perfh015.datC:\WINDOWS\system32\perfh015.datFolder::C:\WINDOWS\system32\viC:\WINDOWS\system32\gI5C:\WINDOWS\system32\modtrux18C:\TempC:\WINDOWS\cGlvZG9yC:\Documents and Settings\dorsz\Dane aplikacji\DonationCoderC:\WINDOWS\system32\DonationCoder_ScreenshotCaptor_InstallInfo.datC:\Documents and Settings\All Users\Dane aplikacji\DonationCoderC:\Program Files\WinPcapC:\Program Files\RzKRegistry::[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68950839-2675-49E2-B6A5-442E0B0D1BA4}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F67AF0EF-38ED-4BA7-8F62-84BAAB0C594E}][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfGaaXo][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\[u]0[/u]c7e9536][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM0f4da6aa][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Mechanic][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{61a6fc92-a899-52df-0ac5-28c1973ff053}][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{E9-95-59-99-DW}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98c6ad50-21dc-11dd-874a-0004e2d78685}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98c6ad52-21dc-11dd-874a-0004e2d78685}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Windows Logon Applicationedc"=-"BM0f4da6aa"=-[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]"{68950839-2675-49E2-B6A5-442E0B0D1BA4}"=-Driver::Command ServicecmdService Zapisz jako CFScript.txt >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe Powinno rozpocząć się usuwanie. W HijackThis usuń(zafixuj): R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/O2 - BHO: (no name) - {68950839-2675-49E2-B6A5-442E0B0D1BA4} - C:\WINDOWS\system32\khfGaaXo.dllO2 - BHO: (no name) - {F67AF0EF-38ED-4BA7-8F62-84BAAB0C594E} - C:\WINDOWS\system32\jkkLEXQg.dll (file missing)O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\dorsz\winlogon.exeO4 - HKLM\..\Run: [bM0f4da6aa] Rundll32.exe "C:\WINDOWS\system32\oopobels.dll",sO20 - Winlogon Notify: khfGaaXo - C:\WINDOWS\SYSTEM32\khfGaaXo.dllO23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\cGlvZG9y\command.exe (file missing) - Wrzuć dwa nowe logi.
piodor komentarz 1 lipca 2008 Autor komentarz 1 lipca 2008 ComboFix 08-06-20.4 - dorsz 2008-07-02 0:00:49.4 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.60 [GMT 2:00]Running from: C:\Documents and Settings\dorsz\Pulpit\ComboFix.exeCommand switches used :: C:\Documents and Settings\dorsz\Pulpit\CFScript.txt * Created a new restore point[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b]FILE ::C:\Documents and Settings\dorsz\ARP.EXEC:\Documents and Settings\dorsz\FTP.EXEC:\Documents and Settings\dorsz\IPCONFIG.EXEC:\Documents and Settings\dorsz\NBTSTAT.EXEC:\Documents and Settings\dorsz\NETSTAT.EXEC:\Documents and Settings\dorsz\PING.EXEC:\Documents and Settings\dorsz\ROUTE.EXEC:\Documents and Settings\dorsz\services.exeC:\Documents and Settings\dorsz\TCP32UI.DLLC:\Documents and Settings\dorsz\TELNET.EXEC:\Documents and Settings\dorsz\TRACERT.EXEC:\Documents and Settings\dorsz\winlogon.exeC:\Documents and Settings\dorsz\WINSOCK.DLLC:\Documents and Settings\dorsz\WSASRV.EXEC:\Temp\asxuk5.exeC:\Temp\syschk3C:\WINDOWS\cGlvZG9y\command.exeC:\WINDOWS\ism611.exeC:\WINDOWS\ODBC.INIC:\WINDOWS\plate611.exeC:\WINDOWS\Setup1.exeC:\WINDOWS\ST6UNST.EXEC:\WINDOWS\system32\afesggdp.VIRC:\WINDOWS\system32\atmtd.dllC:\WINDOWS\system32\atmtd.dll._C:\WINDOWS\system32\enxweldx.VIRC:\WINDOWS\system32\g44.VIRC:\WINDOWS\system32\geBuRIYq.VIRC:\WINDOWS\system32\jkkLEXQg.dllC:\WINDOWS\system32\jkkLEXQg.VIRC:\WINDOWS\SYSTEM32\khfGaaXo.dllC:\WINDOWS\system32\khfGaaXo.VIRC:\WINDOWS\system32\lcrdqnns.iniC:\WINDOWS\system32\oopobels.dllC:\WINDOWS\system32\oopobels.VIRC:\WINDOWS\system32\pdggsefa.iniC:\WINDOWS\system32\perfc009.datC:\WINDOWS\system32\perfc015.datC:\WINDOWS\system32\perfh009.datC:\WINDOWS\system32\perfh015.datC:\WINDOWS\system32\ssqOFYQi.dllC:\WINDOWS\system32\vbzip10.dllC:\WINDOWS\transp.gif.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\dorsz\ARP.EXEC:\Documents and Settings\dorsz\Dane aplikacji\DonationCoderC:\Documents and Settings\dorsz\Dane aplikacji\DonationCoder\Keys\DonationCoder_ScreenshotCaptor_InstallInfo.datC:\Documents and Settings\dorsz\IPCONFIG.EXEC:\Documents and Settings\dorsz\NBTSTAT.EXEC:\Documents and Settings\dorsz\NETSTAT.EXEC:\Documents and Settings\dorsz\PING.EXEC:\Documents and Settings\dorsz\ROUTE.EXEC:\Documents and Settings\dorsz\services.exeC:\Documents and Settings\dorsz\TCP32UI.DLLC:\Documents and Settings\dorsz\TELNET.EXEC:\Documents and Settings\dorsz\TRACERT.EXEC:\Documents and Settings\dorsz\winlogon.exeC:\Documents and Settings\dorsz\WINSOCK.DLLC:\Documents and Settings\dorsz\WSASRV.EXEC:\TempC:\Temp\asxuk5.exeC:\Temp\syschk3\tdirp5.logC:\WINDOWS\ism611.exeC:\WINDOWS\ODBC.INIC:\WINDOWS\plate611.exeC:\WINDOWS\Setup1.exeC:\WINDOWS\ST6UNST.EXEC:\WINDOWS\system32\afesggdp.VIRC:\WINDOWS\system32\atmtd.dllC:\WINDOWS\system32\atmtd.dll._C:\WINDOWS\system32\DonationCoder_ScreenshotCaptor_InstallInfo.dat\C:\WINDOWS\system32\enxweldx.VIRC:\WINDOWS\system32\g44.VIRC:\WINDOWS\system32\geBuRIYq.VIRC:\WINDOWS\system32\gI5C:\WINDOWS\system32\jkkLEXQg.VIRC:\WINDOWS\system32\khfGaaXo.VIRC:\WINDOWS\system32\lcrdqnns.iniC:\WINDOWS\system32\modtrux18C:\WINDOWS\system32\modtrux18\modtrux182328.exeC:\WINDOWS\system32\oopobels.VIRC:\WINDOWS\system32\pdggsefa.iniC:\WINDOWS\system32\perfc009.datC:\WINDOWS\system32\perfc015.datC:\WINDOWS\system32\perfh009.datC:\WINDOWS\system32\perfh015.datC:\WINDOWS\system32\ssqOFYQi.dllC:\WINDOWS\system32\vbzip10.dllC:\WINDOWS\system32\viC:\WINDOWS\transp.gif.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_NPF((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 ))))))))))))))))))))))))))))))).2008-07-01 21:48 . 1999-10-21 11:12 20,400 --a------ C:\WINDOWS\system32\drivers\entech.sys2008-07-01 21:47 . 2008-07-01 21:48 <DIR> d-------- C:\Program Files\AquaMark32008-07-01 15:14 . 2008-07-01 15:14 <DIR> d-------- C:\Program Files\Avira2008-07-01 15:14 . 2008-07-01 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Avira2008-07-01 14:36 . 2008-07-01 14:36 <DIR> d-------- C:\Program Files\Common Files\Agnitum Shared2008-07-01 14:36 . 2008-07-01 14:36 <DIR> d-------- C:\Program Files\Agnitum2008-07-01 13:44 . 2008-07-01 14:28 <DIR> d-------- C:\Program Files\Netscape2008-07-01 13:44 . 2008-07-01 13:44 <DIR> d-------- C:\Documents and Settings\dorsz\Dane aplikacji\Netscape2008-06-30 22:28 . 2008-06-30 22:28 <DIR> d-------- C:\Documents and Settings\dorsz\Dane aplikacji\VSRevoGroup2008-06-30 18:47 . 2008-07-01 03:24 <DIR> d-------- C:\SDFix2008-06-30 18:37 . 2008-06-30 18:37 <DIR> d-------- C:\Program Files\Trend Micro2008-06-30 17:50 . 2008-06-30 17:50 <DIR> d-------- C:\Program Files\VS Revo Group2008-06-30 11:46 . 2008-06-30 12:38 <DIR> d-------- C:\Program Files\BearShare2008-06-21 00:34 . 2008-06-21 00:34 <DIR> d--h----- C:\WINDOWS\PIF2008-06-20 16:41 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll2008-06-20 16:41 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll2008-06-20 16:41 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax2008-06-19 19:00 . 2008-07-01 20:16 <DIR> d-------- C:\Program Files\Steam2008-06-19 17:20 . 2008-06-19 17:20 58 --a------ C:\WINDOWS\system32\DonationCoder_ScreenshotCaptor_InstallInfo.dat2008-06-18 21:28 . 2008-06-30 22:28 <DIR> d-------- C:\Documents and Settings\dorsz\Dane aplikacji\XnView2008-06-17 12:36 . 2008-06-17 12:36 <DIR> d-------- C:\Program Files\Half-Life Model Viewer2008-06-10 17:15 . 2008-06-10 17:15 <DIR> d-------- C:\Program Files\Ad Muncher2008-06-05 15:58 . 2008-06-05 15:58 <DIR> d-------- C:\Program Files\Trust2008-06-05 15:45 . 2004-08-03 23:08 26,624 --a------ C:\WINDOWS\system32\drivers\usbehci.sys2008-06-05 15:45 . 2004-08-03 23:08 26,624 --a--c--- C:\WINDOWS\system32\dllcache\usbehci.sys2008-06-05 15:45 . 2004-08-04 00:44 7,168 --a------ C:\WINDOWS\system32\hccoin.dll2008-06-05 15:45 . 2004-08-04 00:44 7,168 --a--c--- C:\WINDOWS\system32\dllcache\hccoin.dll2008-06-05 15:41 . 2004-08-03 23:08 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys2008-06-05 15:41 . 2004-08-03 23:08 17,024 --a--c--- C:\WINDOWS\system32\dllcache\usbohci.sys.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-06-30 22:03 --------- d-----w C:\Program Files\SMC2008-06-30 20:25 --------- d-----w C:\Program Files\Common Files\InstallShield2008-06-30 20:24 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-06-22 11:38 --------- d-----w C:\Program Files\Common Files\Adobe2008-05-25 19:02 --------- d-----w C:\Program Files\HLTooLz2008-05-24 21:15 --------- d-----w C:\Documents and Settings\dorsz\Dane aplikacji\Dev-Cpp2008-05-22 12:30 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Prism2008-05-22 12:28 15,781 ----a-w C:\WINDOWS\system32\drivers\mdc8021x.sys2008-05-19 17:09 --------- d-----w C:\Documents and Settings\dorsz\Dane aplikacji\gtk-2.02008-05-02 19:42 --------- d-----w C:\Program Files\QuickTime2008-05-02 19:41 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer2008-01-02 22:02 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat2008-01-02 22:02 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat2008-01-02 22:02 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008010220080103\index.dat2008-01-02 22:02 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat.((((((((((((((((((((((((((((( snapshot@2008-06-30_19.40.04.09 ))))))))))))))))))))))))))))))))))))))))).- 2008-06-30 17:34:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat+ 2008-07-01 22:04:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat- 2004-09-10 16:59:00 381,088 ----a-r C:\WINDOWS\system32\drivers\2862WICB.sys+ 2005-06-28 16:28:00 349,856 ----a-w C:\WINDOWS\system32\drivers\2862WICB.sys+ 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys+ 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys+ 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Ad Muncher"="C:\Program Files\Ad Muncher\AdMunch.exe" [2008-06-10 17:15 705024]"WheelMouse"="C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe" [2006-09-29 11:00 163840]"PRISMSVR.EXE"="C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g" [ ]"Outpost Firewall"="C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe" [2006-03-30 10:51 91648]"OutpostFeedBack"="C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe" [2006-05-11 12:05 356420]"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:44 15360][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_2"="regsvr32" [][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoExpandedNewMenu"= 1 (0x1)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=NVDESK32.DLL C:\PROGRA~1\Agnitum\OUTPOS~1.0\wl_hook.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux"= ctwdm32.dll"VIDC.YV12"= yv12vfw.dll[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk]path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnkbackup=C:\WINDOWS\pss\SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^dorsz^Menu Start^Programy^Autostart^Deewoo.lnk]path=C:\Documents and Settings\dorsz\Menu Start\Programy\Autostart\Deewoo.lnkbackup=C:\WINDOWS\pss\Deewoo.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]C:\Program Files\Ares\Ares.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]C:\Program Files\BearShare\BearShare.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE]C:\Program Files\SMC\SMC2862W-G EZ Connect g 802.11g[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"wuauserv"=2 (0x2)"wscsvc"=2 (0x2)"SharedAccess"=2 (0x2)"Schedule"=2 (0x2)"BthServ"=2 (0x2)[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"UpdatesDisableNotify"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Steam\\steamapps\\dorszu6\\counter-strike\\hl.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"=R1 VFILT;Outpost Firewall Kernel Driver;C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\2000\FILTNT.SYS [2006-03-30 10:53]R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\ADBLOCK.DLL [2006-03-30 10:53]R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\ARP.DLL [2006-03-30 10:53]R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\CONTENT.DLL [2006-03-30 10:53]R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\DNSCACHE.DLL [2006-03-30 10:53]R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\FTPFILT.DLL [2006-03-30 10:53]R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTMLFILT.DLL [2006-03-30 10:53]R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTTPFILT.DLL [2006-03-30 10:53]R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\IMAPFILT.DLL [2006-03-30 10:53]R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\MAILFILT.DLL [2006-03-30 10:53]R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\NNTPFILT.DLL [2006-03-30 10:53]R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\POP3FILT.DLL [2006-03-30 10:53]R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\PROTECT.DLL [2006-03-30 10:53]R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\SECRET.DLL [2006-03-30 10:53]R3 SMC2862W;SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter Driver;C:\WINDOWS\system32\DRIVERS\2862WICB.sys [2005-06-28 18:28].Contents of the 'Scheduled Tasks' folder"2008-06-17 14:25:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"- C:\Program Files\Apple Software Update\SoftwareUpdate.exe.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-02 00:04:55Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------PROCESS: C:\WINDOWS\explorer.exe-> C:\Program Files\Ad Muncher\AM27105.dll.------------------------ Other Running Processes ------------------------.C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\system32\netdde.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\devldr32.exeC:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.exeC:\Program Files\Common Files\Agnitum Shared\Aupdate\aupdrun.exe.**************************************************************************.Completion time: 2008-07-02 0:09:36 - machine was rebootedComboFix-quarantined-files.txt 2008-07-01 22:09:29ComboFix2.txt 2008-07-01 20:45:07ComboFix3.txt 2008-06-30 19:44:24Pre-Run: 4,002,725,888 bajtów wolnychPost-Run: 3,996,278,784 bajt˘w wolnych279 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:13:49, on 2008-07-02Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20661)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\system32\netdde.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\system32\nvsvc32.exeC:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exeC:\Program Files\Ad Muncher\AdMunch.exeC:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exeC:\WINDOWS\system32\devldr32.exeC:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.EXEC:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Gadu-Gadu\gg.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\notepad.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Program Files\Netscape\Navigator 9\navigator.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO4 - HKLM\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /btO4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exeO4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.EXE" /APPLYO4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitserviceO4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startupO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=3874QY78&id=menu_ie_frameO8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=3874QY78&id=menu_ie_imageO8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=3874QY78&id=menu_ie_linkO8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=3874QY78&id=menu_ie_excludeO8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=3874QY78&id=menu_ie_reportO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO20 - AppInit_DLLs: NVDESK32.DLL C:\PROGRA~1\Agnitum\OUTPOS~1.0\wl_hook.dllO23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeO23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: hpdj - Unknown owner - C:\DOCUME~1\dorsz\USTAWI~1\Temp\hpdj.exe (file missing)O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe--End of file - 6115 bytes
CatchMe komentarz 2 lipca 2008 komentarz 2 lipca 2008 Logi czyste, poniżej kosmetyka. Usuń foldery: C:\[b]SDFix[/b]C:\[b]Qoobox [/b] Znasz? Jak nie - usuń: C:\Program Files\[b]SMC[/b]C:\Program Files\[b]HLTooLz[/b] Ściągnij i użyj program http://www.atribune.org/ccount/click.php?id=1 Ściągnij i użyj program http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (z opcji CleanUp! - zgadzasz się na wszystkie komunikaty).
piodor komentarz 2 lipca 2008 Autor komentarz 2 lipca 2008 Na prawde dzięki za pomoc nie widziałem bardziej fachowej i aktywnej pomocy... Na prawde duży plus dla CatchMe
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.