x-kom hosting

syf na xp

piodor
utworzono
utworzono (edytowane)

Nie wiem czy zamieszczam temat w odpowiednim miejscu.. Jeśli nie to prosze o przeniesienie..

Mam problem zainstalowalem jakis syf ostatnio i zamula mi kompa... Wszystko byłoby ok gdyby nie to ze on nie chce sie usunąć, a po drugie zablokował mi dostęp do managera zadań... Dam teraz kilka screenów żeby bardziej zobrazować problem..

1 : http://www.fotosik.pl/pokaz_obrazek/049ffe207358f483.html

2 : http://www.fotosik.pl/pokaz_obrazek/7f0856d9940515dc.html

3 : http://www.fotosik.pl/pokaz_obrazek/58a326e422e4787d.html

4 : http://www.fotosik.pl/pokaz_obrazek/9bc5be0656d191f8.html

5 : http://www.fotosik.pl/pokaz_obrazek/bd80d38e39dfe337.html

6 : http://www.fotosik.pl/pokaz_obrazek/bd5bd26283abc93b.html

Proszę o szybką pomoc ...z góry dziękje

//no fakt , nie ten dział 

//przenoszę -> bezpieczeństwo 

Jaskol
komentarz
komentarz

Daj logi z HijackThis i ComboFix przeskanuj kompa http://www.kaspersky.pl/virusscanner.html

rcwawa
komentarz
komentarz

tez mialem kiedys cos podobnego do odinstalowania uzyj revo uninstaller i daj zeby odinstalowal w trybie tym zaawansowany czy jakos tak, w kazdym razie jest na samym dole. I jeszcze podeslij logi

piodor
komentarz
komentarz

tylko chodzi o to że nie za bardzo jest co odinstalowywać bo nie ma tego nawet w katalogu program files ani na c ani na zadnej innej partycji... revo nie znajduje tego... nadal mi wyskakuje "wykrzyknik w trójkącie" w trayu, jak na niego najade i klikne to znika, a jak zmienie tapete to zaraz wraca do takiej jaka pokazalem na screenach ... pls help

rcwawa
komentarz
komentarz

musisz dac te logi z HijackThis i ComboFix'a

piodor
komentarz
komentarz

LOG Z HAJDZAKA

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:38:37, on 2008-06-30Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20661)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\netdde.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\cGlvZG9y\command.exeC:\Program Files\Network Monitor\netmon.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\SMC\SMC2862W-G EZ Connect g 802.11g Wireless USB 2.0 Adapter\PRISMSVR.EXEC:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exeC:\Program Files\Ad Muncher\AdMunch.exeC:\WINDOWS\Fonts\svchost.exeC:\Documents and Settings\dorsz\winlogon.exeC:\Documents and Settings\dorsz\lsass.exeC:\WINDOWS\mrofinu1000106.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Gadu-Gadu\gg.exeC:\WINDOWS\system32\jswnw64o.exeC:\WINDOWS\system32\devldr32.exeC:\WINDOWS\system32\scnttkdm.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\regedit.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaF2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initializeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\SMC\SMC2862W-G EZ Connect g 802.11g Wireless USB 2.0 Adapter\PRISMSVR.EXE" /APPLYO4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exeO4 - HKLM\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /btO4 - HKLM\..\Run: [GammaAdjuster] C:\DOCUME~1\dorsz\USTAWI~1\Temp\Rar$EX00.713\GammaAdjuster\GammaAdjuster.exeO4 - HKLM\..\Run: [bearShare] "C:\Program Files\BearShare\BearShare.exe" /pauseO4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exeO4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\dorsz\winlogon.exeO4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\dorsz\lsass.exeO4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310O4 - HKLM\..\Run: [{E9-95-59-99-DW}] C:\WINDOWS\system32\jswnw64o.exe DWrvgFFO4 - HKLM\..\Run: [0c7e9536] rundll32.exe "C:\WINDOWS\system32\snnqdrcl.dll",bO4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\scnttkdm.exe DWrvgFFO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -hO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\scnttkdm.exeO4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jswnw64o.exeO8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_frameO8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_imageO8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_i...id=menu_ie_linkO8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_i...menu_ie_excludeO8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_i...=menu_ie_reportO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virussca...can_unicode.cabO23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\cGlvZG9y\command.exeO23 - Service: hpdj - HP - C:\DOCUME~1\dorsz\USTAWI~1\Temp\hpdj.exeO23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe--End of file - 7871 bytes

LOG Z SDFix:

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-06-30 19:07:34Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ...scanning hidden services & system hive ...[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016930007ce]"00188d400e69"=hex:48,e3,be,3a,46,15,a3,e5,74,1a,e2,ea,34,05,74,76[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016930007ce]"00188d400e69"=hex:48,e3,be,3a,46,15,a3,e5,74,1a,e2,ea,34,05,74,76scanning hidden registry entries ...scanning hidden files ...

i jeszcze Z COMBOFIX:

2005-07-29 16:24	  472	--a------	C:\Qoobox\Quarantine\C\WINDOWS\cGlvZG9y\w35St36V.vbs.vir2005-08-02 16:46	  187904	--a------	C:\Qoobox\Quarantine\C\WINDOWS\cGlvZG9y\asappsrv.dll.vir2005-08-02 16:58	  293888	--a------	C:\Qoobox\Quarantine\C\WINDOWS\cGlvZG9y\command.exe.vir2006-01-03 17:45	  1989	--a------	C:\Qoobox\Quarantine\C\WINDOWS\uninstall_nmon.vbs.vir2006-01-04 18:09	  94208	--a------	C:\Qoobox\Quarantine\C\Program Files\Network Monitor\netmon.exe.vir2007-04-26 06:30	  29184	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\MSINET.oca.vir2007-09-24 02:05	  279600	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\pac.txt.vir2008-06-30 12:00	  278545	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Fonts\svchost.exe.vir2008-06-30 12:01	  52224	--a------	C:\Qoobox\Quarantine\C\Documents and Settings\dorsz\lsass.exe.vir2008-06-30 12:02	  4	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\hljwugsf.bin.vir2008-06-30 12:02	  41984	--a------	C:\Qoobox\Quarantine\C\WINDOWS\mrofinu1000106.exe.vir2008-06-30 12:02	  41984	--a------	C:\Qoobox\Quarantine\C\WINDOWS\mrofinu1188.exe.vir2008-06-30 12:02	  687592	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\atmtd.dll._.vir2008-06-30 12:02	  687592	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\atmtd.dll.vir2008-06-30 12:03	  399944	--a------	C:\Qoobox\Quarantine\C\WINDOWS\84.exe.vir2008-06-30 12:03	  49156	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\rwwnw64d.exe.vir2008-06-30 12:05	  278546	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Fonts\Setup.exe.vir2008-06-30 12:06	  284672	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\wvUlliIX.dll.vir2008-06-30 12:13	  148	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\msnav32.ax.vir2008-06-30 12:14	  200774	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\scnttkdm.exe.vir2008-06-30 12:14	  858	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\winpfz33.sys.vir2008-06-30 12:26	  21	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\zxdnt3d.cfg.vir2008-06-30 17:43	  680	--a------	C:\Qoobox\Quarantine\C\Documents and Settings\dorsz\Menu Start\Programy\Autostart\Deewoo.lnk.vir2008-06-30 17:44	  35840	--a------	C:\Qoobox\Quarantine\C\Documents and Settings\dorsz\services.exe.vir2008-06-30 17:48	  113240	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Fonts\a.zip.vir2008-06-30 19:12	  143	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\mcrh.tmp.vir2008-06-30 19:20	  14	--a------	C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Dane aplikacji\NetMon\domains.txt.vir2008-06-30 19:20	  2241	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\XIillUvw.ini.vir2008-06-30 19:20	  2241	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\XIillUvw.ini2.vir2008-06-30 19:20	  6324	--a------	C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Dane aplikacji\NetMon\log.txt.vir2008-06-30 19:30	  1072	--a------	C:\Qoobox\Quarantine\Registry_backups\Legacy_CMDSERVICE.reg.dat2008-06-30 19:30	  1122	--a------	C:\Qoobox\Quarantine\Registry_backups\Legacy_NETWORK_MONITOR.reg.dat2008-06-30 19:30	  2522	--a------	C:\Qoobox\Quarantine\Registry_backups\Service_cmdService.reg.dat2008-06-30 19:30	  2822	--a------	C:\Qoobox\Quarantine\Registry_backups\Service_Network Monitor.reg.dat2008-06-30 19:32	  54	--a------	C:\Qoobox\Quarantine\catchme.log2008-06-30 19:36	  11008	--a------	C:\Qoobox\Quarantine\C\WINDOWS\cpan.dll.vir2008-06-30 19:36	  12800	--a------	C:\Qoobox\Quarantine\C\WINDOWS\astctl32.ocx.vir2008-06-30 19:36	  14592	--a------	C:\Qoobox\Quarantine\C\WINDOWS\helpcvs.exe.vir2008-06-30 19:36	  15872	--a------	C:\Qoobox\Quarantine\C\WINDOWS\avpcc.dll.vir2008-06-30 19:36	  15872	--a------	C:\Qoobox\Quarantine\C\WINDOWS\gfmnaaa.dll.vir2008-06-30 19:36	  16128	--a------	C:\Qoobox\Quarantine\C\WINDOWS\directx32.exe.vir2008-06-30 19:36	  17920	--a------	C:\Qoobox\Quarantine\C\WINDOWS\funny.exe.vir2008-06-30 19:36	  19712	--a------	C:\Qoobox\Quarantine\C\WINDOWS\editpad.exe.vir2008-06-30 19:36	  20480	--a------	C:\Qoobox\Quarantine\C\WINDOWS\explorer32.exe.vir2008-06-30 19:36	  25856	--a------	C:\Qoobox\Quarantine\C\WINDOWS\ctfmon32.exe.vir2008-06-30 19:36	  28928	--a------	C:\Qoobox\Quarantine\C\WINDOWS\dnsrelay.dll.vir2008-06-30 19:36	  29440	--a------	C:\Qoobox\Quarantine\C\WINDOWS\clrssn.exe.vir2008-06-30 19:36	  29440	--a------	C:\Qoobox\Quarantine\C\WINDOWS\funniest.exe.vir2008-06-30 19:36	  31744	--a------	C:\Qoobox\Quarantine\C\WINDOWS\accesss.exe.vir2008-06-30 19:36	  32512	--a------	C:\Qoobox\Quarantine\C\WINDOWS\ctrlpan.dll.vir2008-06-30 19:36	  32512	--a------	C:\Qoobox\Quarantine\C\WINDOWS\explore.exe.vir2008-06-30 19:37	  11520	--a------	C:\Qoobox\Quarantine\C\WINDOWS\qttasks.exe.vir2008-06-30 19:37	  11776	--a------	C:\Qoobox\Quarantine\C\WINDOWS\users32.exe.vir2008-06-30 19:37	  12032	--a------	C:\Qoobox\Quarantine\C\WINDOWS\msspi.dll.vir2008-06-30 19:37	  12032	--a------	C:\Qoobox\Quarantine\C\WINDOWS\svcinit.exe.vir2008-06-30 19:37	  12800	--a------	C:\Qoobox\Quarantine\C\WINDOWS\msupdate.exe.vir2008-06-30 19:37	  13056	--a------	C:\Qoobox\Quarantine\C\WINDOWS\olehelp.exe.vir2008-06-30 19:37	  14336	--a------	C:\Qoobox\Quarantine\C\WINDOWS\sistem.exe.vir2008-06-30 19:37	  15104	--a------	C:\Qoobox\Quarantine\C\WINDOWS\internet.exe.vir2008-06-30 19:37	  15360	--a------	C:\Qoobox\Quarantine\C\WINDOWS\mssys.exe.vir2008-06-30 19:37	  15872	--a------	C:\Qoobox\Quarantine\C\WINDOWS\x.exe.vir2008-06-30 19:37	  16128	--a------	C:\Qoobox\Quarantine\C\WINDOWS\window.exe.vir2008-06-30 19:37	  16384	--a------	C:\Qoobox\Quarantine\C\WINDOWS\iedll.exe.vir2008-06-30 19:37	  16896	--a------	C:\Qoobox\Quarantine\C\WINDOWS\mtwirl32.dll.vir2008-06-30 19:37	  17920	--a------	C:\Qoobox\Quarantine\C\WINDOWS\rundll32.vbe.vir2008-06-30 19:37	  18432	--a------	C:\Qoobox\Quarantine\C\WINDOWS\rundll16.exe.vir2008-06-30 19:37	  18432	--a------	C:\Qoobox\Quarantine\C\WINDOWS\systemcritical.exe.vir2008-06-30 19:37	  19712	--a------	C:\Qoobox\Quarantine\C\WINDOWS\searchword.dll.vir2008-06-30 19:37	  19712	--a------	C:\Qoobox\Quarantine\C\WINDOWS\waol.exe.vir2008-06-30 19:37	  2022	--a------	C:\Qoobox\Quarantine\C\WINDOWS\default.htm.vir2008-06-30 19:37	  20992	--a------	C:\Qoobox\Quarantine\C\WINDOWS\msconfd.dll.vir2008-06-30 19:37	  20992	--a------	C:\Qoobox\Quarantine\C\WINDOWS\notepad32.exe.vir2008-06-30 19:37	  22272	--a------	C:\Qoobox\Quarantine\C\WINDOWS\winajbm.dll.vir2008-06-30 19:37	  23040	--a------	C:\Qoobox\Quarantine\C\WINDOWS\mswsc10.dll.vir2008-06-30 19:37	  24320	--a------	C:\Qoobox\Quarantine\C\WINDOWS\systeem.exe.vir2008-06-30 19:37	  26112	--a------	C:\Qoobox\Quarantine\C\WINDOWS\win32e.exe.vir2008-06-30 19:37	  27136	--a------	C:\Qoobox\Quarantine\C\WINDOWS\loader.exe.vir2008-06-30 19:37	  27904	--a------	C:\Qoobox\Quarantine\C\WINDOWS\iexplorer.exe.vir2008-06-30 19:37	  28160	--a------	C:\Qoobox\Quarantine\C\WINDOWS\y.exe.vir2008-06-30 19:37	  28416	--a------	C:\Qoobox\Quarantine\C\WINDOWS\win64.exe.vir2008-06-30 19:37	  28672	--a------	C:\Qoobox\Quarantine\C\WINDOWS\time.exe.vir2008-06-30 19:37	  294	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\lcrdqnns.ini.vir2008-06-30 19:37	  30464	--a------	C:\Qoobox\Quarantine\C\WINDOWS\quicken.exe.vir2008-06-30 19:37	  30720	--a------	C:\Qoobox\Quarantine\C\WINDOWS\winmgnt.exe.vir2008-06-30 19:37	  31488	--a------	C:\Qoobox\Quarantine\C\WINDOWS\xxxvideo.hta.vir2008-06-30 19:37	  32256	--a------	C:\Qoobox\Quarantine\C\WINDOWS\xplugin.dll.vir2008-06-30 19:37	  644	--a------	C:\Qoobox\Quarantine\C\Documents and Settings\dorsz\Menu Start\Programy\Autostart\DW_Start.lnk.vir2008-06-30 19:37	  8960	--a------	C:\Qoobox\Quarantine\C\WINDOWS\svchost32.exe.vir2008-06-30 19:37	  9216	--a------	C:\Qoobox\Quarantine\C\WINDOWS\inetinf.exe.vir2008-06-30 19:37	  9472	--a------	C:\Qoobox\Quarantine\C\WINDOWS\mswsc20.dll.vir
snip91
komentarz
komentarz
C:\WINDOWS\[b]cGlvZG9y[/b]\command.exeC:\Program Files\[b]Network Monitor[/b]\netmon.exe

Foldery pogrubione do usunięcia.

C:\WINDOWS\Fonts\svchost.exeC:\Documents and Settings\dorsz\winlogon.exeC:\Documents and Settings\dorsz\lsass.exeC:\WINDOWS\mrofinu1000106.exeC:\WINDOWS\system32\jswnw64o.exeC:\WINDOWS\system32\scnttkdm.exe

Pliki do usunięcia.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exeO4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\dorsz\winlogon.exeO4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\dorsz\lsass.exeO4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310O4 - HKLM\..\Run: [{E9-95-59-99-DW}] C:\WINDOWS\system32\jswnw64o.exe DWrvgFFO4 - HKLM\..\Run: [0c7e9536] rundll32.exe "C:\WINDOWS\system32\snnqdrcl.dll",bO4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\scnttkdm.exe DWrvgFFO4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\scnttkdm.exeO4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jswnw64o.exeO23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\cGlvZG9y\command.exeO23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

FIX

Masz chłopie wirusów.. :P

Log ComboFix i Silent Runners ucięty, daj w całości.

piodor
komentarz
komentarz

całość

2005-07-29 16:24	  472	--a------	C:\Qoobox\Quarantine\C\WINDOWS\cGlvZG9y\w35St36V.vbs.vir2005-08-02 16:46	  187904	--a------	C:\Qoobox\Quarantine\C\WINDOWS\cGlvZG9y\asappsrv.dll.vir2005-08-02 16:58	  293888	--a------	C:\Qoobox\Quarantine\C\WINDOWS\cGlvZG9y\command.exe.vir2006-01-03 17:45	  1989	--a------	C:\Qoobox\Quarantine\C\WINDOWS\uninstall_nmon.vbs.vir2006-01-04 18:09	  94208	--a------	C:\Qoobox\Quarantine\C\Program Files\Network Monitor\netmon.exe.vir2007-04-26 06:30	  29184	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\MSINET.oca.vir2007-09-24 02:05	  279600	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\pac.txt.vir2008-06-30 12:00	  278545	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Fonts\svchost.exe.vir2008-06-30 12:01	  52224	--a------	C:\Qoobox\Quarantine\C\Documents and Settings\dorsz\lsass.exe.vir2008-06-30 12:02	  4	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\hljwugsf.bin.vir2008-06-30 12:02	  41984	--a------	C:\Qoobox\Quarantine\C\WINDOWS\mrofinu1000106.exe.vir2008-06-30 12:02	  41984	--a------	C:\Qoobox\Quarantine\C\WINDOWS\mrofinu1188.exe.vir2008-06-30 12:02	  687592	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\atmtd.dll._.vir2008-06-30 12:02	  687592	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\atmtd.dll.vir2008-06-30 12:03	  399944	--a------	C:\Qoobox\Quarantine\C\WINDOWS\84.exe.vir2008-06-30 12:03	  49156	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\rwwnw64d.exe.vir2008-06-30 12:05	  278546	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Fonts\Setup.exe.vir2008-06-30 12:06	  284672	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\wvUlliIX.dll.vir2008-06-30 12:13	  148	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\msnav32.ax.vir2008-06-30 12:14	  200774	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\scnttkdm.exe.vir2008-06-30 12:14	  858	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\winpfz33.sys.vir2008-06-30 12:26	  21	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\zxdnt3d.cfg.vir2008-06-30 17:43	  680	--a------	C:\Qoobox\Quarantine\C\Documents and Settings\dorsz\Menu Start\Programy\Autostart\Deewoo.lnk.vir2008-06-30 17:44	  35840	--a------	C:\Qoobox\Quarantine\C\Documents and Settings\dorsz\services.exe.vir2008-06-30 17:48	  113240	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Fonts\a.zip.vir2008-06-30 19:12	  143	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\mcrh.tmp.vir2008-06-30 19:20	  14	--a------	C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Dane aplikacji\NetMon\domains.txt.vir2008-06-30 19:20	  2241	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\XIillUvw.ini.vir2008-06-30 19:20	  2241	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\XIillUvw.ini2.vir2008-06-30 19:20	  6324	--a------	C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Dane aplikacji\NetMon\log.txt.vir2008-06-30 19:30	  1072	--a------	C:\Qoobox\Quarantine\Registry_backups\Legacy_CMDSERVICE.reg.dat2008-06-30 19:30	  1122	--a------	C:\Qoobox\Quarantine\Registry_backups\Legacy_NETWORK_MONITOR.reg.dat2008-06-30 19:30	  2522	--a------	C:\Qoobox\Quarantine\Registry_backups\Service_cmdService.reg.dat2008-06-30 19:30	  2822	--a------	C:\Qoobox\Quarantine\Registry_backups\Service_Network Monitor.reg.dat2008-06-30 19:32	  54	--a------	C:\Qoobox\Quarantine\catchme.log2008-06-30 19:36	  11008	--a------	C:\Qoobox\Quarantine\C\WINDOWS\cpan.dll.vir2008-06-30 19:36	  12800	--a------	C:\Qoobox\Quarantine\C\WINDOWS\astctl32.ocx.vir2008-06-30 19:36	  14592	--a------	C:\Qoobox\Quarantine\C\WINDOWS\helpcvs.exe.vir2008-06-30 19:36	  15872	--a------	C:\Qoobox\Quarantine\C\WINDOWS\avpcc.dll.vir2008-06-30 19:36	  15872	--a------	C:\Qoobox\Quarantine\C\WINDOWS\gfmnaaa.dll.vir2008-06-30 19:36	  16128	--a------	C:\Qoobox\Quarantine\C\WINDOWS\directx32.exe.vir2008-06-30 19:36	  17920	--a------	C:\Qoobox\Quarantine\C\WINDOWS\funny.exe.vir2008-06-30 19:36	  19712	--a------	C:\Qoobox\Quarantine\C\WINDOWS\editpad.exe.vir2008-06-30 19:36	  20480	--a------	C:\Qoobox\Quarantine\C\WINDOWS\explorer32.exe.vir2008-06-30 19:36	  25856	--a------	C:\Qoobox\Quarantine\C\WINDOWS\ctfmon32.exe.vir2008-06-30 19:36	  28928	--a------	C:\Qoobox\Quarantine\C\WINDOWS\dnsrelay.dll.vir2008-06-30 19:36	  29440	--a------	C:\Qoobox\Quarantine\C\WINDOWS\clrssn.exe.vir2008-06-30 19:36	  29440	--a------	C:\Qoobox\Quarantine\C\WINDOWS\funniest.exe.vir2008-06-30 19:36	  31744	--a------	C:\Qoobox\Quarantine\C\WINDOWS\accesss.exe.vir2008-06-30 19:36	  32512	--a------	C:\Qoobox\Quarantine\C\WINDOWS\ctrlpan.dll.vir2008-06-30 19:36	  32512	--a------	C:\Qoobox\Quarantine\C\WINDOWS\explore.exe.vir2008-06-30 19:37	  11520	--a------	C:\Qoobox\Quarantine\C\WINDOWS\qttasks.exe.vir2008-06-30 19:37	  11776	--a------	C:\Qoobox\Quarantine\C\WINDOWS\users32.exe.vir2008-06-30 19:37	  12032	--a------	C:\Qoobox\Quarantine\C\WINDOWS\msspi.dll.vir2008-06-30 19:37	  12032	--a------	C:\Qoobox\Quarantine\C\WINDOWS\svcinit.exe.vir2008-06-30 19:37	  12800	--a------	C:\Qoobox\Quarantine\C\WINDOWS\msupdate.exe.vir2008-06-30 19:37	  13056	--a------	C:\Qoobox\Quarantine\C\WINDOWS\olehelp.exe.vir2008-06-30 19:37	  14336	--a------	C:\Qoobox\Quarantine\C\WINDOWS\sistem.exe.vir2008-06-30 19:37	  15104	--a------	C:\Qoobox\Quarantine\C\WINDOWS\internet.exe.vir2008-06-30 19:37	  15360	--a------	C:\Qoobox\Quarantine\C\WINDOWS\mssys.exe.vir2008-06-30 19:37	  15872	--a------	C:\Qoobox\Quarantine\C\WINDOWS\x.exe.vir2008-06-30 19:37	  16128	--a------	C:\Qoobox\Quarantine\C\WINDOWS\window.exe.vir2008-06-30 19:37	  16384	--a------	C:\Qoobox\Quarantine\C\WINDOWS\iedll.exe.vir2008-06-30 19:37	  16896	--a------	C:\Qoobox\Quarantine\C\WINDOWS\mtwirl32.dll.vir2008-06-30 19:37	  17920	--a------	C:\Qoobox\Quarantine\C\WINDOWS\rundll32.vbe.vir2008-06-30 19:37	  18432	--a------	C:\Qoobox\Quarantine\C\WINDOWS\rundll16.exe.vir2008-06-30 19:37	  18432	--a------	C:\Qoobox\Quarantine\C\WINDOWS\systemcritical.exe.vir2008-06-30 19:37	  19712	--a------	C:\Qoobox\Quarantine\C\WINDOWS\searchword.dll.vir2008-06-30 19:37	  19712	--a------	C:\Qoobox\Quarantine\C\WINDOWS\waol.exe.vir2008-06-30 19:37	  2022	--a------	C:\Qoobox\Quarantine\C\WINDOWS\default.htm.vir2008-06-30 19:37	  20992	--a------	C:\Qoobox\Quarantine\C\WINDOWS\msconfd.dll.vir2008-06-30 19:37	  20992	--a------	C:\Qoobox\Quarantine\C\WINDOWS\notepad32.exe.vir2008-06-30 19:37	  22272	--a------	C:\Qoobox\Quarantine\C\WINDOWS\winajbm.dll.vir2008-06-30 19:37	  23040	--a------	C:\Qoobox\Quarantine\C\WINDOWS\mswsc10.dll.vir2008-06-30 19:37	  24320	--a------	C:\Qoobox\Quarantine\C\WINDOWS\systeem.exe.vir2008-06-30 19:37	  26112	--a------	C:\Qoobox\Quarantine\C\WINDOWS\win32e.exe.vir2008-06-30 19:37	  27136	--a------	C:\Qoobox\Quarantine\C\WINDOWS\loader.exe.vir2008-06-30 19:37	  27904	--a------	C:\Qoobox\Quarantine\C\WINDOWS\iexplorer.exe.vir2008-06-30 19:37	  28160	--a------	C:\Qoobox\Quarantine\C\WINDOWS\y.exe.vir2008-06-30 19:37	  28416	--a------	C:\Qoobox\Quarantine\C\WINDOWS\win64.exe.vir2008-06-30 19:37	  28672	--a------	C:\Qoobox\Quarantine\C\WINDOWS\time.exe.vir2008-06-30 19:37	  294	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\lcrdqnns.ini.vir2008-06-30 19:37	  30464	--a------	C:\Qoobox\Quarantine\C\WINDOWS\quicken.exe.vir2008-06-30 19:37	  30720	--a------	C:\Qoobox\Quarantine\C\WINDOWS\winmgnt.exe.vir2008-06-30 19:37	  31488	--a------	C:\Qoobox\Quarantine\C\WINDOWS\xxxvideo.hta.vir2008-06-30 19:37	  32256	--a------	C:\Qoobox\Quarantine\C\WINDOWS\xplugin.dll.vir2008-06-30 19:37	  644	--a------	C:\Qoobox\Quarantine\C\Documents and Settings\dorsz\Menu Start\Programy\Autostart\DW_Start.lnk.vir2008-06-30 19:37	  8960	--a------	C:\Qoobox\Quarantine\C\WINDOWS\svchost32.exe.vir2008-06-30 19:37	  9216	--a------	C:\Qoobox\Quarantine\C\WINDOWS\inetinf.exe.vir2008-06-30 19:37	  9472	--a------	C:\Qoobox\Quarantine\C\WINDOWS\mswsc20.dll.vir

o co chodzi z tym fix co napisałeś code

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exeO4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\dorsz\winlogon.exeO4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\dorsz\lsass.exeO4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310O4 - HKLM\..\Run: [{E9-95-59-99-DW}] C:\WINDOWS\system32\jswnw64o.exe DWrvgFFO4 - HKLM\..\Run: [0c7e9536] rundll32.exe "C:\WINDOWS\system32\snnqdrcl.dll",bO4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\scnttkdm.exe DWrvgFFO4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\scnttkdm.exeO4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jswnw64o.exeO23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\cGlvZG9y\command.exeO23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

btw. nic się nie zmieniło nadal wyskakuje ten syf... zapomniełem napisać że co jakiś czas wyłącza się pulpit tak jakby coś kończyło proces explorer.exe

No pls help.... Na pulpicie mam niebieską tapete z żółtym napisem : Warning: Spyware threat has been detected on your PC. pod tym jest biały napis: Your computer has several fatal errors due to spyware activity.. pod tym : It is strongly recommended to install an antispyware software to close all security vulnerabilities.

Antispyware software helps protect your PC against spyware and other security threats...

pod tym jest link:

CLICK HERE TO SCAN YOUR PC FOR SPYWARE

Jaskol
komentarz
komentarz

Dajesz "Do a system scan only" i jak skonczy to zaznacz te wpisy co podal sniper i daj Fix Checked

rcwawa
komentarz
komentarz

zeby ta tapeta zniknela robisz PPM>wlasciwosci>pulpit>dostosuj pulpit pozniej zakladka "sieci web" i odznaczas tam wszystko co jest

piodor
komentarz
komentarz

Ok dzięki wam za pomoc... Przejechałem system jeszcze raz ComboFix'em i jest ok oto log :

ComboFix 08-06-20.4 - dorsz 2008-06-30 21:34:58.2 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.75 [GMT 2:00]Running from: C:\Documents and Settings\dorsz\Moje dokumenty\Instalatory\Internet\ComboFix.exe[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\dorsz\Menu Start\Programy\Autostart\Deewoo.lnkC:\Documents and Settings\dorsz\Menu Start\Programy\Autostart\DW_Start.lnkC:\Documents and Settings\dorsz\services.exeC:\WINDOWS\accesss.exeC:\WINDOWS\astctl32.ocxC:\WINDOWS\avpcc.dllC:\WINDOWS\clrssn.exeC:\WINDOWS\cpan.dllC:\WINDOWS\ctfmon32.exeC:\WINDOWS\ctrlpan.dllC:\WINDOWS\default.htmC:\WINDOWS\directx32.exeC:\WINDOWS\dnsrelay.dllC:\WINDOWS\editpad.exeC:\WINDOWS\explore.exeC:\WINDOWS\explorer32.exeC:\WINDOWS\funniest.exeC:\WINDOWS\funny.exeC:\WINDOWS\gfmnaaa.dllC:\WINDOWS\helpcvs.exeC:\WINDOWS\iedll.exeC:\WINDOWS\iexplorer.exeC:\WINDOWS\inetinf.exeC:\WINDOWS\internet.exeC:\WINDOWS\loader.exeC:\WINDOWS\msconfd.dllC:\WINDOWS\msspi.dllC:\WINDOWS\mssys.exeC:\WINDOWS\msupdate.exeC:\WINDOWS\mswsc10.dllC:\WINDOWS\mswsc20.dllC:\WINDOWS\mtwirl32.dllC:\WINDOWS\notepad32.exeC:\WINDOWS\olehelp.exeC:\WINDOWS\qttasks.exeC:\WINDOWS\quicken.exeC:\WINDOWS\rundll16.exeC:\WINDOWS\rundll32.vbeC:\WINDOWS\searchword.dllC:\WINDOWS\sistem.exeC:\WINDOWS\svchost32.exeC:\WINDOWS\svcinit.exeC:\WINDOWS\systeem.exeC:\WINDOWS\system32\_{177d912f-3d4f-6cb4-3b78-7638877d9726}.dllC:\WINDOWS\system32\awgjlcyi.iniC:\WINDOWS\system32\efcCuVpm.dllC:\WINDOWS\system32\g44.exeC:\WINDOWS\system32\gside.exeC:\WINDOWS\system32\hgGyyywT.dllC:\WINDOWS\system32\mcrh.tmpC:\WINDOWS\system32\mpVuCcfe.iniC:\WINDOWS\system32\mpVuCcfe.ini2C:\WINDOWS\system32\msnav32.axC:\WINDOWS\system32\mysidesearch_sidebar.dllC:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exeC:\WINDOWS\system32\pdggsefa.iniC:\WINDOWS\system32\rwwnw64d.exeC:\WINDOWS\system32\scntstdm.exeC:\WINDOWS\system32\TwyyyGgh.iniC:\WINDOWS\system32\TwyyyGgh.ini2C:\WINDOWS\system32\winpfz33.sysC:\WINDOWS\system32\zxdnt3d.cfgC:\WINDOWS\systemcritical.exeC:\WINDOWS\time.exeC:\WINDOWS\users32.exeC:\WINDOWS\waol.exeC:\WINDOWS\win32e.exeC:\WINDOWS\win64.exeC:\WINDOWS\winajbm.dllC:\WINDOWS\window.exeC:\WINDOWS\winmgnt.exeC:\WINDOWS\x.exeC:\WINDOWS\xplugin.dllC:\WINDOWS\xxxvideo.htaC:\WINDOWS\y.exe.---- Previous Run -------.C:\Documents and Settings\All Users\Dane aplikacji\RabioC:\Documents and Settings\dorsz\lsass.exeC:\Documents and Settings\dorsz\Menu Start\Programy\Autostart\Deewoo.lnkC:\Documents and Settings\dorsz\Menu Start\Programy\Autostart\DW_Start.lnkC:\Documents and Settings\dorsz\services.exeC:\Documents and Settings\LocalService\Dane aplikacji\NetMonC:\Documents and Settings\LocalService\Dane aplikacji\NetMon\domains.txtC:\Documents and Settings\LocalService\Dane aplikacji\NetMon\log.txtC:\Program Files\network monitorC:\Program Files\network monitor\netmon.exeC:\WINDOWS\84.exeC:\WINDOWS\accesss.exeC:\WINDOWS\astctl32.ocxC:\WINDOWS\avpcc.dllC:\WINDOWS\cGlvZG9y\C:\WINDOWS\cGlvZG9y\\asappsrv.dllC:\WINDOWS\cGlvZG9y\\command.exeC:\WINDOWS\cGlvZG9y\\w35St36V.vbsC:\WINDOWS\cGlvZG9y\command.exeC:\WINDOWS\clrssn.exeC:\WINDOWS\cpan.dllC:\WINDOWS\ctfmon32.exeC:\WINDOWS\ctrlpan.dllC:\WINDOWS\default.htmC:\WINDOWS\directx32.exeC:\WINDOWS\dnsrelay.dllC:\WINDOWS\editpad.exeC:\WINDOWS\explore.exeC:\WINDOWS\explorer32.exeC:\WINDOWS\Fonts\'C:\WINDOWS\Fonts\a.zipC:\WINDOWS\Fonts\Setup.exeC:\WINDOWS\Fonts\svchost.exeC:\WINDOWS\funniest.exeC:\WINDOWS\funny.exeC:\WINDOWS\gfmnaaa.dllC:\WINDOWS\helpcvs.exeC:\WINDOWS\iedll.exeC:\WINDOWS\iexplorer.exeC:\WINDOWS\inetinf.exeC:\WINDOWS\internet.exeC:\WINDOWS\loader.exeC:\WINDOWS\mrofinu1000106.exeC:\WINDOWS\mrofinu1188.exeC:\WINDOWS\msconfd.dllC:\WINDOWS\msspi.dllC:\WINDOWS\mssys.exeC:\WINDOWS\msupdate.exeC:\WINDOWS\mswsc10.dllC:\WINDOWS\mswsc20.dllC:\WINDOWS\mtwirl32.dllC:\WINDOWS\notepad32.exeC:\WINDOWS\olehelp.exeC:\WINDOWS\qttasks.exeC:\WINDOWS\quicken.exeC:\WINDOWS\rundll16.exeC:\WINDOWS\rundll32.vbeC:\WINDOWS\searchword.dllC:\WINDOWS\sistem.exeC:\WINDOWS\svchost32.exeC:\WINDOWS\svcinit.exeC:\WINDOWS\systeem.exeC:\WINDOWS\system32\atmtd.dllC:\WINDOWS\system32\atmtd.dll._C:\WINDOWS\system32\hljwugsf.binC:\WINDOWS\system32\lcrdqnns.iniC:\WINDOWS\system32\mcrh.tmpC:\WINDOWS\system32\MSINET.ocaC:\WINDOWS\system32\msnav32.axC:\WINDOWS\system32\pac.txtC:\WINDOWS\system32\rwwnw64d.exeC:\WINDOWS\system32\scnttkdm.exeC:\WINDOWS\system32\winpfz33.sysC:\WINDOWS\system32\wvUlliIX.dllC:\WINDOWS\system32\XIillUvw.iniC:\WINDOWS\system32\XIillUvw.ini2C:\WINDOWS\system32\zxdnt3d.cfgC:\WINDOWS\systemcritical.exeC:\WINDOWS\time.exeC:\WINDOWS\uninstall_nmon.vbsC:\WINDOWS\users32.exeC:\WINDOWS\waol.exeC:\WINDOWS\win32e.exeC:\WINDOWS\win64.exeC:\WINDOWS\winajbm.dllC:\WINDOWS\window.exeC:\WINDOWS\winmgnt.exeC:\WINDOWS\x.exeC:\WINDOWS\xplugin.dllC:\WINDOWS\xxxvideo.htaC:\WINDOWS\y.exe.(((((((((((((((((((((((((((((((((((((((   Drivers/Services   ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_CMDSERVICE-------\Legacy_NETWORK_MONITOR-------\Service_cmdService-------\Service_Network Monitor(((((((((((((((((((((((((   Files Created from 2008-05-28 to 2008-06-30  ))))))))))))))))))))))))))))))).2008-06-30 21:42 . 2008-06-30 21:42	35,840	--a------	C:\Documents and Settings\dorsz\services.exe2008-06-30 21:41 . 2008-06-30 21:41	114	--a------	C:\WINDOWS\system32\msnav32.ax2008-06-30 20:43 . 2008-06-30 20:43	86,528	--a------	C:\WINDOWS\system32\afesggdp.dll2008-06-30 20:38 . 2008-06-30 20:39	63,918	--a------	C:\WINDOWS\system32\{177d912f-3d4f-6cb4-3b78-7638877d9726}.dll-uninst.exe2008-06-30 20:38 . 2008-06-30 20:38	49,200	--a------	C:\WINDOWS\system32\rswnw64o.exe2008-06-30 19:41 . 2008-06-30 19:41	294	---hs----	C:\WINDOWS\system32\lcrdqnns.ini2008-06-30 18:47 . 2008-07-01 03:24	<DIR>	d--------	C:\SDFix2008-06-30 18:37 . 2008-06-30 18:37	<DIR>	d--------	C:\Program Files\Trend Micro2008-06-30 18:13 . 2008-06-30 18:13	<DIR>	d--------	C:\WINDOWS\system32\Kaspersky Lab2008-06-30 18:13 . 2008-06-30 18:13	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab2008-06-30 17:50 . 2008-06-30 17:50	<DIR>	d--------	C:\Program Files\VS Revo Group2008-06-30 12:57 . 2008-06-30 12:57	49,177	--a------	C:\WINDOWS\system32\jswnw64o.exe2008-06-30 12:05 . 2008-06-30 12:05	147,456	--a------	C:\WINDOWS\system32\vbzip10.dll2008-06-30 12:03 . 2008-06-30 12:03	223,076	--a------	C:\WINDOWS\ism611.exe2008-06-30 12:03 . 2008-06-30 12:03	178,616	--a------	C:\WINDOWS\plate611.exe2008-06-30 12:03 . 2008-06-30 12:03	49,152	--a------	C:\WINDOWS\dw611.exe2008-06-30 12:02 . 2008-06-30 12:02	<DIR>	d--------	C:\WINDOWS\system32\vi2008-06-30 12:02 . 2008-06-30 12:02	<DIR>	d--------	C:\WINDOWS\system32\gI52008-06-30 12:01 . 2008-06-30 12:01	<DIR>	d--------	C:\WINDOWS\system32\modtrux182008-06-30 12:01 . 2008-06-30 12:27	<DIR>	d--------	C:\Temp2008-06-30 12:01 . 2008-06-27 18:38	53,248	---hs----	C:\Documents and Settings\dorsz\winlogon.exe2008-06-30 12:01 . 2008-06-30 12:01	34,304	--a------	C:\WINDOWS\system32\khfGaaXo.dll2008-06-30 11:46 . 2008-06-30 12:38	<DIR>	d--------	C:\Program Files\BearShare2008-06-21 00:34 . 2008-06-21 00:34	<DIR>	d--h-----	C:\WINDOWS\PIF2008-06-20 16:41 . 2001-05-11 13:18	420,240	--a------	C:\WINDOWS\system32\mpg4c32.dll2008-06-20 16:41 . 2001-05-16 17:54	309,616	--a------	C:\WINDOWS\system32\wmv8dmod.dll2008-06-20 16:41 . 2001-03-26 04:41	245,760	--a------	C:\WINDOWS\system32\mp4sds32.ax2008-06-20 05:40 . 2008-06-20 05:40	90,073	--a------	C:\WINDOWS\system32\iftuyszv.exe2008-06-19 19:00 . 2008-06-29 20:14	<DIR>	d--------	C:\Program Files\Steam2008-06-19 17:20 . 2008-06-19 17:20	<DIR>	d--------	C:\Documents and Settings\dorsz\Dane aplikacji\DonationCoder2008-06-19 17:20 . 2008-06-19 17:20	58	--a------	C:\WINDOWS\system32\DonationCoder_ScreenshotCaptor_InstallInfo.dat2008-06-19 17:15 . 2008-06-30 18:04	<DIR>	d--------	C:\Program Files\ScreenshotCaptor2008-06-19 17:15 . 2008-06-19 17:15	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\DonationCoder2008-06-18 23:49 . 2008-06-18 23:49	<DIR>	d--------	C:\Program Files\WinPcap2008-06-18 23:48 . 2008-06-18 23:48	<DIR>	d--------	C:\Program Files\RzK2008-06-18 21:28 . 2008-06-18 21:28	<DIR>	d--------	C:\Program Files\XnView2008-06-18 21:28 . 2008-06-18 21:35	<DIR>	d--------	C:\Documents and Settings\dorsz\Dane aplikacji\XnView2008-06-17 12:36 . 2008-06-17 12:36	<DIR>	d--------	C:\Program Files\Half-Life Model Viewer2008-06-10 17:15 . 2008-06-10 17:15	<DIR>	d--------	C:\Program Files\Ad Muncher2008-06-05 15:58 . 2008-06-05 15:58	<DIR>	d--------	C:\Program Files\Trust2008-06-05 15:45 . 2004-08-03 23:08	26,624	--a------	C:\WINDOWS\system32\drivers\usbehci.sys2008-06-05 15:45 . 2004-08-03 23:08	26,624	--a--c---	C:\WINDOWS\system32\dllcache\usbehci.sys2008-06-05 15:45 . 2004-08-04 00:44	7,168	--a------	C:\WINDOWS\system32\hccoin.dll2008-06-05 15:45 . 2004-08-04 00:44	7,168	--a--c---	C:\WINDOWS\system32\dllcache\hccoin.dll2008-06-05 15:41 . 2004-08-03 23:08	17,024	--a------	C:\WINDOWS\system32\drivers\usbohci.sys2008-06-05 15:41 . 2004-08-03 23:08	17,024	--a--c---	C:\WINDOWS\system32\dllcache\usbohci.sys2008-05-27 15:32 . 2008-05-27 15:32	372,224	--a------	C:\WINDOWS\system32\{177d912f-3d4f-6cb4-3b78-7638877d9726}.dll2008-05-25 21:02 . 2008-05-25 21:02	<DIR>	d--------	C:\Program Files\HLTooLz2008-05-24 23:02 . 2008-05-24 23:15	<DIR>	d--------	C:\Documents and Settings\dorsz\Dane aplikacji\Dev-Cpp2008-05-24 23:01 . 2008-05-24 23:01	<DIR>	d--------	C:\Dev-Cpp2008-05-22 14:30 . 2008-05-22 14:30	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Prism2008-05-22 14:29 . 2004-09-10 18:59	381,088	-ra------	C:\WINDOWS\system32\drivers\2862WICB.sys2008-05-22 14:28 . 2008-05-22 14:28	<DIR>	d--------	C:\Program Files\SMC2008-05-22 14:28 . 2008-05-22 14:28	15,781	--a------	C:\WINDOWS\system32\drivers\mdc8021x.sys2008-05-14 19:40 . 2004-08-03 23:08	31,616	--a------	C:\WINDOWS\system32\drivers\usbccgp.sys2008-05-14 19:40 . 2004-08-03 23:08	31,616	--a--c---	C:\WINDOWS\system32\dllcache\usbccgp.sys2008-05-14 19:39 . 2008-05-14 19:39	<DIR>	d--------	C:\Program Files\Huawei technologies2008-05-14 19:39 . 2007-04-20 10:40	100,992	--a------	C:\WINDOWS\system32\drivers\ewusbmdm.sys2008-05-14 19:39 . 2007-04-20 10:40	24,448	--a------	C:\WINDOWS\system32\drivers\ewdcsc.sys2008-05-02 21:43 . 2008-06-30 13:15	54,156	--ah-----	C:\WINDOWS\QTFont.qfn2008-05-02 21:43 . 2008-05-02 21:43	1,409	--a------	C:\WINDOWS\QTFont.for2008-05-02 21:41 . 2008-05-02 21:42	<DIR>	d--------	C:\Program Files\QuickTime2008-05-02 21:41 . 2008-05-02 21:41	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-06-30 19:41	49,215	----a-w	C:\WINDOWS\system32\rwwnw64d.exe2008-06-22 11:38	---------	d-----w	C:\Program Files\Common Files\Adobe2008-06-22 11:20	---------	d--h--w	C:\Program Files\InstallShield Installation Information2008-05-25 19:02	73,216	----a-w	C:\WINDOWS\ST6UNST.EXE2008-05-25 19:02	249,856	------w	C:\WINDOWS\Setup1.exe2008-05-19 17:09	---------	d-----w	C:\Documents and Settings\dorsz\Dane aplikacji\gtk-2.02008-05-14 17:39	---------	d-----w	C:\Program Files\Common Files\InstallShield2008-04-28 13:18	---------	d-----w	C:\Program Files\NAPI-PROJEKT2008-03-23 20:20	164,352	----a-w	C:\WINDOWS\system32\SpoonUninstall.exe2008-03-02 17:12	8,464	----a-w	C:\WINDOWS\system32\sporder.dll1995-05-26 09:57	81,968	----a-w	C:\Documents and Settings\dorsz\FTP.EXE1995-05-26 09:57	69,465	----a-w	C:\Documents and Settings\dorsz\NETSTAT.EXE1995-05-26 09:57	63,904	----a-w	C:\Documents and Settings\dorsz\TCP32UI.DLL1995-05-26 09:57	60,551	----a-w	C:\Documents and Settings\dorsz\ARP.EXE1995-05-26 09:57	6,960	----a-w	C:\Documents and Settings\dorsz\WSASRV.EXE1995-05-26 09:57	58,307	----a-w	C:\Documents and Settings\dorsz\PING.EXE1995-05-26 09:57	57,703	----a-w	C:\Documents and Settings\dorsz\ROUTE.EXE1995-05-26 09:57	57,216	----a-w	C:\Documents and Settings\dorsz\TELNET.EXE1995-05-26 09:57	55,277	----a-w	C:\Documents and Settings\dorsz\TRACERT.EXE1995-05-26 09:57	42,195	----a-w	C:\Documents and Settings\dorsz\IPCONFIG.EXE1995-05-26 09:57	41,440	----a-w	C:\Documents and Settings\dorsz\WINSOCK.DLL1995-05-26 09:57	33,227	----a-w	C:\Documents and Settings\dorsz\NBTSTAT.EXE2008-01-02 22:02	16,384	--sha-w	C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat2008-01-02 22:02	32,768	--sha-w	C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat2008-01-02 22:02	32,768	--sha-w	C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008010220080103\index.dat2008-01-02 22:02	32,768	--sha-w	C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat.(((((((((((((((((((((((((((((   snapshot@2008-06-30_19.40.04.09   ))))))))))))))))))))))))))))))))))))))))).- 2008-06-30 17:34:29	2,048	--s-a-w	C:\WINDOWS\bootstat.dat+ 2008-06-30 19:40:40	2,048	--s-a-w	C:\WINDOWS\bootstat.dat+ 2008-06-30 18:39:09	63,918	----a-w	C:\WINDOWS\system32\{177d912f-3d4f-6cb4-3b78-7638877d9726}.dll-uninst.exe+ 2008-05-27 13:32:06	372,224	----a-w	C:\WINDOWS\system32\{177d912f-3d4f-6cb4-3b78-7638877d9726}.dll.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68950839-2675-49E2-B6A5-442E0B0D1BA4}]2008-06-30 12:01	34304	--a------	C:\WINDOWS\system32\khfGaaXo.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c47f6302-5d40-e605-04a2-da7bb507aefe}]2008-05-27 15:32	372224	--a------	C:\WINDOWS\system32\{177d912f-3d4f-6cb4-3b78-7638877d9726}.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]"ares"="C:\Program Files\Ares\Ares.exe" [ ][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Windows Logon Applicationedc"="C:\Documents and Settings\dorsz\winlogon.exe" [2008-06-27 18:38 53248]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]"BluetoothAuthenticationAgent"="bthprops.cpl,,BluetoothAuthenticationAgent" []"NvCplDaemon"="NvQTwk,NvCplDaemon initialize" []"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]"PRISMSVR.EXE"="C:\Program Files\SMC\SMC2862W-G EZ Connect g 802.11g" [ ]"WheelMouse"="C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe" [2006-09-29 11:00 163840]"Ad Muncher"="C:\Program Files\Ad Muncher\AdMunch.exe" [2008-06-10 17:15 705024]"BearShare"="C:\Program Files\BearShare\BearShare.exe" [ ]"{E9-95-59-99-DW}"="c:\windows\system32\rwwnw64d.exe" [ ]"{61a6fc92-a899-52df-0ac5-28c1973ff053}"="C:\WINDOWS\system32\{177d912f-3d4f-6cb4-3b78-7638877d9726}.dll" [2008-05-27 15:32 372224]"0c7e9536"="C:\WINDOWS\system32\afesggdp.dll" [2008-06-30 20:43 86528][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:44 15360][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_2"="regsvr32" [][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoExpandedNewMenu"= 1 (0x1)[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]"{68950839-2675-49E2-B6A5-442E0B0D1BA4}"= C:\WINDOWS\system32\khfGaaXo.dll [2008-06-30 12:01 34304][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfGaaXo]khfGaaXo.dll 2008-06-30 12:01 34304 C:\WINDOWS\system32\khfGaaXo.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=NVDESK32.DLL[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux"= ctwdm32.dll"VIDC.YV12"= yv12vfw.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Mechanic]C:\Program Files\Network Mechanic\netmch.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"UpdatesDisableNotify"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Steam\\steamapps\\dorszu6\\counter-strike\\hl.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"=R3 SMC2862W;SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter Driver;C:\WINDOWS\system32\DRIVERS\2862WICB.sys [2004-09-10 18:59]S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-06-29 02:01][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98c6ad50-21dc-11dd-874a-0004e2d78685}]\Shell\AutoRun\command - H:\AutoRun.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98c6ad52-21dc-11dd-874a-0004e2d78685}]\Shell\AutoRun\command - H:\AutoRun.exe.Contents of the 'Scheduled Tasks' folder"2008-06-17 14:25:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"- C:\Program Files\Apple Software Update\SoftwareUpdate.exe.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-06-30 21:41:47Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------PROCESS: C:\WINDOWS\system32\winlogon.exe-> C:\WINDOWS\system32\khfGaaXo.dll-> C:\Documents and Settings\dorsz\winlogon.exe-> C:\WINDOWS\system32\afesggdp.dll-> C:\Program Files\Ad Muncher\AM27105.dll-> C:\WINDOWS\system32\khfGaaXo.dllPROCESS: C:\WINDOWS\explorer.exe-> C:\WINDOWS\system32\afesggdp.dll-> C:\Program Files\Ad Muncher\AM27105.dll.------------------------ Other Running Processes ------------------------.C:\WINDOWS\system32\netdde.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\SMC\SMC2862W-G EZ Connect g 802.11g Wireless USB 2.0 Adapter\PRISMSVR.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\system32\devldr32.exeC:\Qoobox\Quarantine\C\WINDOWS\system32\rwwnw64d.exe.virED1}C:\WINDOWS\system32\wscntfy.exe.**************************************************************************.Completion time: 2008-06-30 21:44:22 - machine was rebooted [dorsz]ComboFix-quarantined-files.txt  2008-06-30 19:44:12Pre-Run: 3,891,212,288 bajtów wolnychPost-Run: 3,881,398,272 bajt˘w wolnych390
CatchMe
komentarz
komentarz

Zamknij dziurawe porty programem WWDC. Zainstaluj porządną zaporę np. Outpost Firewall i antywirus np. Nod32.

Start do trybu awaryjnego: użyj SDFix i ponownie ComboFix. W normalnym trybie przeskanuj dużą ilością skanerów antywirusowych on-line (np. Kaspersky, Panda).

Następnie nowe logi HijackThis i ComboFix.

piodor
komentarz
komentarz

jak zamknąlem porty to siec a tym samym internet nie działa

btw. prosze o nie zamykanie tematu dziś wieczorem spróbuje coś podziałać i dam logi z hj i CF

piodor
komentarz
komentarz

LOG HAJDZAK

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:30:45, on 2008-07-01Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20661)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\netdde.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\Explorer.EXEC:\Documents and Settings\dorsz\winlogon.exeC:\WINDOWS\system32\devldr32.exeC:\Program Files\Ad Muncher\AdMunch.exeC:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exeC:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.EXEC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\PROGRA~1\NETSCAPE\NAVIGA~1\NAVIGA~1.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {68950839-2675-49E2-B6A5-442E0B0D1BA4} - C:\WINDOWS\system32\khfGaaXo.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: (no name) - {F67AF0EF-38ED-4BA7-8F62-84BAAB0C594E} - C:\WINDOWS\system32\jkkLEXQg.dll (file missing)O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\dorsz\winlogon.exeO4 - HKLM\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /btO4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exeO4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.EXE" /APPLYO4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitserviceO4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startupO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [bM0f4da6aa] Rundll32.exe "C:\WINDOWS\system32\oopobels.dll",sO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=3874QY78&id=menu_ie_frameO8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=3874QY78&id=menu_ie_imageO8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=3874QY78&id=menu_ie_linkO8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=3874QY78&id=menu_ie_excludeO8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=3874QY78&id=menu_ie_reportO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO20 - AppInit_DLLs: NVDESK32.DLL C:\PROGRA~1\Agnitum\OUTPOS~1.0\wl_hook.dllO20 - Winlogon Notify: khfGaaXo - C:\WINDOWS\SYSTEM32\khfGaaXo.dllO23 - Service: Avira AntiVir Personal ? Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeO23 - Service: Avira AntiVir Personal ? Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\cGlvZG9y\command.exe (file missing)O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\dorsz\USTAWI~1\Temp\hpdj.exe (file missing)O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe--End of file - 6904 bytes
seba115
komentarz
komentarz

[...]

//jeśli na czymś sie nie znasz to zamilcz!

//jeszcze jeden taki post i poleci warn

//vocativus

piodor
komentarz
komentarz

A to ComboFix

ComboFix 08-06-20.4 - dorsz 2008-07-01 22:35:29.3 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.99 [GMT 2:00]Running from: C:\Documents and Settings\dorsz\Moje dokumenty\Instalatory\Instalatory\ComboFix.exe[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\LocalService\Dane aplikacji\NetMonC:\Documents and Settings\LocalService\Dane aplikacji\NetMon\domains.txtC:\Documents and Settings\LocalService\Dane aplikacji\NetMon\log.txtC:\Temp\1cbC:\Temp\1cb\syscheck.logC:\WINDOWS\BM0f4da6aa.xmlC:\WINDOWS\cGlvZG9y\C:\WINDOWS\cGlvZG9y\\asappsrv.dllC:\WINDOWS\cGlvZG9y\\w35St36V.vbsC:\WINDOWS\pskt.iniC:\WINDOWS\system32\gQXELkkj.iniC:\WINDOWS\system32\gQXELkkj.ini2C:\WINDOWS\system32\mcrh.tmpC:\WINDOWS\system32\MSINET.ocaC:\WINDOWS\system32\msnav32.axC:\WINDOWS\system32\pac.txtC:\WINDOWS\system32\winpfz33.sysC:\WINDOWS\system32\xdlewxne.iniC:\WINDOWS\system32\zxdnt3d.cfg.(((((((((((((((((((((((((((((((((((((((   Drivers/Services   ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_CMDSERVICE-------\Service_cmdService(((((((((((((((((((((((((   Files Created from 2008-06-01 to 2008-07-01  ))))))))))))))))))))))))))))))).2008-07-01 21:48 . 1999-10-21 11:12	20,400	--a------	C:\WINDOWS\system32\drivers\entech.sys2008-07-01 21:47 . 2008-07-01 21:48	<DIR>	d--------	C:\Program Files\AquaMark32008-07-01 20:56 . 2008-07-01 22:39	49	--a------	C:\WINDOWS\transp.gif2008-07-01 15:14 . 2008-07-01 15:14	<DIR>	d--------	C:\Program Files\Avira2008-07-01 15:14 . 2008-07-01 15:14	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Avira2008-07-01 14:48 . 2008-07-01 22:39	153	--a------	C:\WINDOWS\ODBC.INI2008-07-01 14:36 . 2008-07-01 14:36	<DIR>	d--------	C:\Program Files\Common Files\Agnitum Shared2008-07-01 14:36 . 2008-07-01 14:36	<DIR>	d--------	C:\Program Files\Agnitum2008-07-01 13:44 . 2008-07-01 14:28	<DIR>	d--------	C:\Program Files\Netscape2008-07-01 13:44 . 2008-07-01 13:44	<DIR>	d--------	C:\Documents and Settings\dorsz\Dane aplikacji\Netscape2008-07-01 00:33 . 2008-07-01 00:33	86,528	--a------	C:\WINDOWS\system32\enxweldx.VIR2008-07-01 00:31 . 2008-07-01 00:31	94,208	--a------	C:\WINDOWS\system32\oopobels.VIR2008-07-01 00:30 . 2008-07-01 00:30	284,672	--a------	C:\WINDOWS\system32\jkkLEXQg.VIR2008-07-01 00:27 . 2008-07-01 00:27	687,592	--a------	C:\WINDOWS\system32\atmtd.dll._2008-07-01 00:27 . 2008-07-01 00:27	687,592	--a------	C:\WINDOWS\system32\atmtd.dll2008-07-01 00:26 . 2008-07-01 00:26	<DIR>	d--------	C:\Temp\syschk32008-07-01 00:26 . 2008-07-01 00:26	152,212	--a------	C:\Temp\asxuk5.exe2008-07-01 00:26 . 2008-07-01 00:26	34,304	--a------	C:\WINDOWS\system32\geBuRIYq.VIR2008-06-30 22:28 . 2008-06-30 22:28	<DIR>	d--------	C:\Documents and Settings\dorsz\Dane aplikacji\VSRevoGroup2008-06-30 21:51 . 2008-06-30 21:51	401,972	--a------	C:\WINDOWS\system32\g44.VIR2008-06-30 21:50 . 2008-06-30 21:50	150,096	--a------	C:\WINDOWS\system32\ssqOFYQi.dll2008-06-30 21:44 . 2008-06-30 22:05	474	---hs----	C:\WINDOWS\system32\pdggsefa.ini2008-06-30 21:42 . 2008-07-01 00:26	35,840	--a------	C:\Documents and Settings\dorsz\services.exe2008-06-30 20:43 . 2008-06-30 20:43	86,528	--a------	C:\WINDOWS\system32\afesggdp.VIR2008-06-30 19:41 . 2008-06-30 19:41	294	---hs----	C:\WINDOWS\system32\lcrdqnns.ini2008-06-30 18:47 . 2008-07-01 03:24	<DIR>	d--------	C:\SDFix2008-06-30 18:37 . 2008-06-30 18:37	<DIR>	d--------	C:\Program Files\Trend Micro2008-06-30 17:50 . 2008-06-30 17:50	<DIR>	d--------	C:\Program Files\VS Revo Group2008-06-30 12:05 . 2008-06-30 12:05	147,456	--a------	C:\WINDOWS\system32\vbzip10.dll2008-06-30 12:03 . 2008-06-30 12:03	223,076	--a------	C:\WINDOWS\ism611.exe2008-06-30 12:03 . 2008-06-30 12:03	178,616	--a------	C:\WINDOWS\plate611.exe2008-06-30 12:02 . 2008-07-01 17:32	<DIR>	d--------	C:\WINDOWS\system32\vi2008-06-30 12:02 . 2008-07-01 17:32	<DIR>	d--------	C:\WINDOWS\system32\gI52008-06-30 12:01 . 2008-06-30 12:01	<DIR>	d--------	C:\WINDOWS\system32\modtrux182008-06-30 12:01 . 2008-07-01 22:35	<DIR>	d--------	C:\Temp2008-06-30 12:01 . 2008-06-27 18:38	53,248	---hs----	C:\Documents and Settings\dorsz\winlogon.exe2008-06-30 12:01 . 2008-06-30 12:01	34,304	--a------	C:\WINDOWS\system32\khfGaaXo.VIR2008-06-30 11:46 . 2008-06-30 12:38	<DIR>	d--------	C:\Program Files\BearShare2008-06-21 00:34 . 2008-06-21 00:34	<DIR>	d--h-----	C:\WINDOWS\PIF2008-06-20 16:41 . 2001-05-11 13:18	420,240	--a------	C:\WINDOWS\system32\mpg4c32.dll2008-06-20 16:41 . 2001-05-16 17:54	309,616	--a------	C:\WINDOWS\system32\wmv8dmod.dll2008-06-20 16:41 . 2001-03-26 04:41	245,760	--a------	C:\WINDOWS\system32\mp4sds32.ax2008-06-19 19:00 . 2008-07-01 20:16	<DIR>	d--------	C:\Program Files\Steam2008-06-19 17:20 . 2008-06-19 17:20	<DIR>	d--------	C:\Documents and Settings\dorsz\Dane aplikacji\DonationCoder2008-06-19 17:20 . 2008-06-19 17:20	58	--a------	C:\WINDOWS\system32\DonationCoder_ScreenshotCaptor_InstallInfo.dat2008-06-19 17:15 . 2008-06-30 18:04	<DIR>	d--------	C:\Program Files\ScreenshotCaptor2008-06-19 17:15 . 2008-06-19 17:15	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\DonationCoder2008-06-18 23:49 . 2008-06-18 23:49	<DIR>	d--------	C:\Program Files\WinPcap2008-06-18 23:48 . 2008-06-30 22:23	<DIR>	d--------	C:\Program Files\RzK2008-06-18 21:28 . 2008-06-30 22:28	<DIR>	d--------	C:\Documents and Settings\dorsz\Dane aplikacji\XnView2008-06-17 12:36 . 2008-06-17 12:36	<DIR>	d--------	C:\Program Files\Half-Life Model Viewer2008-06-10 17:15 . 2008-06-10 17:15	<DIR>	d--------	C:\Program Files\Ad Muncher2008-06-05 15:58 . 2008-06-05 15:58	<DIR>	d--------	C:\Program Files\Trust2008-06-05 15:45 . 2004-08-03 23:08	26,624	--a------	C:\WINDOWS\system32\drivers\usbehci.sys2008-06-05 15:45 . 2004-08-03 23:08	26,624	--a--c---	C:\WINDOWS\system32\dllcache\usbehci.sys2008-06-05 15:45 . 2004-08-04 00:44	7,168	--a------	C:\WINDOWS\system32\hccoin.dll2008-06-05 15:45 . 2004-08-04 00:44	7,168	--a--c---	C:\WINDOWS\system32\dllcache\hccoin.dll2008-06-05 15:41 . 2004-08-03 23:08	17,024	--a------	C:\WINDOWS\system32\drivers\usbohci.sys2008-06-05 15:41 . 2004-08-03 23:08	17,024	--a--c---	C:\WINDOWS\system32\dllcache\usbohci.sys.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-06-30 22:03	---------	d-----w	C:\Program Files\SMC2008-06-30 20:25	---------	d-----w	C:\Program Files\Huawei technologies2008-06-30 20:25	---------	d-----w	C:\Program Files\Common Files\InstallShield2008-06-30 20:24	---------	d--h--w	C:\Program Files\InstallShield Installation Information2008-06-22 11:38	---------	d-----w	C:\Program Files\Common Files\Adobe2008-05-25 19:02	73,216	----a-w	C:\WINDOWS\ST6UNST.EXE2008-05-25 19:02	249,856	------w	C:\WINDOWS\Setup1.exe2008-05-25 19:02	---------	d-----w	C:\Program Files\HLTooLz2008-05-24 21:15	---------	d-----w	C:\Documents and Settings\dorsz\Dane aplikacji\Dev-Cpp2008-05-22 12:30	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Prism2008-05-22 12:28	15,781	----a-w	C:\WINDOWS\system32\drivers\mdc8021x.sys2008-05-19 17:09	---------	d-----w	C:\Documents and Settings\dorsz\Dane aplikacji\gtk-2.02008-05-02 19:42	---------	d-----w	C:\Program Files\QuickTime2008-05-02 19:41	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer1995-05-26 09:57	81,968	----a-w	C:\Documents and Settings\dorsz\FTP.EXE1995-05-26 09:57	69,465	----a-w	C:\Documents and Settings\dorsz\NETSTAT.EXE1995-05-26 09:57	63,904	----a-w	C:\Documents and Settings\dorsz\TCP32UI.DLL1995-05-26 09:57	60,551	----a-w	C:\Documents and Settings\dorsz\ARP.EXE1995-05-26 09:57	6,960	----a-w	C:\Documents and Settings\dorsz\WSASRV.EXE1995-05-26 09:57	58,307	----a-w	C:\Documents and Settings\dorsz\PING.EXE1995-05-26 09:57	57,703	----a-w	C:\Documents and Settings\dorsz\ROUTE.EXE1995-05-26 09:57	57,216	----a-w	C:\Documents and Settings\dorsz\TELNET.EXE1995-05-26 09:57	55,277	----a-w	C:\Documents and Settings\dorsz\TRACERT.EXE1995-05-26 09:57	42,195	----a-w	C:\Documents and Settings\dorsz\IPCONFIG.EXE1995-05-26 09:57	41,440	----a-w	C:\Documents and Settings\dorsz\WINSOCK.DLL1995-05-26 09:57	33,227	----a-w	C:\Documents and Settings\dorsz\NBTSTAT.EXE2008-01-02 22:02	16,384	--sha-w	C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat2008-01-02 22:02	32,768	--sha-w	C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat2008-01-02 22:02	32,768	--sha-w	C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008010220080103\index.dat2008-01-02 22:02	32,768	--sha-w	C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat.(((((((((((((((((((((((((((((   snapshot@2008-06-30_19.40.04.09   ))))))))))))))))))))))))))))))))))))))))).- 2008-06-30 17:34:29	2,048	--s-a-w	C:\WINDOWS\bootstat.dat+ 2008-07-01 20:39:29	2,048	--s-a-w	C:\WINDOWS\bootstat.dat- 2004-09-10 16:59:00	381,088	----a-r	C:\WINDOWS\system32\drivers\2862WICB.sys+ 2005-06-28 16:28:00	349,856	----a-w	C:\WINDOWS\system32\drivers\2862WICB.sys+ 2008-01-21 16:12:56	41,792	----a-w	C:\WINDOWS\system32\drivers\avgntdd.sys+ 2008-01-21 16:11:28	22,336	----a-w	C:\WINDOWS\system32\drivers\avgntmgr.sys+ 2008-03-04 11:28:53	79,424	----a-w	C:\WINDOWS\system32\drivers\avipbb.sys+ 2007-03-01 08:34:22	28,352	----a-w	C:\WINDOWS\system32\drivers\ssmdrv.sys- 2008-06-04 19:04:15	40,128	----a-w	C:\WINDOWS\system32\perfc009.dat+ 2008-06-30 22:10:05	40,128	----a-w	C:\WINDOWS\system32\perfc009.dat- 2008-06-04 19:04:15	49,712	----a-w	C:\WINDOWS\system32\perfc015.dat+ 2008-06-30 22:10:05	49,712	----a-w	C:\WINDOWS\system32\perfc015.dat- 2008-06-04 19:04:15	311,740	----a-w	C:\WINDOWS\system32\perfh009.dat+ 2008-06-30 22:10:05	311,740	----a-w	C:\WINDOWS\system32\perfh009.dat- 2008-06-04 19:04:15	355,830	----a-w	C:\WINDOWS\system32\perfh015.dat+ 2008-06-30 22:10:05	355,830	----a-w	C:\WINDOWS\system32\perfh015.dat.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68950839-2675-49E2-B6A5-442E0B0D1BA4}]			C:\WINDOWS\system32\khfGaaXo.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F67AF0EF-38ED-4BA7-8F62-84BAAB0C594E}]			C:\WINDOWS\system32\jkkLEXQg.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Windows Logon Applicationedc"="C:\Documents and Settings\dorsz\winlogon.exe" [2008-06-27 18:38 53248]"Ad Muncher"="C:\Program Files\Ad Muncher\AdMunch.exe" [2008-06-10 17:15 705024]"WheelMouse"="C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe" [2006-09-29 11:00 163840]"PRISMSVR.EXE"="C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g" [ ]"Outpost Firewall"="C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe" [2006-03-30 10:51 91648]"OutpostFeedBack"="C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe" [2006-05-11 12:05 356420]"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]"BM0f4da6aa"="C:\WINDOWS\system32\oopobels.dll" [ ][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:44 15360][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_2"="regsvr32" [][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoExpandedNewMenu"= 1 (0x1)[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]"{68950839-2675-49E2-B6A5-442E0B0D1BA4}"= C:\WINDOWS\system32\khfGaaXo.dll [ ][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfGaaXo]khfGaaXo.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=NVDESK32.DLL C:\PROGRA~1\Agnitum\OUTPOS~1.0\wl_hook.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux"= ctwdm32.dll"VIDC.YV12"= yv12vfw.dll[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk]path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnkbackup=C:\WINDOWS\pss\SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^dorsz^Menu Start^Programy^Autostart^Deewoo.lnk]path=C:\Documents and Settings\dorsz\Menu Start\Programy\Autostart\Deewoo.lnkbackup=C:\WINDOWS\pss\Deewoo.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\[u]0[/u]c7e9536]C:\WINDOWS\system32\enxweldx.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]C:\Program Files\Ares\Ares.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]C:\Program Files\BearShare\BearShare.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM0f4da6aa]C:\WINDOWS\system32\oopobels.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]C:\WINDOWS\system32\scntstdm.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Mechanic]C:\Program Files\Network Mechanic\netmch.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE]C:\Program Files\SMC\SMC2862W-G EZ Connect g 802.11g[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]C:\WINDOWS\mrofinu1000106.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{61a6fc92-a899-52df-0ac5-28c1973ff053}]C:\WINDOWS\system32\{177d912f-3d4f-6cb4-3b78-7638877d9726}.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{E9-95-59-99-DW}]c:\windows\system32\rwwnw64d.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"wuauserv"=2 (0x2)"wscsvc"=2 (0x2)"SharedAccess"=2 (0x2)"Schedule"=2 (0x2)"BthServ"=2 (0x2)[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"UpdatesDisableNotify"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Steam\\steamapps\\dorszu6\\counter-strike\\hl.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"=R1 VFILT;Outpost Firewall Kernel Driver;C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\2000\FILTNT.SYS [2006-03-30 10:53]R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\ADBLOCK.DLL [2006-03-30 10:53]R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\ARP.DLL [2006-03-30 10:53]R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\CONTENT.DLL [2006-03-30 10:53]R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\DNSCACHE.DLL [2006-03-30 10:53]R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\FTPFILT.DLL [2006-03-30 10:53]R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTMLFILT.DLL [2006-03-30 10:53]R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTTPFILT.DLL [2006-03-30 10:53]R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\IMAPFILT.DLL [2006-03-30 10:53]R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\MAILFILT.DLL [2006-03-30 10:53]R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\NNTPFILT.DLL [2006-03-30 10:53]R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\POP3FILT.DLL [2006-03-30 10:53]R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\PROTECT.DLL [2006-03-30 10:53]R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\SECRET.DLL [2006-03-30 10:53]R3 SMC2862W;SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter Driver;C:\WINDOWS\system32\DRIVERS\2862WICB.sys [2005-06-28 18:28]S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-06-29 02:01][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98c6ad50-21dc-11dd-874a-0004e2d78685}]\Shell\AutoRun\command - H:\AutoRun.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98c6ad52-21dc-11dd-874a-0004e2d78685}]\Shell\AutoRun\command - H:\AutoRun.exe.Contents of the 'Scheduled Tasks' folder"2008-06-17 14:25:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"- C:\Program Files\Apple Software Update\SoftwareUpdate.exe.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-01 22:40:19Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------PROCESS: C:\WINDOWS\system32\winlogon.exe-> C:\Documents and Settings\dorsz\winlogon.exePROCESS: C:\WINDOWS\explorer.exe-> C:\Program Files\Ad Muncher\AM27105.dll.------------------------ Other Running Processes ------------------------.C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\system32\netdde.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\devldr32.exeC:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.exeC:\Program Files\Common Files\Agnitum Shared\Aupdate\aupdrun.exe.**************************************************************************.Completion time: 2008-07-01 22:45:06 - machine was rebootedComboFix-quarantined-files.txt  2008-07-01 20:44:59ComboFix2.txt  2008-06-30 19:44:24Pre-Run: 3,892,731,904 bajtów wolnychPost-Run: 3,885,527,040 bajt˘w wolnych290

btw. to ze wskazesz mi kawałek logu mi nie pomoże ... moze coś dokładniej?? (do seby)

CatchMe
komentarz
komentarz

Otwórz notatnik i wklej:

File::C:\WINDOWS\transp.gifC:\WINDOWS\system32\jkkLEXQg.dllC:\WINDOWS\system32\enxweldx.VIRC:\WINDOWS\system32\oopobels.dllC:\WINDOWS\system32\oopobels.VIRC:\WINDOWS\system32\jkkLEXQg.VIRC:\WINDOWS\system32\jkkLEXQg.dllC:\WINDOWS\system32\atmtd.dll._C:\WINDOWS\system32\atmtd.dllC:\Temp\syschk3C:\Temp\asxuk5.exeC:\WINDOWS\system32\geBuRIYq.VIRC:\WINDOWS\system32\g44.VIRC:\WINDOWS\SYSTEM32\khfGaaXo.dllC:\WINDOWS\system32\ssqOFYQi.dllC:\WINDOWS\system32\pdggsefa.iniC:\Documents and Settings\dorsz\services.exeC:\WINDOWS\system32\afesggdp.VIRC:\WINDOWS\system32\lcrdqnns.iniC:\Documents and Settings\dorsz\winlogon.exeC:\WINDOWS\system32\khfGaaXo.VIRC:\WINDOWS\cGlvZG9y\command.exeC:\WINDOWS\system32\vbzip10.dllC:\WINDOWS\ism611.exeC:\WINDOWS\plate611.exeC:\WINDOWS\ST6UNST.EXEC:\WINDOWS\Setup1.exeC:\Documents and Settings\dorsz\FTP.EXEC:\Documents and Settings\dorsz\NETSTAT.EXEC:\Documents and Settings\dorsz\TCP32UI.DLLC:\Documents and Settings\dorsz\ARP.EXEC:\Documents and Settings\dorsz\WSASRV.EXEC:\Documents and Settings\dorsz\PING.EXEC:\Documents and Settings\dorsz\ROUTE.EXEC:\Documents and Settings\dorsz\TELNET.EXEC:\Documents and Settings\dorsz\TRACERT.EXEC:\Documents and Settings\dorsz\IPCONFIG.EXEC:\Documents and Settings\dorsz\WINSOCK.DLLC:\Documents and Settings\dorsz\NBTSTAT.EXEC:\WINDOWS\system32\perfc009.datC:\WINDOWS\system32\perfc009.datC:\WINDOWS\system32\perfc015.datC:\WINDOWS\system32\perfc015.datC:\WINDOWS\system32\perfh009.datC:\WINDOWS\system32\perfh009.datC:\WINDOWS\system32\perfh015.datC:\WINDOWS\system32\perfh015.datFolder::C:\WINDOWS\system32\viC:\WINDOWS\system32\gI5C:\WINDOWS\system32\modtrux18C:\TempC:\WINDOWS\cGlvZG9yC:\Documents and Settings\dorsz\Dane aplikacji\DonationCoderC:\WINDOWS\system32\DonationCoder_ScreenshotCaptor_InstallInfo.datC:\Documents and Settings\All Users\Dane aplikacji\DonationCoderC:\Program Files\WinPcapC:\Program Files\RzKRegistry::[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68950839-2675-49E2-B6A5-442E0B0D1BA4}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F67AF0EF-38ED-4BA7-8F62-84BAAB0C594E}][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfGaaXo][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\[u]0[/u]c7e9536][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM0f4da6aa][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Mechanic][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{61a6fc92-a899-52df-0ac5-28c1973ff053}][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{E9-95-59-99-DW}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98c6ad50-21dc-11dd-874a-0004e2d78685}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98c6ad52-21dc-11dd-874a-0004e2d78685}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Windows Logon Applicationedc"=-"BM0f4da6aa"=-[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]"{68950839-2675-49E2-B6A5-442E0B0D1BA4}"=-Driver::Command ServicecmdService

Zapisz jako CFScript.txt >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

88953CFScript-createdbyMiekiemoes.gif

Powinno rozpocząć się usuwanie.

W HijackThis usuń(zafixuj):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/O2 - BHO: (no name) - {68950839-2675-49E2-B6A5-442E0B0D1BA4} - C:\WINDOWS\system32\khfGaaXo.dllO2 - BHO: (no name) - {F67AF0EF-38ED-4BA7-8F62-84BAAB0C594E} - C:\WINDOWS\system32\jkkLEXQg.dll (file missing)O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\dorsz\winlogon.exeO4 - HKLM\..\Run: [bM0f4da6aa] Rundll32.exe "C:\WINDOWS\system32\oopobels.dll",sO20 - Winlogon Notify: khfGaaXo - C:\WINDOWS\SYSTEM32\khfGaaXo.dllO23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\cGlvZG9y\command.exe (file missing)

- Wrzuć dwa nowe logi.

piodor
komentarz
komentarz
ComboFix 08-06-20.4 - dorsz 2008-07-02  0:00:49.4 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.60 [GMT 2:00]Running from: C:\Documents and Settings\dorsz\Pulpit\ComboFix.exeCommand switches used :: C:\Documents and Settings\dorsz\Pulpit\CFScript.txt * Created a new restore point[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b]FILE ::C:\Documents and Settings\dorsz\ARP.EXEC:\Documents and Settings\dorsz\FTP.EXEC:\Documents and Settings\dorsz\IPCONFIG.EXEC:\Documents and Settings\dorsz\NBTSTAT.EXEC:\Documents and Settings\dorsz\NETSTAT.EXEC:\Documents and Settings\dorsz\PING.EXEC:\Documents and Settings\dorsz\ROUTE.EXEC:\Documents and Settings\dorsz\services.exeC:\Documents and Settings\dorsz\TCP32UI.DLLC:\Documents and Settings\dorsz\TELNET.EXEC:\Documents and Settings\dorsz\TRACERT.EXEC:\Documents and Settings\dorsz\winlogon.exeC:\Documents and Settings\dorsz\WINSOCK.DLLC:\Documents and Settings\dorsz\WSASRV.EXEC:\Temp\asxuk5.exeC:\Temp\syschk3C:\WINDOWS\cGlvZG9y\command.exeC:\WINDOWS\ism611.exeC:\WINDOWS\ODBC.INIC:\WINDOWS\plate611.exeC:\WINDOWS\Setup1.exeC:\WINDOWS\ST6UNST.EXEC:\WINDOWS\system32\afesggdp.VIRC:\WINDOWS\system32\atmtd.dllC:\WINDOWS\system32\atmtd.dll._C:\WINDOWS\system32\enxweldx.VIRC:\WINDOWS\system32\g44.VIRC:\WINDOWS\system32\geBuRIYq.VIRC:\WINDOWS\system32\jkkLEXQg.dllC:\WINDOWS\system32\jkkLEXQg.VIRC:\WINDOWS\SYSTEM32\khfGaaXo.dllC:\WINDOWS\system32\khfGaaXo.VIRC:\WINDOWS\system32\lcrdqnns.iniC:\WINDOWS\system32\oopobels.dllC:\WINDOWS\system32\oopobels.VIRC:\WINDOWS\system32\pdggsefa.iniC:\WINDOWS\system32\perfc009.datC:\WINDOWS\system32\perfc015.datC:\WINDOWS\system32\perfh009.datC:\WINDOWS\system32\perfh015.datC:\WINDOWS\system32\ssqOFYQi.dllC:\WINDOWS\system32\vbzip10.dllC:\WINDOWS\transp.gif.(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\dorsz\ARP.EXEC:\Documents and Settings\dorsz\Dane aplikacji\DonationCoderC:\Documents and Settings\dorsz\Dane aplikacji\DonationCoder\Keys\DonationCoder_ScreenshotCaptor_InstallInfo.datC:\Documents and Settings\dorsz\IPCONFIG.EXEC:\Documents and Settings\dorsz\NBTSTAT.EXEC:\Documents and Settings\dorsz\NETSTAT.EXEC:\Documents and Settings\dorsz\PING.EXEC:\Documents and Settings\dorsz\ROUTE.EXEC:\Documents and Settings\dorsz\services.exeC:\Documents and Settings\dorsz\TCP32UI.DLLC:\Documents and Settings\dorsz\TELNET.EXEC:\Documents and Settings\dorsz\TRACERT.EXEC:\Documents and Settings\dorsz\winlogon.exeC:\Documents and Settings\dorsz\WINSOCK.DLLC:\Documents and Settings\dorsz\WSASRV.EXEC:\TempC:\Temp\asxuk5.exeC:\Temp\syschk3\tdirp5.logC:\WINDOWS\ism611.exeC:\WINDOWS\ODBC.INIC:\WINDOWS\plate611.exeC:\WINDOWS\Setup1.exeC:\WINDOWS\ST6UNST.EXEC:\WINDOWS\system32\afesggdp.VIRC:\WINDOWS\system32\atmtd.dllC:\WINDOWS\system32\atmtd.dll._C:\WINDOWS\system32\DonationCoder_ScreenshotCaptor_InstallInfo.dat\C:\WINDOWS\system32\enxweldx.VIRC:\WINDOWS\system32\g44.VIRC:\WINDOWS\system32\geBuRIYq.VIRC:\WINDOWS\system32\gI5C:\WINDOWS\system32\jkkLEXQg.VIRC:\WINDOWS\system32\khfGaaXo.VIRC:\WINDOWS\system32\lcrdqnns.iniC:\WINDOWS\system32\modtrux18C:\WINDOWS\system32\modtrux18\modtrux182328.exeC:\WINDOWS\system32\oopobels.VIRC:\WINDOWS\system32\pdggsefa.iniC:\WINDOWS\system32\perfc009.datC:\WINDOWS\system32\perfc015.datC:\WINDOWS\system32\perfh009.datC:\WINDOWS\system32\perfh015.datC:\WINDOWS\system32\ssqOFYQi.dllC:\WINDOWS\system32\vbzip10.dllC:\WINDOWS\system32\viC:\WINDOWS\transp.gif.(((((((((((((((((((((((((((((((((((((((   Drivers/Services   ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_NPF(((((((((((((((((((((((((   Files Created from 2008-06-01 to 2008-07-01  ))))))))))))))))))))))))))))))).2008-07-01 21:48 . 1999-10-21 11:12	20,400	--a------	C:\WINDOWS\system32\drivers\entech.sys2008-07-01 21:47 . 2008-07-01 21:48	<DIR>	d--------	C:\Program Files\AquaMark32008-07-01 15:14 . 2008-07-01 15:14	<DIR>	d--------	C:\Program Files\Avira2008-07-01 15:14 . 2008-07-01 15:14	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Avira2008-07-01 14:36 . 2008-07-01 14:36	<DIR>	d--------	C:\Program Files\Common Files\Agnitum Shared2008-07-01 14:36 . 2008-07-01 14:36	<DIR>	d--------	C:\Program Files\Agnitum2008-07-01 13:44 . 2008-07-01 14:28	<DIR>	d--------	C:\Program Files\Netscape2008-07-01 13:44 . 2008-07-01 13:44	<DIR>	d--------	C:\Documents and Settings\dorsz\Dane aplikacji\Netscape2008-06-30 22:28 . 2008-06-30 22:28	<DIR>	d--------	C:\Documents and Settings\dorsz\Dane aplikacji\VSRevoGroup2008-06-30 18:47 . 2008-07-01 03:24	<DIR>	d--------	C:\SDFix2008-06-30 18:37 . 2008-06-30 18:37	<DIR>	d--------	C:\Program Files\Trend Micro2008-06-30 17:50 . 2008-06-30 17:50	<DIR>	d--------	C:\Program Files\VS Revo Group2008-06-30 11:46 . 2008-06-30 12:38	<DIR>	d--------	C:\Program Files\BearShare2008-06-21 00:34 . 2008-06-21 00:34	<DIR>	d--h-----	C:\WINDOWS\PIF2008-06-20 16:41 . 2001-05-11 13:18	420,240	--a------	C:\WINDOWS\system32\mpg4c32.dll2008-06-20 16:41 . 2001-05-16 17:54	309,616	--a------	C:\WINDOWS\system32\wmv8dmod.dll2008-06-20 16:41 . 2001-03-26 04:41	245,760	--a------	C:\WINDOWS\system32\mp4sds32.ax2008-06-19 19:00 . 2008-07-01 20:16	<DIR>	d--------	C:\Program Files\Steam2008-06-19 17:20 . 2008-06-19 17:20	58	--a------	C:\WINDOWS\system32\DonationCoder_ScreenshotCaptor_InstallInfo.dat2008-06-18 21:28 . 2008-06-30 22:28	<DIR>	d--------	C:\Documents and Settings\dorsz\Dane aplikacji\XnView2008-06-17 12:36 . 2008-06-17 12:36	<DIR>	d--------	C:\Program Files\Half-Life Model Viewer2008-06-10 17:15 . 2008-06-10 17:15	<DIR>	d--------	C:\Program Files\Ad Muncher2008-06-05 15:58 . 2008-06-05 15:58	<DIR>	d--------	C:\Program Files\Trust2008-06-05 15:45 . 2004-08-03 23:08	26,624	--a------	C:\WINDOWS\system32\drivers\usbehci.sys2008-06-05 15:45 . 2004-08-03 23:08	26,624	--a--c---	C:\WINDOWS\system32\dllcache\usbehci.sys2008-06-05 15:45 . 2004-08-04 00:44	7,168	--a------	C:\WINDOWS\system32\hccoin.dll2008-06-05 15:45 . 2004-08-04 00:44	7,168	--a--c---	C:\WINDOWS\system32\dllcache\hccoin.dll2008-06-05 15:41 . 2004-08-03 23:08	17,024	--a------	C:\WINDOWS\system32\drivers\usbohci.sys2008-06-05 15:41 . 2004-08-03 23:08	17,024	--a--c---	C:\WINDOWS\system32\dllcache\usbohci.sys.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-06-30 22:03	---------	d-----w	C:\Program Files\SMC2008-06-30 20:25	---------	d-----w	C:\Program Files\Common Files\InstallShield2008-06-30 20:24	---------	d--h--w	C:\Program Files\InstallShield Installation Information2008-06-22 11:38	---------	d-----w	C:\Program Files\Common Files\Adobe2008-05-25 19:02	---------	d-----w	C:\Program Files\HLTooLz2008-05-24 21:15	---------	d-----w	C:\Documents and Settings\dorsz\Dane aplikacji\Dev-Cpp2008-05-22 12:30	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Prism2008-05-22 12:28	15,781	----a-w	C:\WINDOWS\system32\drivers\mdc8021x.sys2008-05-19 17:09	---------	d-----w	C:\Documents and Settings\dorsz\Dane aplikacji\gtk-2.02008-05-02 19:42	---------	d-----w	C:\Program Files\QuickTime2008-05-02 19:41	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer2008-01-02 22:02	16,384	--sha-w	C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat2008-01-02 22:02	32,768	--sha-w	C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat2008-01-02 22:02	32,768	--sha-w	C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008010220080103\index.dat2008-01-02 22:02	32,768	--sha-w	C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat.(((((((((((((((((((((((((((((   snapshot@2008-06-30_19.40.04.09   ))))))))))))))))))))))))))))))))))))))))).- 2008-06-30 17:34:29	2,048	--s-a-w	C:\WINDOWS\bootstat.dat+ 2008-07-01 22:04:06	2,048	--s-a-w	C:\WINDOWS\bootstat.dat- 2004-09-10 16:59:00	381,088	----a-r	C:\WINDOWS\system32\drivers\2862WICB.sys+ 2005-06-28 16:28:00	349,856	----a-w	C:\WINDOWS\system32\drivers\2862WICB.sys+ 2008-01-21 16:12:56	41,792	----a-w	C:\WINDOWS\system32\drivers\avgntdd.sys+ 2008-01-21 16:11:28	22,336	----a-w	C:\WINDOWS\system32\drivers\avgntmgr.sys+ 2008-03-04 11:28:53	79,424	----a-w	C:\WINDOWS\system32\drivers\avipbb.sys+ 2007-03-01 08:34:22	28,352	----a-w	C:\WINDOWS\system32\drivers\ssmdrv.sys.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Ad Muncher"="C:\Program Files\Ad Muncher\AdMunch.exe" [2008-06-10 17:15 705024]"WheelMouse"="C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe" [2006-09-29 11:00 163840]"PRISMSVR.EXE"="C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g" [ ]"Outpost Firewall"="C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe" [2006-03-30 10:51 91648]"OutpostFeedBack"="C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe" [2006-05-11 12:05 356420]"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:44 15360][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_2"="regsvr32" [][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoExpandedNewMenu"= 1 (0x1)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=NVDESK32.DLL C:\PROGRA~1\Agnitum\OUTPOS~1.0\wl_hook.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux"= ctwdm32.dll"VIDC.YV12"= yv12vfw.dll[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk]path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnkbackup=C:\WINDOWS\pss\SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^dorsz^Menu Start^Programy^Autostart^Deewoo.lnk]path=C:\Documents and Settings\dorsz\Menu Start\Programy\Autostart\Deewoo.lnkbackup=C:\WINDOWS\pss\Deewoo.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]C:\Program Files\Ares\Ares.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]C:\Program Files\BearShare\BearShare.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE]C:\Program Files\SMC\SMC2862W-G EZ Connect g 802.11g[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"wuauserv"=2 (0x2)"wscsvc"=2 (0x2)"SharedAccess"=2 (0x2)"Schedule"=2 (0x2)"BthServ"=2 (0x2)[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"UpdatesDisableNotify"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Steam\\steamapps\\dorszu6\\counter-strike\\hl.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"=R1 VFILT;Outpost Firewall Kernel Driver;C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\2000\FILTNT.SYS [2006-03-30 10:53]R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\ADBLOCK.DLL [2006-03-30 10:53]R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\ARP.DLL [2006-03-30 10:53]R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\CONTENT.DLL [2006-03-30 10:53]R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\DNSCACHE.DLL [2006-03-30 10:53]R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\FTPFILT.DLL [2006-03-30 10:53]R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTMLFILT.DLL [2006-03-30 10:53]R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTTPFILT.DLL [2006-03-30 10:53]R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\IMAPFILT.DLL [2006-03-30 10:53]R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\MAILFILT.DLL [2006-03-30 10:53]R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\NNTPFILT.DLL [2006-03-30 10:53]R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\POP3FILT.DLL [2006-03-30 10:53]R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\PROTECT.DLL [2006-03-30 10:53]R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\SECRET.DLL [2006-03-30 10:53]R3 SMC2862W;SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter Driver;C:\WINDOWS\system32\DRIVERS\2862WICB.sys [2005-06-28 18:28].Contents of the 'Scheduled Tasks' folder"2008-06-17 14:25:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"- C:\Program Files\Apple Software Update\SoftwareUpdate.exe.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-02 00:04:55Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------PROCESS: C:\WINDOWS\explorer.exe-> C:\Program Files\Ad Muncher\AM27105.dll.------------------------ Other Running Processes ------------------------.C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\system32\netdde.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\devldr32.exeC:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.exeC:\Program Files\Common Files\Agnitum Shared\Aupdate\aupdrun.exe.**************************************************************************.Completion time: 2008-07-02  0:09:36 - machine was rebootedComboFix-quarantined-files.txt  2008-07-01 22:09:29ComboFix2.txt  2008-07-01 20:45:07ComboFix3.txt  2008-06-30 19:44:24Pre-Run: 4,002,725,888 bajtów wolnychPost-Run: 3,996,278,784 bajt˘w wolnych279
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:13:49, on 2008-07-02Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20661)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\system32\netdde.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\system32\nvsvc32.exeC:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exeC:\Program Files\Ad Muncher\AdMunch.exeC:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exeC:\WINDOWS\system32\devldr32.exeC:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.EXEC:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Gadu-Gadu\gg.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\notepad.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Program Files\Netscape\Navigator 9\navigator.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO4 - HKLM\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /btO4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exeO4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.EXE" /APPLYO4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitserviceO4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startupO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=3874QY78&id=menu_ie_frameO8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=3874QY78&id=menu_ie_imageO8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=3874QY78&id=menu_ie_linkO8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=3874QY78&id=menu_ie_excludeO8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=3874QY78&id=menu_ie_reportO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO20 - AppInit_DLLs: NVDESK32.DLL C:\PROGRA~1\Agnitum\OUTPOS~1.0\wl_hook.dllO23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeO23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: hpdj - Unknown owner - C:\DOCUME~1\dorsz\USTAWI~1\Temp\hpdj.exe (file missing)O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe--End of file - 6115 bytes
piodor
komentarz
komentarz

Na prawde dzięki za pomoc nie widziałem bardziej fachowej i aktywnej pomocy... Na prawde duży plus dla CatchMe

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.