lkey1991 utworzono 4 lipca 2008 utworzono 4 lipca 2008 http://www.forumpc.pl/index.php?showtopic=54989 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:04:18, on 2008-07-04Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\System32\RUNDLL32.EXEC:\WINDOWS\Mixer.exeC:\WINDOWS\System32\rundll32.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exeC:\WINDOWS\System32\ctfmon.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\System32\wuauclt.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Program Files\Internet Explorer\iexplore.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLLO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startupO4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBarO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAYO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO17 - HKLM\System\CCS\Services\Tcpip\..\{EE0D8201-3FA1-41B1-A122-965852B56192}: NameServer = 194.204.159.1 217.98.63.164O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeO23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe--End of file - 4130 bytes To jest chyba to do trzeba było zrobić .........
CatchMe komentarz 4 lipca 2008 komentarz 4 lipca 2008 Log czysty, poproszę o ComboFix. Zobacz: MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
lkey1991 komentarz 4 lipca 2008 Autor komentarz 4 lipca 2008 Oto log z ComboFix'a ComboFix 08-07-03.5 - familja 2008-07-04 14:32:25.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.1163 [GMT 2:00]Running from: C:\Documents and Settings\familja\Pulpit\ComboFix.exe * Created a new restore point[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\system32\setup.ini.((((((((((((((((((((((((( Files Created from 2008-06-04 to 2008-07-04 ))))))))))))))))))))))))))))))).2008-07-04 11:51 . 2008-07-04 11:51 <DIR> d-------- C:\Program Files\Trend Micro2008-07-03 16:32 . 2008-07-03 16:32 <DIR> d-------- C:\Documents and Settings\familja\Dane aplikacji\Gadu-Gadu2008-07-03 15:38 . 2008-07-03 15:38 <DIR> d-------- C:\Program Files\Gadu-Gadu2008-07-03 15:38 . 2008-07-03 15:39 <DIR> d-------- C:\Documents and Settings\familja\Gadu-Gadu2008-07-03 14:46 . 2008-07-03 14:46 <DIR> d-------- C:\Program Files\InstallShield Installation Information2008-07-03 14:35 . 2008-07-03 14:35 <DIR> d-------- C:\WINDOWS\Downloaded Installations2008-07-03 14:35 . 2008-07-03 14:35 <DIR> d-------- C:\Program Files\D-Tools2008-07-03 14:35 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys2008-07-03 14:35 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys2008-07-03 14:27 . 2008-07-03 14:27 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\AntiVir PersonalEdition Classic2008-07-03 14:25 . 2008-07-03 14:25 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy2008-07-03 12:45 . 2008-07-03 12:45 <DIR> d-------- C:\Program Files\Ashampoo2008-07-03 12:39 . 2008-07-03 12:39 <DIR> d-------- C:\Program Files\Alwil Software2008-07-03 12:37 . 2001-08-17 22:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys2008-07-03 12:35 . 2001-10-26 18:29 70,144 --a------ C:\WINDOWS\system32\usbui.dll2008-07-03 12:35 . 2002-09-20 18:18 57,856 --a------ C:\WINDOWS\system32\drivers\redbook.sys2008-07-03 12:34 . 2008-07-03 12:34 <DIR> dr-h----- C:\Documents and Settings\Default User\Ustawienia lokalne2008-07-03 12:34 . 2008-07-03 12:34 <DIR> d-------- C:\Documents and Settings\Default User\Ulubione2008-07-03 12:34 . 2008-07-03 11:42 <DIR> d--h----- C:\Documents and Settings\Default User\Szablony2008-07-03 12:34 . 2008-07-03 12:34 <DIR> d-------- C:\Documents and Settings\Default User\Pulpit2008-07-03 12:34 . 2008-07-03 12:34 <DIR> d-------- C:\Documents and Settings\Default User\Moje dokumenty2008-07-03 12:34 . 2008-07-03 12:34 <DIR> dr------- C:\Documents and Settings\Default User\Menu Start2008-07-03 12:34 . 2008-07-03 12:34 <DIR> dr-h----- C:\Documents and Settings\Default User\Dane aplikacji2008-07-03 12:34 . 2008-07-03 12:34 <DIR> d-------- C:\Documents and Settings\All Users\Ulubione2008-07-03 12:34 . 2008-07-03 12:34 <DIR> d--h----- C:\Documents and Settings\All Users\Szablony2008-07-03 12:34 . 2008-07-03 14:46 <DIR> d-------- C:\Documents and Settings\All Users\Pulpit2008-07-03 12:34 . 2008-07-03 11:46 <DIR> dr------- C:\Documents and Settings\All Users\Menu Start2008-07-03 12:34 . 2008-07-03 11:43 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty2008-07-03 12:34 . 2008-07-03 14:27 <DIR> dr-h----- C:\Documents and Settings\All Users\Dane aplikacji2008-07-03 12:31 . 2008-07-03 12:31 <DIR> d-------- C:\WINDOWS\system32\InsFiles2008-07-03 12:31 . 2008-07-03 12:31 <DIR> d-------- C:\Program Files\ZTE ZXDSL 8522008-07-03 12:30 . 2008-07-03 12:30 <DIR> d--hs---- C:\WINDOWS\ftpcache2008-07-03 12:14 . 2008-07-03 12:14 <DIR> d-------- C:\Program Files\PCI Audio Applications2008-07-03 12:14 . 1998-07-23 13:10 857,600 --a------ C:\WINDOWS\system32\ir41_32.ax2008-07-03 12:13 . 2008-07-03 12:13 <DIR> d-------- C:\Program Files\C-Media2008-07-03 12:13 . 2001-10-22 11:24 1,216,512 --a------ C:\WINDOWS\mixer.exe2008-07-03 12:13 . 2001-01-11 09:02 794,624 --a------ C:\WINDOWS\system32\Audio3D.dll2008-07-03 12:13 . 2001-01-11 09:02 794,624 --a------ C:\WINDOWS\system32\a3d.dll2008-07-03 12:13 . 2000-10-20 12:28 765,952 --a------ C:\WINDOWS\system\crlds3d.dll2008-07-03 12:13 . 2001-10-30 14:01 280,782 --a------ C:\WINDOWS\system32\drivers\cmaudio.sys2008-07-03 12:13 . 2001-10-22 11:01 122,880 --a------ C:\WINDOWS\cmuninst.exe2008-07-03 12:13 . 2001-10-22 11:02 122,880 --a------ C:\WINDOWS\cmuninst.dat2008-07-03 12:13 . 2001-10-16 11:00 28,672 --a------ C:\WINDOWS\system32\cmnprop.dll2008-07-03 12:13 . 2008-07-03 12:17 284 --a------ C:\WINDOWS\CMISETUP.INI2008-07-03 12:13 . 2008-07-03 12:17 26 --a------ C:\WINDOWS\CMCDPLAY.INI.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-07-03 12:37 --------- d-----w C:\Program Files\Common Files\InstallShield2008-07-03 11:28 --------- d-----w C:\Program Files\Avira2008-07-03 11:28 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Avira2008-07-03 11:09 --------- d-----w C:\Program Files\ZoneAlarmSB2008-07-03 11:08 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier2008-07-03 10:14 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll2008-07-03 10:14 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll2008-07-03 09:45 --------- d-----w C:\Program Files\microsoft frontpage2008-07-03 09:43 --------- d-----w C:\Program Files\Usługi online2001-01-11 07:02 794,624 ----a-w C:\WINDOWS\inf\OTHER\audio3d.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 18:05 13312]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-04-19 07:26 7700480]"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-04-19 07:26 86016]"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]"Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 14:57 3251800]"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]"nwiz"="nwiz.exe" [2007-04-19 07:26 1626112 C:\WINDOWS\system32\nwiz.exe]"C-Media Mixer"="Mixer.exe" [2001-10-22 11:24 1216512 C:\WINDOWS\mixer.exe]"AdslTaskBar"="stmctrl.dll" [2006-06-02 13:01 151552 C:\WINDOWS\system32\stmctrl.dll][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 18:05 13312]R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-05-16 01:20]R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2008-01-21 18:12]R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\System32\DRIVERS\stmatm.sys [2003-08-12 16:51]R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\System32\DRIVERS\torususb.sys [2006-05-25 17:28]S3 FXDrv32;FXDrv32;E:\FXDrv32.sys []*Newly Created Service* - CATCHME.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-04 14:33:00Windows 5.1.2600 Dodatek Service Pack. 1 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]"ImagePath"="\??\C:\DOCUME~1\familja\USTAWI~1\Temp\ASFWHide".--------------------- DLLs Loaded Under Running Processes ---------------------PROCESS: C:\WINDOWS\system32\lsass.exe-> C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll.Completion time: 2008-07-04 14:33:14ComboFix-quarantined-files.txt 2008-07-04 12:33:12Pre-Run: 46,075,584,512 bajtów wolnychPost-Run: 46,343,852,032 bajtów wolnych119
lkey1991 komentarz 4 lipca 2008 Autor komentarz 4 lipca 2008 czyli wszystko ok??? jak tak to dzieki za wszystko!!!!
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.