x-kom hosting

Critical

lkey1991
utworzono
utworzono

http://www.forumpc.pl/index.php?showtopic=54989

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:04:18, on 2008-07-04Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\System32\RUNDLL32.EXEC:\WINDOWS\Mixer.exeC:\WINDOWS\System32\rundll32.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exeC:\WINDOWS\System32\ctfmon.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\System32\wuauclt.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Program Files\Internet Explorer\iexplore.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLLO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startupO4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBarO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAYO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO17 - HKLM\System\CCS\Services\Tcpip\..\{EE0D8201-3FA1-41B1-A122-965852B56192}: NameServer = 194.204.159.1 217.98.63.164O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeO23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe--End of file - 4130 bytes

To jest chyba to do trzeba było zrobić .........

CatchMe
komentarz
komentarz

Log czysty, poproszę o ComboFix.

Zobacz:

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
lkey1991
komentarz
komentarz

Oto log z ComboFix'a

ComboFix 08-07-03.5 - familja 2008-07-04 14:32:25.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.1.1250.1.1045.18.1163 [GMT 2:00]Running from: C:\Documents and Settings\familja\Pulpit\ComboFix.exe * Created a new restore point[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\system32\setup.ini.(((((((((((((((((((((((((   Files Created from 2008-06-04 to 2008-07-04  ))))))))))))))))))))))))))))))).2008-07-04 11:51 . 2008-07-04 11:51	<DIR>	d--------	C:\Program Files\Trend Micro2008-07-03 16:32 . 2008-07-03 16:32	<DIR>	d--------	C:\Documents and Settings\familja\Dane aplikacji\Gadu-Gadu2008-07-03 15:38 . 2008-07-03 15:38	<DIR>	d--------	C:\Program Files\Gadu-Gadu2008-07-03 15:38 . 2008-07-03 15:39	<DIR>	d--------	C:\Documents and Settings\familja\Gadu-Gadu2008-07-03 14:46 . 2008-07-03 14:46	<DIR>	d--------	C:\Program Files\InstallShield Installation Information2008-07-03 14:35 . 2008-07-03 14:35	<DIR>	d--------	C:\WINDOWS\Downloaded Installations2008-07-03 14:35 . 2008-07-03 14:35	<DIR>	d--------	C:\Program Files\D-Tools2008-07-03 14:35 . 2004-08-22 16:31	155,136	--a------	C:\WINDOWS\system32\drivers\d347bus.sys2008-07-03 14:35 . 2004-08-22 16:31	5,248	--a------	C:\WINDOWS\system32\drivers\d347prt.sys2008-07-03 14:27 . 2008-07-03 14:27	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\AntiVir PersonalEdition Classic2008-07-03 14:25 . 2008-07-03 14:25	<DIR>	d--h-----	C:\WINDOWS\system32\GroupPolicy2008-07-03 12:45 . 2008-07-03 12:45	<DIR>	d--------	C:\Program Files\Ashampoo2008-07-03 12:39 . 2008-07-03 12:39	<DIR>	d--------	C:\Program Files\Alwil Software2008-07-03 12:37 . 2001-08-17 22:59	3,072	--a------	C:\WINDOWS\system32\drivers\audstub.sys2008-07-03 12:35 . 2001-10-26 18:29	70,144	--a------	C:\WINDOWS\system32\usbui.dll2008-07-03 12:35 . 2002-09-20 18:18	57,856	--a------	C:\WINDOWS\system32\drivers\redbook.sys2008-07-03 12:34 . 2008-07-03 12:34	<DIR>	dr-h-----	C:\Documents and Settings\Default User\Ustawienia lokalne2008-07-03 12:34 . 2008-07-03 12:34	<DIR>	d--------	C:\Documents and Settings\Default User\Ulubione2008-07-03 12:34 . 2008-07-03 11:42	<DIR>	d--h-----	C:\Documents and Settings\Default User\Szablony2008-07-03 12:34 . 2008-07-03 12:34	<DIR>	d--------	C:\Documents and Settings\Default User\Pulpit2008-07-03 12:34 . 2008-07-03 12:34	<DIR>	d--------	C:\Documents and Settings\Default User\Moje dokumenty2008-07-03 12:34 . 2008-07-03 12:34	<DIR>	dr-------	C:\Documents and Settings\Default User\Menu Start2008-07-03 12:34 . 2008-07-03 12:34	<DIR>	dr-h-----	C:\Documents and Settings\Default User\Dane aplikacji2008-07-03 12:34 . 2008-07-03 12:34	<DIR>	d--------	C:\Documents and Settings\All Users\Ulubione2008-07-03 12:34 . 2008-07-03 12:34	<DIR>	d--h-----	C:\Documents and Settings\All Users\Szablony2008-07-03 12:34 . 2008-07-03 14:46	<DIR>	d--------	C:\Documents and Settings\All Users\Pulpit2008-07-03 12:34 . 2008-07-03 11:46	<DIR>	dr-------	C:\Documents and Settings\All Users\Menu Start2008-07-03 12:34 . 2008-07-03 11:43	<DIR>	dr-------	C:\Documents and Settings\All Users\Dokumenty2008-07-03 12:34 . 2008-07-03 14:27	<DIR>	dr-h-----	C:\Documents and Settings\All Users\Dane aplikacji2008-07-03 12:31 . 2008-07-03 12:31	<DIR>	d--------	C:\WINDOWS\system32\InsFiles2008-07-03 12:31 . 2008-07-03 12:31	<DIR>	d--------	C:\Program Files\ZTE ZXDSL 8522008-07-03 12:30 . 2008-07-03 12:30	<DIR>	d--hs----	C:\WINDOWS\ftpcache2008-07-03 12:14 . 2008-07-03 12:14	<DIR>	d--------	C:\Program Files\PCI Audio Applications2008-07-03 12:14 . 1998-07-23 13:10	857,600	--a------	C:\WINDOWS\system32\ir41_32.ax2008-07-03 12:13 . 2008-07-03 12:13	<DIR>	d--------	C:\Program Files\C-Media2008-07-03 12:13 . 2001-10-22 11:24	1,216,512	--a------	C:\WINDOWS\mixer.exe2008-07-03 12:13 . 2001-01-11 09:02	794,624	--a------	C:\WINDOWS\system32\Audio3D.dll2008-07-03 12:13 . 2001-01-11 09:02	794,624	--a------	C:\WINDOWS\system32\a3d.dll2008-07-03 12:13 . 2000-10-20 12:28	765,952	--a------	C:\WINDOWS\system\crlds3d.dll2008-07-03 12:13 . 2001-10-30 14:01	280,782	--a------	C:\WINDOWS\system32\drivers\cmaudio.sys2008-07-03 12:13 . 2001-10-22 11:01	122,880	--a------	C:\WINDOWS\cmuninst.exe2008-07-03 12:13 . 2001-10-22 11:02	122,880	--a------	C:\WINDOWS\cmuninst.dat2008-07-03 12:13 . 2001-10-16 11:00	28,672	--a------	C:\WINDOWS\system32\cmnprop.dll2008-07-03 12:13 . 2008-07-03 12:17	284	--a------	C:\WINDOWS\CMISETUP.INI2008-07-03 12:13 . 2008-07-03 12:17	26	--a------	C:\WINDOWS\CMCDPLAY.INI.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-07-03 12:37	---------	d-----w	C:\Program Files\Common Files\InstallShield2008-07-03 11:28	---------	d-----w	C:\Program Files\Avira2008-07-03 11:28	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Avira2008-07-03 11:09	---------	d-----w	C:\Program Files\ZoneAlarmSB2008-07-03 11:08	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier2008-07-03 10:14	4,608	----a-w	C:\WINDOWS\system32\w95inf32.dll2008-07-03 10:14	2,272	----a-w	C:\WINDOWS\system32\w95inf16.dll2008-07-03 09:45	---------	d-----w	C:\Program Files\microsoft frontpage2008-07-03 09:43	---------	d-----w	C:\Program Files\Usługi online2001-01-11 07:02	794,624	----a-w	C:\WINDOWS\inf\OTHER\audio3d.dll.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 18:05 13312]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-04-19 07:26 7700480]"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-04-19 07:26 86016]"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]"Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 14:57 3251800]"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]"nwiz"="nwiz.exe" [2007-04-19 07:26 1626112 C:\WINDOWS\system32\nwiz.exe]"C-Media Mixer"="Mixer.exe" [2001-10-22 11:24 1216512 C:\WINDOWS\mixer.exe]"AdslTaskBar"="stmctrl.dll" [2006-06-02 13:01 151552 C:\WINDOWS\system32\stmctrl.dll][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 18:05 13312]R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-05-16 01:20]R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2008-01-21 18:12]R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\System32\DRIVERS\stmatm.sys [2003-08-12 16:51]R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\System32\DRIVERS\torususb.sys [2006-05-25 17:28]S3 FXDrv32;FXDrv32;E:\FXDrv32.sys []*Newly Created Service* - CATCHME.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-04 14:33:00Windows 5.1.2600 Dodatek Service Pack. 1 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]"ImagePath"="\??\C:\DOCUME~1\familja\USTAWI~1\Temp\ASFWHide".--------------------- DLLs Loaded Under Running Processes ---------------------PROCESS: C:\WINDOWS\system32\lsass.exe-> C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll.Completion time: 2008-07-04 14:33:14ComboFix-quarantined-files.txt  2008-07-04 12:33:12Pre-Run: 46,075,584,512 bajtów wolnychPost-Run: 46,343,852,032 bajtów wolnych119
CatchMe
komentarz
komentarz

Czysty.

lkey1991
komentarz
komentarz

czyli wszystko ok??? jak tak to dzieki za wszystko!!!!

CatchMe
komentarz
komentarz

Wszystko ok.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.