Etro utworzono 17 sierpnia 2008 utworzono 17 sierpnia 2008 Mój problem opisałem tu: http://www.forumpc.pl/index.php?showtopic=61363 a to logi z HijackThis. Prosze o sprawdzenie. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:09:01, on 2008-08-17Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:H:\WINDOWS\System32\smss.exeH:\WINDOWS\system32\winlogon.exeH:\WINDOWS\system32\services.exeH:\WINDOWS\system32\lsass.exeH:\WINDOWS\system32\Ati2evxx.exeH:\WINDOWS\system32\svchost.exeH:\WINDOWS\System32\svchost.exeH:\WINDOWS\system32\Ati2evxx.exeI:\avast\aswUpdSv.exeI:\avast\ashServ.exeH:\WINDOWS\Explorer.EXEH:\WINDOWS\system32\spoolsv.exeH:\Program Files\Common Files\LightScribe\LSSrvc.exeH:\WINDOWS\system32\PnkBstrA.exeH:\WINDOWS\system32\PSIService.exeH:\Program Files\Spyware Terminator\sp_rsser.exeH:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeH:\WINDOWS\system32\svchost.exeH:\WINDOWS\RTHDCPL.EXEH:\Program Files\Winamp\winampa.exeH:\Program Files\Common Files\InstallShield\UpdateService\issch.exeI:\avast\ashDisp.exeH:\WINDOWS\vsnpstd.exeH:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeH:\WINDOWS\system32\ctfmon.exeH:\Program Files\Gadu-Gadu\gg.exeH:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeH:\Program Files\DNA\btdna.exeH:\Program Files\RALINK\Common\RaUI.exeH:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeH:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeH:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exeH:\WINDOWS\system32\wscntfy.exeH:\Program Files\Maxthon2\Maxthon.exeI:\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=60327R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/en/index.php?rvs=hompag&d=79919275R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.infoR1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - H:\PROGRA~1\Crawler\Toolbar\ctbr.dllR3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - H:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLLO2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - H:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLLO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - H:\PROGRA~1\Crawler\Toolbar\ctbr.dllO2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - H:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLLO2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - H:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - I:\mega manager\MegaIEMn.dllO2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - H:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLLO3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - H:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLLO3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - H:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLLO3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - H:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO3 - Toolbar: Pasek &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - H:\PROGRA~1\Crawler\Toolbar\ctbr.dllO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [WinampAgent] H:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [iSUSPM Startup] H:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "H:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [avast!] I:\avast\ashDisp.exeO4 - HKLM\..\Run: [Corel Photo Downloader] rem H:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exeO4 - HKLM\..\Run: [snpstd] H:\WINDOWS\vsnpstd.exeO4 - HKLM\..\Run: [startCCC] "H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [TrojanScanner] H:\Trojan Remover\Trjscan.exe /bootO4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "H:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [LightScribe Control Panel] rem H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hiddenO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [GoD] rem "I:\GoD\GoD.exe" /trayO4 - HKCU\..\Run: [Avi Player] rem "H:\Program Files\Avi Player\AviPlayer.exe" hmwO4 - HKCU\..\Run: [bitTorrent DNA] "H:\Program Files\DNA\btdna.exe"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Ralink Wireless Utility.lnk = H:\Program Files\RALINK\Common\RaUI.exeO8 - Extra context menu item: Crawler Search - tbr:iemenuO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exeO16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://download.gamedesire.com/g_bin/pl/cards_2_0_0_77.cabO16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://download.gamedesire.com/g_bin/pl/boards_2_0_0_35.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - H:\PROGRA~1\Crawler\Toolbar\ctbr.dllO20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\avast\aswUpdSv.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exeO23 - Service: avast! Antivirus - ALWIL Software - I:\avast\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - I:\avast\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - I:\avast\ashWebSv.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: NBService - Nero AG - H:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exeO23 - Service: ProtexisLicensing - Unknown owner - H:\WINDOWS\system32\PSIService.exeO23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - H:\Program Files\Spyware Terminator\sp_rsser.exe--End of file - 9251 bytes //logi wstawiamy w tagi code a nie quote //vocativus
Mateusz J. komentarz 17 sierpnia 2008 komentarz 17 sierpnia 2008 Krok 1 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/en/index.php?rvs=hompag&d=79919275R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.infoR3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - H:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLLO2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - H:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLLO3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - H:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLLO4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User 'USŁUGA SIECIOWA')O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing) Uruchom HijackThis. Kliknij Do a system scan only. Zaznaczasz kwadraciki obok wpisów, które podałem wyżej. Kliknij Fix checked. Krok 2 Pobierz program ComboFix, ale nie uruchamiaj. Otwórz notatnik i wklej do niego: Folder::H:\Program Files\AskSBarH:\Program Files\MyGlobalSearch W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą CFScript.txt i zapisz go w tym katalogu co ściągnięty i zapisany został combofix Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt Tak jak na obrazku: Rozpocznie się usuwanie i powstanie log , który pokazujesz na forum. Krok 3 Tworzysz nowy log z HijackThis i pokazujesz go razem z logiem utworzonym w Kroku 2 Proponowałbym zmienić antywirusa. Jednak to Twoja decyzja co uważasz za lepsze.
Etro komentarz 17 sierpnia 2008 Autor komentarz 17 sierpnia 2008 Dzieki za szybką odpowiedź HijackThis: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:52:09, on 2008-08-17Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:H:\WINDOWS\System32\smss.exeH:\WINDOWS\system32\winlogon.exeH:\WINDOWS\system32\services.exeH:\WINDOWS\system32\lsass.exeH:\WINDOWS\system32\Ati2evxx.exeH:\WINDOWS\system32\svchost.exeH:\WINDOWS\System32\svchost.exeI:\avast\aswUpdSv.exeH:\WINDOWS\system32\Ati2evxx.exeI:\avast\ashServ.exeH:\WINDOWS\system32\spoolsv.exeH:\Program Files\Common Files\LightScribe\LSSrvc.exeH:\WINDOWS\system32\PnkBstrA.exeH:\WINDOWS\system32\PSIService.exeH:\Program Files\Spyware Terminator\sp_rsser.exeH:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeH:\WINDOWS\system32\svchost.exeI:\avast\ashMaiSv.exeI:\avast\ashWebSv.exeH:\WINDOWS\RTHDCPL.EXEH:\Program Files\Winamp\winampa.exeH:\Program Files\Common Files\InstallShield\UpdateService\issch.exeH:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeH:\WINDOWS\system32\ctfmon.exeH:\Program Files\Gadu-Gadu\gg.exeH:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeH:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeH:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeH:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exeH:\Program Files\DNA\btdna.exeH:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeH:\WINDOWS\system32\wuauclt.exeH:\WINDOWS\explorer.exeH:\WINDOWS\system32\notepad.exeH:\Program Files\Maxthon2\Maxthon.exeI:\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - H:\PROGRA~1\Crawler\Toolbar\ctbr.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - H:\PROGRA~1\Crawler\Toolbar\ctbr.dllO2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - H:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - I:\mega manager\MegaIEMn.dllO3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - H:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - H:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO3 - Toolbar: Pasek &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - H:\PROGRA~1\Crawler\Toolbar\ctbr.dllO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [WinampAgent] H:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [iSUSPM Startup] H:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "H:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [Corel Photo Downloader] rem H:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exeO4 - HKLM\..\Run: [snpstd] H:\WINDOWS\vsnpstd.exeO4 - HKLM\..\Run: [startCCC] "H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [TrojanScanner] H:\Trojan Remover\Trjscan.exe /bootO4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "H:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [LightScribe Control Panel] rem H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hiddenO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [GoD] rem "I:\GoD\GoD.exe" /trayO4 - HKCU\..\Run: [Avi Player] rem "H:\Program Files\Avi Player\AviPlayer.exe" hmwO4 - HKCU\..\Run: [bitTorrent DNA] "H:\Program Files\DNA\btdna.exe"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Ralink Wireless Utility.lnk = H:\Program Files\RALINK\Common\RaUI.exeO8 - Extra context menu item: Crawler Search - tbr:iemenuO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exeO16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://download.gamedesire.com/g_bin/pl/cards_2_0_0_77.cabO16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://download.gamedesire.com/g_bin/pl/boards_2_0_0_35.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - H:\PROGRA~1\Crawler\Toolbar\ctbr.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\avast\aswUpdSv.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exeO23 - Service: avast! Antivirus - ALWIL Software - I:\avast\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - I:\avast\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - I:\avast\ashWebSv.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: NBService - Nero AG - H:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exeO23 - Service: ProtexisLicensing - Unknown owner - H:\WINDOWS\system32\PSIService.exeO23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - H:\Program Files\Spyware Terminator\sp_rsser.exe--End of file - 7812 bytes Combo fix: ComboFix 08-08-17.01 - Administrator 2008-08-17 22:45:11.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2564 [GMT 2:00]Running from: I:\ComboFix.exeCommand switches used :: I:\CFScript.txt * Created a new restore point[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).H:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txtH:\Documents and Settings\Administrator\Cookies\administrator@a.amd[1].txtH:\Documents and Settings\Administrator\Cookies\administrator@ehg-ci.hitbox[2].txtH:\Documents and Settings\Administrator\Cookies\administrator@ehg-upcchellomedia.hitbox[2].txtH:\Documents and Settings\Administrator\Cookies\administrator@groteska[2].txtH:\Documents and Settings\Administrator\Cookies\administrator@nuggad[1].txtH:\Documents and Settings\Administrator\Cookies\administrator@onet[2].txtH:\Documents and Settings\Administrator\Cookies\administrator@pclab[1].txtH:\Documents and Settings\Administrator\Cookies\administrator@revsci[1].txtH:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[2].txtH:\Documents and Settings\Administrator\Cookies\administrator@www.forumpc[1].txtH:\Documents and Settings\Administrator\Cookies\administrator@www.stat.chh[1].txtH:\Documents and Settings\Administrator\Menu Start\Programy\Download programs.urlH:\Documents and Settings\Administrator\Menu Start\Programy\Games.urlH:\Documents and Settings\Administrator\Menu Start\Programy\Translator.urlH:\Documents and Settings\Administrator\Menu Start\Programy\Videos.urlH:\Documents and Settings\Administrator\Ulubione\Download programs.urlH:\Documents and Settings\Administrator\Ulubione\Games.urlH:\Documents and Settings\Administrator\Ulubione\Translator.urlH:\Documents and Settings\Administrator\Ulubione\Videos.urlH:\Documents and Settings\Administrator\UserDataH:\Documents and Settings\Administrator\UserData\[u]0[/u]1E74HY3\sn[1].xmlH:\Documents and Settings\Administrator\UserData\index.datH:\Program Files\AskSBarH:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JARH:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFESTH:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXEH:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JARH:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFESTH:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLLH:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLLH:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLLH:\Program Files\AskSBar\bar\1.bin\V2RSSMNU.DLLH:\Program Files\AskSBar\bar\Cache\[u]0[/u]156D84FH:\Program Files\AskSBar\bar\Cache\[u]0[/u]156DC27H:\Program Files\AskSBar\bar\Cache\[u]0[/u]156DDFC.binH:\Program Files\AskSBar\bar\Cache\[u]0[/u]156DFB2.binH:\Program Files\AskSBar\bar\Cache\[u]0[/u]156E177.binH:\Program Files\AskSBar\bar\Cache\[u]0[/u]156E31D.binH:\Program Files\AskSBar\bar\Cache\[u]0[/u]156E4D2.binH:\Program Files\AskSBar\bar\Cache\[u]0[/u]156E6B7.binH:\Program Files\AskSBar\bar\Cache\files.iniH:\Program Files\AskSBar\bar\History\search2H:\Program Files\AskSBar\bar\Settings\prevcfg2.htmH:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLLH:\Program Files\myglobalsearchH:\Program Files\MyGlobalSearch\bar\1.bin\M9FFXTBR.JARH:\Program Files\MyGlobalSearch\bar\1.bin\M9FFXTBR.MANIFESTH:\Program Files\MyGlobalSearch\bar\1.bin\M9NTSTBR.JARH:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFESTH:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLLH:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLLH:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]13B7524H:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]13B78ECH:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]13B7A35.binH:\Program Files\MyGlobalSearch\bar\Cache\[u]0[/u]13B7C38.binH:\Program Files\MyGlobalSearch\bar\Cache\[u]0[/u]13B89A6.binH:\Program Files\myglobalsearch\bar\Cache\files.iniH:\Program Files\myglobalsearch\bar\History\searchH:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm.((((((((((((((((((((((((( Files Created from 2008-07-17 to 2008-08-17 ))))))))))))))))))))))))))))))).2008-11-16 12:15 . 2008-08-12 18:24 <DIR> d-------- H:\Program Files\ATI Technologies2008-11-16 12:15 . 2008-05-15 03:37 3,107,788 -ra------ H:\WINDOWS\system32\ativvaxx.dat2008-11-16 12:15 . 2008-05-15 03:37 3,107,788 -ra------ H:\WINDOWS\system32\ativva5x.dat2008-11-16 12:15 . 2008-05-15 03:37 887,724 -ra------ H:\WINDOWS\system32\ativva6x.dat2008-11-16 12:15 . 2008-05-15 03:57 307,200 -ra------ H:\WINDOWS\system32\atiiiexx.dll2008-11-16 12:15 . 2007-08-31 15:20 7,167 -ra------ H:\WINDOWS\system32\atifglpf.xml2008-11-16 12:03 . 2008-08-12 18:14 10 --a------ H:\WINDOWS\WININIT.INI2008-11-16 00:11 . 2008-08-13 19:11 <DIR> d-------- H:\WINDOWS\system32\DllCache2008-11-16 00:11 . 2008-11-16 00:11 <DIR> d-------- H:\Program Files\MSXML 4.02008-11-15 21:54 . 2008-11-15 21:54 <DIR> d-------- H:\Program Files\Avi Player2008-11-15 21:54 . 2008-11-15 21:54 36 ---h----- H:\WINDOWS\system32\swk.ini2008-11-15 17:10 . 2007-04-02 08:37 546,304 --------- H:\WINDOWS\system32\DllCache\hhctrl.ocx2008-11-15 17:10 . 2008-06-14 20:01 273,024 --------- H:\WINDOWS\system32\drivers\bthport.sys2008-11-15 17:10 . 2008-06-14 20:01 273,024 --------- H:\WINDOWS\system32\DllCache\bthport.sys2008-11-15 17:08 . 2006-12-07 08:40 2,362,184 --------- H:\WINDOWS\system32\DllCache\wmvcore.dll2008-11-15 17:08 . 2008-05-08 14:28 202,752 --------- H:\WINDOWS\system32\DllCache\rmcast.sys2008-11-15 16:53 . 2008-07-29 18:23 998 --a------ H:\WINDOWS\unins001.dat2008-11-15 16:02 . 2008-07-20 17:35 <DIR> d-------- H:\Program Files\Maxthon22008-11-15 16:02 . 2008-08-17 22:46 <DIR> d-------- H:\Documents and Settings\Administrator\Dane aplikacji\MxBoost2008-11-15 13:53 . 2008-11-15 14:14 <DIR> d-------- H:\WINDOWS\system32\Adobe2008-11-15 12:46 . 2008-11-15 12:46 <DIR> d-------- H:\Program Files\RALINK2008-11-15 12:46 . 2006-05-04 20:02 380,928 --a------ H:\WINDOWS\system32\drivers\rt61.sys2008-11-15 12:46 . 2005-12-15 11:38 315,392 --a------ H:\WINDOWS\system32\AegisI5.exe2008-11-15 12:46 . 2006-05-15 17:25 295,028 --a------ H:\WINDOWS\system32\Install6x.dll2008-11-15 12:46 . 2005-10-20 16:00 243,328 --a------ H:\WINDOWS\system32\drivers\RT2500.sys2008-11-15 12:46 . 2008-11-15 12:46 21,275 --a------ H:\WINDOWS\system32\drivers\AegisP.sys2008-11-15 12:46 . 2006-04-06 14:15 8,192 --a------ H:\WINDOWS\system32\drivers\RT2661.bin2008-11-15 12:46 . 2006-04-06 14:15 8,192 --a------ H:\WINDOWS\system32\drivers\RT2561s.bin2008-11-15 12:46 . 2006-04-06 14:15 8,192 --a------ H:\WINDOWS\system32\drivers\RT2561.bin2008-11-15 12:46 . 2006-03-10 16:33 78 --a------ H:\WINDOWS\filespec6x2008-11-15 10:03 . 2008-11-15 10:03 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\InstallShield2008-11-14 14:19 . 2008-11-14 14:19 <DIR> d-------- H:\Documents and Settings\Administrator\Dane aplikacji\ATI2008-11-14 13:50 . 2008-11-14 13:50 <DIR> d-------- H:\Documents and Settings\Administrator\Dane aplikacji\AdobeUM2008-11-14 13:45 . 2008-07-29 18:25 1,038 --a------ H:\WINDOWS\unins000.dat2008-11-14 13:38 . 2008-11-14 13:38 552 --a------ H:\WINDOWS\system32\d3d8caps.dat2008-11-14 13:02 . 2008-11-14 13:02 <DIR> d-------- H:\Documents and Settings\All Users\My Music2008-11-14 13:02 . 2008-11-14 13:02 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\Corel2008-11-14 13:02 . 2008-08-08 15:57 <DIR> d-------- H:\Documents and Settings\Administrator\Dane aplikacji\Corel2008-11-14 13:02 . 2008-08-08 15:57 2,672 --ahs---- H:\WINDOWS\system32\KGyGaAvL.sys2008-11-14 13:02 . 2008-11-14 13:02 8 -r-hs---- H:\WINDOWS\system32\6BBB19B5AD.sys2008-11-14 13:01 . 2008-11-14 13:01 <DIR> d-------- H:\Program Files\Corel2008-11-14 13:01 . 2008-11-14 13:02 <DIR> d-------- H:\Program Files\Common Files\Corel2008-08-17 22:47 . 2008-08-17 22:47 <DIR> d-------- H:\WINDOWS\system32\xircom2008-08-17 22:47 . 2008-08-17 22:47 <DIR> d-------- H:\Program Files\microsoft frontpage2008-08-14 23:03 . 2008-08-14 23:10 <DIR> d-------- H:\Program Files\Spyware Terminator2008-08-14 23:03 . 2008-08-14 23:03 <DIR> d-------- H:\Program Files\Crawler2008-08-14 23:03 . 2008-08-15 19:43 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator2008-08-14 23:03 . 2008-08-15 19:43 <DIR> d-------- H:\Documents and Settings\Administrator\Dane aplikacji\Spyware Terminator2008-08-14 23:03 . 2008-08-14 23:03 141,312 --a------ H:\WINDOWS\system32\drivers\sp_rsdrv2.sys2008-08-14 22:56 . 2008-08-14 22:56 <DIR> d-------- H:\Trojan Remover2008-08-14 22:56 . 2008-08-17 22:30 <DIR> d-a------ H:\Documents and Settings\All Users\Dane aplikacji\TEMP2008-08-14 22:56 . 2008-08-14 22:56 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software2008-08-14 22:56 . 2008-08-14 22:56 <DIR> d-------- H:\Documents and Settings\Administrator\Dane aplikacji\Simply Super Software2008-08-14 22:56 . 2006-05-25 15:52 162,304 --a------ H:\WINDOWS\system32\ztvunrar36.dll2008-08-14 22:56 . 2003-02-02 20:06 153,088 --a------ H:\WINDOWS\system32\UNRAR3.dll2008-08-14 22:56 . 2005-08-26 01:50 77,312 --a------ H:\WINDOWS\system32\ztvunace26.dll2008-08-14 22:56 . 2002-03-06 01:00 75,264 --a------ H:\WINDOWS\system32\unacev2.dll2008-08-14 22:56 . 2006-06-19 13:01 69,632 --a------ H:\WINDOWS\system32\ztvcabinet.dll2008-08-14 22:56 . 2008-08-14 22:56 0 --a------ H:\WINDOWS\control.ini2008-08-14 22:56 . 2008-08-14 22:56 0 --a------ H:\WINDOWS\ativpsrm.bin2008-08-14 13:48 . 2001-08-18 06:36 8,704 --a------ H:\WINDOWS\system32\kbdjpn.dll2008-08-14 13:48 . 2001-08-18 06:36 8,192 --a------ H:\WINDOWS\system32\kbdkor.dll2008-08-14 13:48 . 2001-08-17 22:55 6,144 --a------ H:\WINDOWS\system32\kbd106.dll2008-08-14 13:48 . 2001-08-17 22:55 6,144 --a------ H:\WINDOWS\system32\kbd101c.dll2008-08-14 13:48 . 2001-08-17 22:55 6,144 --a------ H:\WINDOWS\system32\kbd101b.dll2008-08-14 13:48 . 2001-08-17 22:55 5,632 --a------ H:\WINDOWS\system32\kbd103.dll2008-08-13 13:27 . 2008-04-11 20:41 683,520 --------- H:\WINDOWS\system32\DllCache\inetcomm.dll2008-08-13 13:27 . 2008-05-01 16:33 331,776 --------- H:\WINDOWS\system32\DllCache\msadce.dll2008-08-12 18:31 . 2008-08-12 18:31 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\ATI2008-08-12 18:20 . 2008-08-12 18:24 <DIR> d-------- H:\Program Files\Common Files\ATI Technologies2008-08-12 18:18 . 2008-05-14 21:05 593,920 --------- H:\WINDOWS\system32\ati2sgag.exe2008-08-12 18:18 . 2008-05-15 04:12 413,696 -ra------ H:\WINDOWS\system32\ATIDEMGX.dll2008-08-12 18:18 . 2008-04-28 23:09 172,033 -ra------ H:\WINDOWS\system32\atiicdxx.dat2008-08-12 18:18 . 2008-05-06 19:41 12,787 -ra------ H:\WINDOWS\atiogl.xml2008-08-12 13:01 . 2008-08-12 13:01 <DIR> d-------- H:\ATI2008-08-12 11:54 . 2008-08-12 11:54 <DIR> d-------- H:\WINDOWS\Nowy folder2008-08-11 08:27 . 2008-08-11 08:27 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\Ubisoft2008-08-11 08:27 . 2008-08-11 08:27 <DIR> d-------- H:\Documents and Settings\Administrator\Dane aplikacji\Ubisoft2008-08-11 08:03 . 2008-08-11 08:03 0 --a------ H:\WINDOWS\system32\cid_store.dat2008-08-08 14:45 . 2008-08-08 14:47 <DIR> d-------- H:\Documents and Settings\Administrator\Dane aplikacji\Summer Athletics 20082008-08-04 11:26 . 2008-08-04 11:26 2,560 --a------ H:\WINDOWS\_MSRSTRT.EXE2008-08-03 14:46 . 2008-08-03 14:46 50 --a------ H:\WINDOWS\MegaManager.INI2008-08-03 14:45 . 2008-08-03 14:45 <DIR> d-------- H:\Documents and Settings\Administrator\Dane aplikacji\Megaupload2008-08-03 14:44 . 2008-08-03 14:44 <DIR> d-------- H:\Documents and Settings\Administrator\Dane aplikacji\InstallShield2008-08-03 14:38 . 2008-08-03 14:38 <DIR> d-------- H:\Program Files\MegauploadToolbar2008-08-03 14:38 . 2008-08-09 13:52 <DIR> d-------- H:\Documents and Settings\Administrator\Dane aplikacji\MegauploadToolbar2008-07-29 23:08 . 2008-07-29 23:08 <DIR> d-------- H:\Program Files\Microsoft Silverlight2008-07-29 23:05 . 2008-07-29 23:08 <DIR> d-------- H:\Program Files\Microsoft SQL Server2008-07-29 23:00 . 2008-07-29 23:06 <DIR> d-------- H:\Program Files\Microsoft.NET2008-07-29 23:00 . 2008-07-29 23:01 <DIR> d-------- H:\Program Files\Common Files\Merge Modules2008-07-29 22:59 . 2008-07-29 22:59 <DIR> d-------- H:\Program Files\Microsoft SDKs2008-07-29 22:58 . 2008-07-29 22:58 <DIR> d-------- H:\WINDOWS\system32\XPSViewer2008-07-29 22:58 . 2008-07-29 22:58 <DIR> d-------- H:\Program Files\Reference Assemblies2008-07-29 22:58 . 2008-07-29 22:58 <DIR> d-------- H:\Program Files\MSBuild2008-07-29 22:58 . 2006-06-29 13:07 14,048 --------- H:\WINDOWS\system32\spmsg2.dll2008-07-29 22:56 . 2008-07-29 22:56 <DIR> d-------- H:\Program Files\MSXML 6.02008-07-29 20:22 . 2008-07-30 14:03 <DIR> d-------- H:\WINDOWS\SxsCaPendDel2008-07-29 14:06 . 2006-09-28 16:05 2,414,360 --a------ H:\WINDOWS\system32\d3dx9_31.dll2008-07-29 14:06 . 2006-09-28 16:05 237,848 --a------ H:\WINDOWS\system32\xactengine2_4.dll2008-07-29 14:06 . 2006-07-28 09:30 236,824 --a------ H:\WINDOWS\system32\xactengine2_3.dll2008-07-29 14:06 . 2006-07-28 09:30 62,744 --a------ H:\WINDOWS\system32\xinput1_2.dll2008-07-29 14:06 . 2007-03-05 12:42 15,128 --a------ H:\WINDOWS\system32\x3daudio1_1.dll2008-07-29 14:04 . 2008-07-29 14:04 <DIR> d-------- H:\WINDOWS\Logs2008-07-28 16:20 . 2008-07-29 23:03 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help2008-07-28 16:14 . 2008-07-28 16:14 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\LightScribe2008-07-27 10:25 . 2008-07-27 10:25 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\Azureus2008-07-27 10:25 . 2008-08-13 13:11 <DIR> d-------- H:\Documents and Settings\Administrator\Dane aplikacji\Azureus2008-07-26 14:06 . 2008-08-09 21:48 <DIR> d-------- H:\Documents and Settings\Administrator\Dane aplikacji\skypePM2008-07-26 14:06 . 2008-07-26 14:06 56 --ah----- H:\WINDOWS\system32\ezsidmv.dat2008-07-26 14:05 . 2008-07-26 14:05 <DIR> d-------- H:\Program Files\Common Files\Skype2008-07-26 13:10 . 2004-06-10 13:48 286,720 --a------ H:\WINDOWS\vsnpstd.exe2008-07-26 13:10 . 2004-05-06 11:22 53,248 --a------ H:\WINDOWS\system32\dsnpstd.dll2008-07-26 13:10 . 2002-07-03 11:44 53,248 --a------ H:\WINDOWS\amcap.exe2008-07-26 13:10 . 2003-01-17 17:34 15,541 --a------ H:\WINDOWS\snpstd.ini2008-07-26 13:10 . 2003-01-17 17:35 13,023 --a------ H:\WINDOWS\snpstd.src2008-07-26 13:09 . 2008-07-26 13:10 <DIR> d-------- H:\Program Files\Common Files\snpstd2008-07-26 13:09 . 2005-04-26 14:06 390,784 --a------ H:\WINDOWS\system32\drivers\snpstd.sys2008-07-26 13:09 . 2005-04-20 17:34 61,440 --a------ H:\WINDOWS\system32\rsnpstd.dll2008-07-26 13:09 . 2004-02-16 13:59 61,440 --a------ H:\WINDOWS\system32\csnpstd.dll2008-07-26 13:09 . 2005-04-20 17:16 36,864 --a------ H:\WINDOWS\system32\vsnpstd.dll2008-07-26 13:09 . 2005-04-20 16:57 36,864 --a------ H:\WINDOWS\system32\dsnpstd.ax2008-07-26 13:09 . 2005-02-01 19:29 20,480 --a------ H:\WINDOWS\usnpstd.exe2008-07-25 19:29 . 2008-07-25 19:29 <DIR> d-------- H:\Users2008-07-25 19:29 . 2008-08-14 14:17 26,533,888 --a------ H:\software2008-07-25 19:29 . 2008-08-14 14:17 4,775,936 --a------ H:\system.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-11-15 08:00 --------- d-----w H:\Program Files\Common Files\InstallShield2008-11-14 10:23 --------- d-----w H:\Program Files\Winamp2008-11-14 10:22 --------- d-----w H:\Program Files\MarBit2008-11-14 10:21 --------- d-----w H:\Program Files\Gadu-Gadu2008-11-14 10:10 --------- d-----w H:\Program Files\Common Files\LightScribe2008-11-14 10:09 --------- d-----w H:\Program Files\Common Files\Ahead2008-11-14 10:09 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\Ahead2008-11-14 10:07 --------- d-----w H:\Program Files\Nero2008-11-14 10:07 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\Nero2008-11-14 10:03 --------- d-----w H:\Program Files\Common Files\Adobe2008-11-14 09:57 --------- d-----w H:\Program Files\Attansic2008-11-14 09:53 315,392 ----a-w H:\WINDOWS\HideWin.exe2008-11-14 09:53 --------- d-----w H:\Program Files\Realtek2008-11-14 09:46 --------- d-----w H:\Program Files\Intel2008-11-14 09:40 --------- d-----w H:\Program Files\Usługi online2008-08-12 16:19 --------- d--h--w H:\Program Files\InstallShield Installation Information2008-08-09 20:35 --------- d-----w H:\Documents and Settings\Administrator\Dane aplikacji\Skype2008-08-04 09:27 --------- d-----w H:\Program Files\FlashGet2008-07-28 14:14 --------- d-----w H:\Documents and Settings\Administrator\Dane aplikacji\Ahead2008-07-26 12:05 --------- d-----w H:\Program Files\Skype2008-07-26 12:05 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\Skype2008-06-20 10:44 360,960 ----a-w H:\WINDOWS\system32\drivers\tcpip.sys2008-06-20 10:44 138,368 ----a-w H:\WINDOWS\system32\drivers\afd.sys2008-06-20 09:32 225,920 ----a-w H:\WINDOWS\system32\drivers\tcpip6.sys.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"LightScribe Control Panel"="rem" [X]"GoD"="rem" [X]"Avi Player"="rem" [X]"CTFMON.EXE"="H:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:44 15360]"Gadu-Gadu"="H:\Program Files\Gadu-Gadu\gg.exe" [2005-09-15 15:43 1712128]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 11:21 153136]"BitTorrent DNA"="H:\Program Files\DNA\btdna.exe" [2008-07-21 20:28 289088][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Corel Photo Downloader"="rem" [X]"NeroFilterCheck"="H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]"WinampAgent"="H:\Program Files\Winamp\winampa.exe" [2003-12-13 02:50 33792]"ISUSPM Startup"="H:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 13:41 196608]"ISUSScheduler"="H:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 07:07 69632]"snpstd"="H:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48 286720]"StartCCC"="H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]"TrojanScanner"="H:\Trojan Remover\Trjscan.exe" [2008-07-30 15:00 909904]"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16:49 16126464 H:\WINDOWS\RTHDCPL.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:44 15360]H:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk - H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696]Ralink Wireless Utility.lnk - H:\Program Files\RALINK\Common\RaUI.exe [2008-11-15 12:47:04 614400][HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="I:\\BearShare\\BearShare.exe"="H:\\Program Files\\DNA\\btdna.exe"="J:\\TrackMania Nations ESWC\\TmNationsESWC.exe"="J:\\Wolfenstein - Enemy Territory\\ET.exe"="H:\\Program Files\\Gadu-Gadu\\gg.exe"="I:\\Vuze\\Azureus.exe"="H:\\Program Files\\Skype\\Phone\\Skype.exe"="H:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"8461:TCP"= 8461:TCP:GoD High Port"8462:TCP"= 8462:TCP:GoD Low Port"4662:TCP"= 4662:TCP:TCP"4672:TCP"= 4672:TCP:UDPR0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);H:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 14:46]R1 aswSP;avast! Self Protection;H:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]R2 aswFsBlk;aswFsBlk;H:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;H:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 16:12]R3 AtiHdmiService;ATI Function Driver for HDMI Service;H:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-11-14 21:48]R3 usbstor;Sterownik magazynu masowego USB;H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 01:08][HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]"H:\Program Files\Common Files\LightScribe\LSRunOnce.exe".- - - - ORPHANS REMOVED - - - -URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - H:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-08-17 22:48:11Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.------------------------ Other Running Processes ------------------------.H:\WINDOWS\system32\ati2evxx.exeI:\avast\aswUpdSv.exeH:\WINDOWS\system32\ati2evxx.exeI:\avast\ashServ.exeH:\Program Files\Common Files\LightScribe\LSSrvc.exeH:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exeH:\WINDOWS\system32\PnkBstrA.exeH:\WINDOWS\system32\PSIService.exeH:\Program Files\Spyware Terminator\sp_rsser.exeH:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeH:\WINDOWS\system32\wdfmgr.exeI:\avast\ashMaiSv.exeI:\avast\ashWebSv.exeH:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeH:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeH:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeH:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe.**************************************************************************.Completion time: 2008-08-17 22:49:15 - machine was rebooted [Administrator]ComboFix-quarantined-files.txt 2008-08-17 20:49:12Pre-Run: 92,188,921,856 bajtów wolnychPost-Run: 93,612,908,544 bajt˘w wolnych316 --- E O F --- 2008-08-13 17:11:17
Gość komentarz 18 sierpnia 2008 komentarz 18 sierpnia 2008 Wg mnie - czysto. Usuń ręcznie folder C:\Qoobox, Usuń instalkę ComboFix z dysku. Wykonaj optymalizację autostartu Przeczyść komputer Ccleanerem Wyłącz i włącz przywracanie systemu na wszystkich dyskach.Instrukcja Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum. lub Dr.WEB CureIt!.
Etro komentarz 18 sierpnia 2008 Autor komentarz 18 sierpnia 2008 Zrobiłem te wszystkie rzeczy a to link do raportu raport
Mateusz J. komentarz 18 sierpnia 2008 komentarz 18 sierpnia 2008 Raport jest na Twoim komputerze tak go nie zobaczymy. Wklej raport na forum, tak jak to robiłeś z logami.
Etro komentarz 19 sierpnia 2008 Autor komentarz 19 sierpnia 2008 ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT 19 sierpień 2008 18:14:08 System operacyjny: Microsoft Windows XP Professional, Dodatek Service Pack 2 (Build 2600) Kaspersky Online Scanner wersja: 5.0.98.1 Ostatnia aktualizacja Kaspersky Anti-Virus19/08/2008 Liczba wpisów w bazie danych Kaspersky Anti-Virus1111013-------------------------------------------------------------------------------Ustawienia skanowania: Skanowanie przy użyciu następujących baz danych: rozszerzone Skanuj archiwa: tak Skanuj pocztowe bazy danych: takObszar skanowania - Mój komputer: A:\ C:\ E:\ F:\ G:\ H:\ I:\ J:\ L:\Statystyki skanowania: Liczba skanowanych obiektów: 56852 Liczba wykrytych wirusów: 1 Liczba zainfekowanych obiektów: 1 Liczba podejrzanych obiektów: 0 Czas trwania skanowania: 00:14:37Nazwa zainfekowanego obiektu / Nazwa wirusa / Ostatnie działanieH:\Documents and Settings\Administrator\Cookies\index.dat Object is locked pominiętyH:\Documents and Settings\Administrator\Dane aplikacji\MxBoost\data353.dat Object is locked pominiętyH:\Documents and Settings\Administrator\NTUSER.DAT Object is locked pominiętyH:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked pominiętyH:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Ahead\Nero Home\bl.db Object is locked pominiętyH:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Ahead\Nero Home\is2.db Object is locked pominiętyH:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Identities\{5D757171-C8C3-4E84-9C77-9310D663A634}\Microsoft\Outlook Express\Folders.dbx Object is locked pominiętyH:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Identities\{5D757171-C8C3-4E84-9C77-9310D663A634}\Microsoft\Outlook Express\Offline.dbx Object is locked pominiętyH:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominiętyH:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominiętyH:\Documents and Settings\Administrator\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominiętyH:\Documents and Settings\Administrator\Ustawienia lokalne\Historia\History.IE5\MSHist012008081920080820\index.dat Object is locked pominiętyH:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominiętyH:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat Object is locked pominiętyH:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat Object is locked pominiętyH:\Documents and Settings\LocalService\Cookies\index.dat Object is locked pominiętyH:\Documents and Settings\LocalService\NTUSER.DAT Object is locked pominiętyH:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked pominiętyH:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominiętyH:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominiętyH:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominiętyH:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominiętyH:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked pominiętyH:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked pominiętyH:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominiętyH:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominiętyH:\Documents and Settings\NetworkService\Ustawienia lokalne\Temp\Perflib_Perfdata_5a0.dat Object is locked pominiętyH:\Program Files\Maxthon2\SharedAccount\Data\history2.dat Object is locked pominiętyH:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked pominiętyH:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked pominiętyH:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked pominiętyH:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked pominiętyH:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked pominiętyH:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked pominiętyH:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked pominiętyH:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked pominiętyH:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked pominiętyH:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_54.trc Object is locked pominiętyH:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominiętyH:\System Volume Information\_restore{9040028F-9DFC-40AE-B3F8-944C18B7856A}\RP105\change.log Object is locked pominiętyH:\WINDOWS\Debug\PASSWD.LOG Object is locked pominiętyH:\WINDOWS\SchedLgU.Txt Object is locked pominiętyH:\WINDOWS\SoftwareDistribution\EventCache\{90F22B9F-9318-4AD5-B3D2-073BAD2F4D64}.bin Object is locked pominiętyH:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominiętyH:\WINDOWS\Sti_Trace.log Object is locked pominiętyH:\WINDOWS\system32\CatRoot2\edb.log Object is locked pominiętyH:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked pominiętyH:\WINDOWS\system32\config\ACEEvent.evt Object is locked pominiętyH:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominiętyH:\WINDOWS\system32\config\default Object is locked pominiętyH:\WINDOWS\system32\config\default.LOG Object is locked pominiętyH:\WINDOWS\system32\config\SAM Object is locked pominiętyH:\WINDOWS\system32\config\SAM.LOG Object is locked pominiętyH:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominiętyH:\WINDOWS\system32\config\SECURITY Object is locked pominiętyH:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominiętyH:\WINDOWS\system32\config\software Object is locked pominiętyH:\WINDOWS\system32\config\software.LOG Object is locked pominiętyH:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominiętyH:\WINDOWS\system32\config\system Object is locked pominiętyH:\WINDOWS\system32\config\system.LOG Object is locked pominiętyH:\WINDOWS\system32\h323log.txt Object is locked pominiętyH:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominiętyH:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominiętyH:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominiętyH:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominiętyH:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominiętyH:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominiętyH:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominiętyH:\WINDOWS\wiadebug.log Object is locked pominiętyH:\WINDOWS\wiaservc.log Object is locked pominiętyH:\WINDOWS\WindowsUpdate.log Object is locked pominiętyI:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominiętyI:\Trend Micro\HijackThis\backups\backup-20080817-224115-534.dll Zainfekowanych: not-a-virus:WebToolbar.Win32.MyWebSearch.dh pominiętyJ:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominiętyJ:\System Volume Information\_restore{9040028F-9DFC-40AE-B3F8-944C18B7856A}\RP105\change.log Object is locked pominiętyProces skanowania został zakończony.
Gość komentarz 19 sierpnia 2008 komentarz 19 sierpnia 2008 Pobierz ---> The Avenger Wklej do niego ten tekst: Files to delete:I:\Trend Micro\HijackThis\backups\backup-20080817-224115-534.dll Kopiujesz - Klikasz na Paste Script from Clipboard - Execute - Potwierdzasz i zgadzasz się na restart klikając OK. Po wykonaniu skasuj z dysku plik: C:\Avenger\backup.zip i wklej raport na forum C:\avenger.txt
Etro komentarz 19 sierpnia 2008 Autor komentarz 19 sierpnia 2008 Zrobione Logfile of The Avenger Version 2.0, © by Swandog46http://swandog46.geekstogo.comPlatform: Windows XP*******************Script file opened successfully.Script file read successfully.Backups directory opened successfully at H:\Avenger*******************Beginning to process script file:Rootkit scan active.No rootkits found!File "I:\Trend Micro\HijackThis\backups\backup-20080817-224115-534.dll" deleted successfully.Completed script processing.*******************Finished! Terminate.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.