x-kom hosting

You have a seciurity problem!

vuzi
utworzono
utworzono

Od niedawna wyskakuje mi ikonka na na pasku; "You have a seciurity problem!"

Wklejam logi z Hijack :

Logfile of HijackThis v1.99.1

Scan saved at 10:18:28, on 2008-09-14

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20627)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Documents and Settings\All Users\Dane aplikacji\xsvchghc\forafgvw.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

D:\Pobieranie\DAEMON Tools Lite\daemon.exe

C:\DOCUME~1\Adam\USTAWI~1\Temp\video1018.cfg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\vgzwlkxi.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\SAGEM WiFi manager\WLANUTL.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\DOCUME~1\Adam\USTAWI~1\Temp\c.exe

D:\Pobieranie\Opera\opera.exe

C:\DOCUME~1\Adam\USTAWI~1\Temp\Rar$EX00.390\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll

O2 - BHO: PC-Antispy Site Blocker Button - {60B244BE-559D-4269-B96E-CD264D828EC9} - C:\Program Files\PC-Antispy\ASpyStBlk.dll (file missing)

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Pobieranie\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [somefox] C:\DOCUME~1\Adam\USTAWI~1\Temp\video1018.cfg.exe

O4 - HKCU\..\Run: [DbWinInfo] C:\WINDOWS\system32\vgzwlkxi.exe

O4 - Global Startup: SAGEM Wi-Fi 11g USB adapter LAN Utility.lnk = ?

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Gość
komentarz
komentarz
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dllO2 - BHO: PC-Antispy Site Blocker Button - {60B244BE-559D-4269-B96E-CD264D828EC9} - C:\Program Files\PC-Antispy\ASpyStBlk.dll (file missing)O4 - HKCU\..\Run: [DbWinInfo] C:\WINDOWS\system32\vgzwlkxi.exeO4 - HKCU\..\Run: [somefox] C:\DOCUME~1\Adam\USTAWI~1\Temp\video1018.cfg.exe

Te w/w wpisy sfiksuj w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >>Fix checked

Pobierz ComboFix,ale nie uruchamiaj

Wklej do Notatnika

File::C:\WINDOWS\system32\msxml71.dllC:\WINDOWS\system32\vgzwlkxi.exeC:\DOCUME~1\Adam\USTAWI~1\Temp\video1018.cfg.exeFolder::C:\Program Files\PC-Antispy

>>Plik>>Zapisz jako... >>> CFScript

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

-->cfscriptb5b4me3.gif

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.

vuzi
komentarz
komentarz

Log z ComboFix:

ComboFix 08-09-13.05 - Adam 2008-09-14 13:50:14.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1571 [GMT 2:00]

Uruchomiony z: C:\Documents and Settings\Adam\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\Adam\Pulpit\CFScript.txt

* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\DOCUME~1\Adam\USTAWI~1\Temp\video1018.cfg.exe

C:\Program Files\Inet Delivery

C:\Program Files\Inet Delivery\inetdl.exe

C:\Program Files\Inet Delivery\intdel.exe

C:\Program Files\PC-Antispy

C:\Recycled\Recycled

C:\WINDOWS\a.bat

C:\WINDOWS\base64.tmp

C:\WINDOWS\bdn.com

C:\WINDOWS\FVProtect.exe

C:\WINDOWS\iTunesMusic.exe

C:\WINDOWS\mslagent

C:\WINDOWS\mslagent\2_mslagent.dll

C:\WINDOWS\mslagent\mslagent.exe

C:\WINDOWS\mslagent\uninstall.exe

C:\WINDOWS\mssecu.exe

C:\WINDOWS\system32\akttzn.exe

C:\WINDOWS\system32\anticipator.dll

C:\WINDOWS\system32\awtoolb.dll

C:\WINDOWS\system32\bdn.com

C:\WINDOWS\system32\blphc56ej0e1f9.scr

C:\WINDOWS\system32\bsva-egihsg52.exe

C:\WINDOWS\system32\dpcproxy.exe

C:\WINDOWS\system32\emesx.dll

C:\WINDOWS\system32\h@tkeysh@@k.dll

C:\WINDOWS\system32\hoproxy.dll

C:\WINDOWS\system32\hxiwlgpm.dat

C:\WINDOWS\system32\hxiwlgpm.exe

C:\WINDOWS\system32\lphc56ej0e1f9.exe

C:\WINDOWS\system32\medup012.dll

C:\WINDOWS\system32\medup020.dll

C:\WINDOWS\system32\msgp.exe

C:\WINDOWS\system32\msnbho.dll

C:\WINDOWS\system32\mssecu.exe

C:\WINDOWS\system32\msvchost.exe

C:\WINDOWS\system32\mtr2.exe

C:\WINDOWS\system32\mwin32.exe

C:\WINDOWS\system32\netode.exe

C:\WINDOWS\system32\newsd32.exe

C:\WINDOWS\system32\phc56ej0e1f9.bmp

C:\WINDOWS\system32\ps1.exe

C:\WINDOWS\system32\psof1.exe

C:\WINDOWS\system32\psoft1.exe

C:\WINDOWS\system32\regc64.dll

C:\WINDOWS\system32\regm64.dll

C:\WINDOWS\system32\Rundl1.exe

C:\WINDOWS\system32\smp

C:\WINDOWS\system32\smp\msrc.exe

C:\WINDOWS\system32\sncntr.exe

C:\WINDOWS\system32\ssurf022.dll

C:\WINDOWS\system32\ssvchost.com

C:\WINDOWS\system32\ssvchost.exe

C:\WINDOWS\system32\sysreq.exe

C:\WINDOWS\system32\taack.dat

C:\WINDOWS\system32\taack.exe

C:\WINDOWS\system32\temp#01.exe

C:\WINDOWS\system32\thun.dll

C:\WINDOWS\system32\thun32.dll

C:\WINDOWS\system32\VBIEWER.OCX

C:\WINDOWS\system32\vbsys2.dll

C:\WINDOWS\system32\vcatchpi.dll

C:\WINDOWS\system32\vgzwlkxi.exe

C:\WINDOWS\system32\winlogonpc.exe

C:\WINDOWS\system32\winsystem.exe

C:\WINDOWS\system32\WINWGPX.EXE

C:\WINDOWS\userconfig9x.dll

C:\WINDOWS\winsystem.exe

C:\WINDOWS\zip1.tmp

C:\WINDOWS\zip2.tmp

C:\WINDOWS\zip3.tmp

C:\WINDOWS\zipped.tmp

.

((((((((((((((((((((((((( Pliki utworzone od 2008-08-14 do 2008-09-14 )))))))))))))))))))))))))))))))

.

2008-09-13 20:54 . 2008-09-13 20:54 <DIR> d-------- C:\Documents and Settings\Adam\Phone Browser

2008-09-13 20:35 . 2008-09-13 20:35 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-09-13 19:22 . 2008-09-13 19:22 0 --ah----- C:\WINDOWS\.security

2008-09-13 19:16 . 2008-09-13 19:16 <DIR> d-------- C:\temp\{871ce3c5-6e97-3363-a174-3208198ce6fd}

2008-09-13 19:16 . 2008-09-13 20:38 <DIR> d-------- C:\temp

2008-09-13 19:16 . 2008-09-13 19:16 <DIR> d-------- C:\Program Files\SAV

2008-09-13 19:16 . 2008-09-13 19:16 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\xsvchghc

2008-09-10 19:44 . 2008-09-10 19:44 <DIR> d-------- C:\Program Files\Alwil Software

2008-09-08 17:36 . 2008-09-08 17:36 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2008-09-08 17:36 . 2008-09-08 19:21 <DIR> d-------- C:\Program Files\Wizard

2008-09-08 17:36 . 2008-09-08 17:36 <DIR> d-------- C:\Program Files\Common Files\grafa

2008-09-08 17:36 . 2008-09-08 17:36 <DIR> d-------- C:\Program Files\Common Files\Borland Shared

2008-09-07 15:16 . 2008-09-07 15:16 <DIR> d-------- C:\Program Files\K-Lite Codec Pack

2008-09-07 14:22 . 2008-09-07 14:22 <DIR> d-------- C:\Program Files\Vplayer

2008-09-07 14:22 . 2008-09-08 20:49 2,476 --a------ C:\WINDOWS\VPlayer.INI

2008-09-07 14:22 . 2008-09-08 20:49 88 --a------ C:\WINDOWS\VplayerINI.vpl

2008-09-06 19:57 . 2008-09-07 15:14 <DIR> d-------- C:\Program Files\AC3Filter

2008-09-05 16:47 . 2008-09-05 16:47 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\Gadu-Gadu

2008-09-05 16:17 . 2008-09-05 16:17 <DIR> d-------- C:\WINDOWS\ROSE Online Evolution

2008-09-02 16:43 . 2008-09-14 13:50 <DIR> dr-hs---- C:\Recycled

2008-09-01 15:25 . 2008-09-01 15:25 50 --a------ C:\WINDOWS\MegaManager.INI

2008-09-01 13:06 . 2008-09-01 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Megaupload

2008-09-01 13:06 . 2008-09-01 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\EmailNotifier

2008-09-01 13:06 . 2008-09-01 13:06 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\Megaupload

2008-09-01 13:06 . 2008-09-01 13:06 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\EmailNotifier

2008-08-26 20:24 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys

2008-08-26 20:23 . 2008-08-26 20:23 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-08-26 20:23 . 2008-08-26 20:23 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

2008-08-26 20:22 . 2008-08-26 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nokia

2008-08-26 20:18 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll

2008-08-26 20:18 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys

2008-08-26 20:18 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys

2008-08-26 20:18 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys

2008-08-26 20:18 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys

2008-08-26 20:17 . 2008-08-26 20:17 <DIR> d-------- C:\Program Files\Nokia

2008-08-26 20:17 . 2008-08-26 20:17 <DIR> d-------- C:\Program Files\MSXML 6.0

2008-08-26 20:17 . 2008-02-01 16:17 138,112 --a------ C:\WINDOWS\system32\drivers\nmwcdnsu.sys

2008-08-26 20:17 . 2008-02-01 16:17 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdnsuc.sys

2008-08-26 14:40 . 2008-08-26 14:40 <DIR> d-------- C:\Program Files\LucasArts

2008-08-26 14:30 . 2008-08-26 14:30 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe

2008-08-25 18:07 . 2008-08-25 18:07 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\Nokia Multimedia Player

2008-08-25 07:43 . 2008-08-25 07:43 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-08-25 07:42 . 2006-10-08 21:51 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-08-25 07:41 . 2008-08-25 07:41 <DIR> d-------- C:\Program Files\DIFX

2008-08-25 07:41 . 2008-08-25 07:41 <DIR> d-------- C:\Program Files\Common Files\PCSuite

2008-08-25 07:41 . 2008-08-26 20:17 <DIR> d-------- C:\Program Files\Common Files\Nokia

2008-08-25 07:41 . 2008-08-25 07:42 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite

2008-08-25 07:41 . 2008-08-25 07:41 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\PC Suite

2008-08-25 07:41 . 2008-08-26 20:25 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\Nokia

2008-08-25 07:40 . 2008-08-25 07:41 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-08-25 07:40 . 2008-08-25 07:40 <DIR> d-------- C:\Program Files\PC Connectivity Solution

2008-08-25 07:40 . 2008-08-26 20:17 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Installations

2008-08-25 07:40 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll

2008-08-25 07:40 . 2007-02-22 11:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys

2008-08-25 07:40 . 2008-05-07 07:38 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2008-08-25 07:40 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys

2008-08-25 07:40 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys

2008-08-25 07:40 . 2007-02-22 11:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys

2008-08-24 14:03 . 2008-08-24 14:03 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\DivX

2008-08-24 14:01 . 2008-09-13 20:33 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\Samsung

2008-08-24 14:00 . 2003-02-21 18:42 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2008-08-24 14:00 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll

2008-08-24 13:59 . 2008-09-14 09:23 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers

2008-08-24 13:59 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys

2008-08-24 13:59 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-08-24 13:57 . 2008-09-04 21:29 <DIR> d-------- C:\Program Files\Common Files\Adobe

2008-08-23 21:40 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-08-19 22:26 . 2008-09-07 15:14 <DIR> d-------- C:\Program Files\DivX

2008-08-19 22:19 . 2008-08-19 22:19 <DIR> d-------- C:\Program Files\The Playa

2008-08-19 22:19 . 2008-08-19 22:19 <DIR> d-------- C:\Program Files\DivXCodec

2008-08-19 22:11 . 2008-09-13 20:39 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-08-19 21:46 . 2008-08-19 21:46 <DIR> d-------- C:\Program Files\Common Files\LightScribe

2008-08-19 21:45 . 2008-08-26 14:30 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\Ahead

2008-08-19 21:43 . 2008-08-19 21:43 <DIR> d-------- C:\Program Files\Nero

2008-08-19 21:43 . 2008-08-19 21:46 <DIR> d-------- C:\Program Files\Common Files\Ahead

2008-08-19 21:43 . 2008-08-19 21:43 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero

2008-08-19 19:27 . 2003-07-21 05:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd

2008-08-19 19:27 . 2005-01-04 20:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys

2008-08-19 19:26 . 2008-08-19 19:26 <DIR> d-------- C:\Program Files\Common Files\INCA Shared

2008-08-18 18:25 . 2008-08-18 18:26 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\DVD Shrink

2008-08-17 15:17 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-13 18:54 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-08-17 13:18 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys

2008-08-17 13:18 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys

2008-08-01 07:54 --------- d-----w C:\Program Files\Common Files\EasyInfo

2008-08-01 07:07 --------- d-----w C:\Program Files\VDOTool

2008-08-01 06:51 90,112 ----a-w C:\WINDOWS\DUMP6457.tmp

2008-07-31 19:19 --------- d-----w C:\Program Files\MSI

2008-07-31 19:07 --------- d-----w C:\Program Files\Intel

2008-07-31 19:00 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-07-31 19:00 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-07-31 18:51 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-07-31 18:51 --------- d-----w C:\Documents and Settings\Adam\Dane aplikacji\DAEMON Tools

2008-07-31 18:25 --------- d-----w C:\Program Files\SAGEM WiFi manager

2008-07-31 18:24 --------- d-----w C:\Program Files\SAGEM

2008-07-31 12:17 --------- d-----w C:\Program Files\Windows Media Connect 2

2008-07-25 08:34 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-07-25 08:34 683,520 ----a-w C:\WINDOWS\system32\divx.dll

2008-07-25 08:34 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2008-07-25 08:34 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2008-07-25 08:34 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2008-07-25 08:34 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2008-07-25 08:34 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2008-07-25 08:34 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2008-07-25 08:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2008-07-25 08:34 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-07-23 16:50 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys

2008-07-23 16:50 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-07-23 16:50 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys

2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll

2008-07-23 16:50 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe

2008-07-23 16:50 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe

2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

.

------- Sigcheck -------

2007-07-10 15:06 642560 ce594e18fe0d0af804f1f3694921ce62 C:\WINDOWS\system32\user32.dll

2007-07-14 00:56 814592 ce7193c5f7c01b19768e066087c1c919 C:\WINDOWS\system32\wininet.dll

2007-10-16 01:19 360576 0fb6743e937c7bb248b2530a5a77abc6 C:\WINDOWS\system32\drivers\tcpip.sys

2007-10-19 00:19 2145280 6c264e21d3bd7082b43fc016d760c1d1 C:\WINDOWS\system32\ntoskrnl.exe

2007-10-17 21:30 974848 16df8a100e8966e48ba00c86f6c89972 C:\WINDOWS\explorer.exe

2007-10-17 21:32 104448 64af31fd88f01255bd841aa9b2dd030f C:\WINDOWS\system32\wuauclt.exe

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

"DAEMON Tools Lite"="D:\Pobieranie\DAEMON Tools Lite\daemon.exe" [2008-02-14 486856]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920]

"PCSuiteTrayApplication"="D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

"RTHDCPL"="RTHDCPL.EXE" [2007-10-17 C:\WINDOWS\RTHDCPL.EXE]

"nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

"Nokia.PCSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"nltide_3"="advpack.dll" [2007-10-09 C:\WINDOWS\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"ldZvjyMc5z"="C:\Documents and Settings\All Users\Dane aplikacji\xsvchghc\forafgvw.exe" [2008-09-13 69632]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

SAGEM Wi-Fi 11g USB adapter LAN Utility.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2008-07-31 835584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableStatusMessages"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Adam^Menu Start^Programy^Autostart^.security]

path=C:\Documents and Settings\Adam\Menu Start\Programy\Autostart\.security

backup=C:\WINDOWS\pss\.securityStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^.security]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\.security

backup=C:\WINDOWS\pss\.securityCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-04 04:44 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"D:\\Program Files\\Gadu-Gadu\\gg.exe"=

"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

R0 mv61xx;mv61xx;C:\WINDOWS\system32\DRIVERS\mv61xx.sys [2007-10-17 91520]

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 260608]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]

S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]

S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [ ]

S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ]

*Newly Created Service* - PROCEXP90

.

- - - - USUNIĘTO PUSTE WPISY - - - -

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)

HKLM-Run-lphc56ej0e1f9 - C:\WINDOWS\system32\lphc56ej0e1f9.exe

HKLM-Run-inrhc16ej0e1f9 - C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\.tt9.tmp.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-14 13:51:16

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

Czas ukończenia: 2008-09-14 13:51:40

ComboFix-quarantined-files.txt 2008-09-14 11:51:38

Przed: 23,597,260,800 bajt˘w wolnych

Po: 23,700,873,216 bajt˘w wolnych

303

Folder C:\Qoobox usunąłem.

Gość
komentarz
komentarz

Wklej do Notatnika:

File::C:\WINDOWS\.securityE:\NTGLM7X.sys C:\Documents and Settings\All Users\Dane aplikacji\xsvchghc\forafgvw.exeFolder::C:\temp\{871ce3c5-6e97-3363-a174-3208198ce6fd}C:\Program Files\SAVC:\Documents and Settings\All Users\Dane aplikacji\xsvchghcC:\RecycledDirLook::C:\tempDriver::SetupNTGLM7XRegistry::[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]"ldZvjyMc5z"=-

>>Plik>>Zapisz jako... >>> CFScript

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

-->cfscriptb5b4me3.gif

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.

vuzi
komentarz
komentarz

Zrobione:

ComboFix 08-09-13.05 - Adam 2008-09-14 14:51:05.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1580 [GMT 2:00]

Uruchomiony z: C:\Documents and Settings\Adam\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\Adam\Pulpit\CFScript.txt

* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Dane aplikacji\xsvchghc

C:\Documents and Settings\All Users\Dane aplikacji\xsvchghc\forafgvw.exe

C:\Program Files\SAV

C:\Program Files\SAV\sav.ooo

C:\Program Files\SAV\sav0.dat

C:\Program Files\SAV\sav1.dat

C:\Recycled

C:\Recycled\desktop.ini

C:\Recycled\INFO2

C:\temp\{871ce3c5-6e97-3363-a174-3208198ce6fd}

C:\temp\{871ce3c5-6e97-3363-a174-3208198ce6fd}\chrome.manifest

C:\temp\{871ce3c5-6e97-3363-a174-3208198ce6fd}\chrome\su.jar

C:\temp\{871ce3c5-6e97-3363-a174-3208198ce6fd}\install.rdf

C:\temp\{871ce3c5-6e97-3363-a174-3208198ce6fd}\su.reg

C:\WINDOWS\.security

C:\WINDOWS\system32\blphc56ej0e1f9.scr

C:\WINDOWS\system32\lphc56ej0e1f9.exe

C:\WINDOWS\system32\phc56ej0e1f9.bmp

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_SETUPNTGLM7X

-------\Service_SetupNTGLM7X

((((((((((((((((((((((((( Pliki utworzone od 2008-08-14 do 2008-09-14 )))))))))))))))))))))))))))))))

.

2008-09-14 14:14 . 2008-09-14 14:14 94,208 --a------ C:\WINDOWS\system32\duzunsjm.exe

2008-09-14 13:54 . 2008-09-14 13:54 <DIR> d-------- C:\WINDOWS\system32\xircom

2008-09-14 13:54 . 2008-09-14 13:54 <DIR> d-------- C:\WINDOWS\srchasst

2008-09-14 13:54 . 2008-09-14 13:54 <DIR> d-------- C:\WINDOWS\msagent

2008-09-14 13:54 . 2008-09-14 13:54 <DIR> d-------- C:\Program Files\microsoft frontpage

2008-09-13 20:54 . 2008-09-13 20:54 <DIR> d-------- C:\Documents and Settings\Adam\Phone Browser

2008-09-13 20:35 . 2008-09-13 20:35 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-09-13 19:16 . 2008-09-14 14:51 <DIR> d-------- C:\temp

2008-09-10 19:44 . 2008-09-10 19:44 <DIR> d-------- C:\Program Files\Alwil Software

2008-09-08 17:36 . 2008-09-08 17:36 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2008-09-08 17:36 . 2008-09-08 19:21 <DIR> d-------- C:\Program Files\Wizard

2008-09-08 17:36 . 2008-09-08 17:36 <DIR> d-------- C:\Program Files\Common Files\grafa

2008-09-08 17:36 . 2008-09-08 17:36 <DIR> d-------- C:\Program Files\Common Files\Borland Shared

2008-09-07 15:16 . 2008-09-07 15:16 <DIR> d-------- C:\Program Files\K-Lite Codec Pack

2008-09-07 14:22 . 2008-09-07 14:22 <DIR> d-------- C:\Program Files\Vplayer

2008-09-07 14:22 . 2008-09-08 20:49 2,476 --a------ C:\WINDOWS\VPlayer.INI

2008-09-07 14:22 . 2008-09-08 20:49 88 --a------ C:\WINDOWS\VplayerINI.vpl

2008-09-06 19:57 . 2008-09-07 15:14 <DIR> d-------- C:\Program Files\AC3Filter

2008-09-05 16:47 . 2008-09-05 16:47 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\Gadu-Gadu

2008-09-05 16:17 . 2008-09-05 16:17 <DIR> d-------- C:\WINDOWS\ROSE Online Evolution

2008-09-01 15:25 . 2008-09-01 15:25 50 --a------ C:\WINDOWS\MegaManager.INI

2008-09-01 13:06 . 2008-09-01 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Megaupload

2008-09-01 13:06 . 2008-09-01 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\EmailNotifier

2008-09-01 13:06 . 2008-09-01 13:06 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\Megaupload

2008-09-01 13:06 . 2008-09-01 13:06 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\EmailNotifier

2008-08-26 20:24 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys

2008-08-26 20:23 . 2008-08-26 20:23 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-08-26 20:23 . 2008-08-26 20:23 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

2008-08-26 20:22 . 2008-08-26 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nokia

2008-08-26 20:18 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll

2008-08-26 20:18 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys

2008-08-26 20:18 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys

2008-08-26 20:18 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys

2008-08-26 20:18 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys

2008-08-26 20:17 . 2008-08-26 20:17 <DIR> d-------- C:\Program Files\Nokia

2008-08-26 20:17 . 2008-08-26 20:17 <DIR> d-------- C:\Program Files\MSXML 6.0

2008-08-26 20:17 . 2008-02-01 16:17 138,112 --a------ C:\WINDOWS\system32\drivers\nmwcdnsu.sys

2008-08-26 20:17 . 2008-02-01 16:17 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdnsuc.sys

2008-08-26 14:40 . 2008-08-26 14:40 <DIR> d-------- C:\Program Files\LucasArts

2008-08-26 14:30 . 2008-08-26 14:30 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe

2008-08-25 18:07 . 2008-08-25 18:07 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\Nokia Multimedia Player

2008-08-25 07:43 . 2008-08-25 07:43 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-08-25 07:42 . 2006-10-08 21:51 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-08-25 07:41 . 2008-08-25 07:41 <DIR> d-------- C:\Program Files\DIFX

2008-08-25 07:41 . 2008-08-25 07:41 <DIR> d-------- C:\Program Files\Common Files\PCSuite

2008-08-25 07:41 . 2008-08-26 20:17 <DIR> d-------- C:\Program Files\Common Files\Nokia

2008-08-25 07:41 . 2008-08-25 07:42 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite

2008-08-25 07:41 . 2008-08-25 07:41 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\PC Suite

2008-08-25 07:41 . 2008-08-26 20:25 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\Nokia

2008-08-25 07:40 . 2008-08-25 07:41 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-08-25 07:40 . 2008-08-25 07:40 <DIR> d-------- C:\Program Files\PC Connectivity Solution

2008-08-25 07:40 . 2008-08-26 20:17 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Installations

2008-08-25 07:40 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll

2008-08-25 07:40 . 2007-02-22 11:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys

2008-08-25 07:40 . 2008-05-07 07:38 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2008-08-25 07:40 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys

2008-08-25 07:40 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys

2008-08-25 07:40 . 2007-02-22 11:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys

2008-08-24 14:03 . 2008-08-24 14:03 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\DivX

2008-08-24 14:01 . 2008-09-13 20:33 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\Samsung

2008-08-24 14:00 . 2003-02-21 18:42 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2008-08-24 14:00 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll

2008-08-24 13:59 . 2008-09-14 09:23 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers

2008-08-24 13:59 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys

2008-08-24 13:59 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-08-24 13:57 . 2008-09-04 21:29 <DIR> d-------- C:\Program Files\Common Files\Adobe

2008-08-23 21:40 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-08-19 22:26 . 2008-09-07 15:14 <DIR> d-------- C:\Program Files\DivX

2008-08-19 22:19 . 2008-08-19 22:19 <DIR> d-------- C:\Program Files\The Playa

2008-08-19 22:19 . 2008-08-19 22:19 <DIR> d-------- C:\Program Files\DivXCodec

2008-08-19 22:11 . 2008-09-13 20:39 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-08-19 21:46 . 2008-08-19 21:46 <DIR> d-------- C:\Program Files\Common Files\LightScribe

2008-08-19 21:45 . 2008-08-26 14:30 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\Ahead

2008-08-19 21:43 . 2008-08-19 21:43 <DIR> d-------- C:\Program Files\Nero

2008-08-19 21:43 . 2008-08-19 21:46 <DIR> d-------- C:\Program Files\Common Files\Ahead

2008-08-19 21:43 . 2008-08-19 21:43 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero

2008-08-19 19:27 . 2003-07-21 05:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd

2008-08-19 19:27 . 2005-01-04 20:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys

2008-08-19 19:26 . 2008-08-19 19:26 <DIR> d-------- C:\Program Files\Common Files\INCA Shared

2008-08-18 18:25 . 2008-08-18 18:26 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\DVD Shrink

2008-08-17 15:17 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-13 18:54 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-08-17 13:18 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys

2008-08-17 13:18 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys

2008-08-01 07:54 --------- d-----w C:\Program Files\Common Files\EasyInfo

2008-08-01 07:07 --------- d-----w C:\Program Files\VDOTool

2008-08-01 06:51 90,112 ----a-w C:\WINDOWS\DUMP6457.tmp

2008-07-31 19:19 --------- d-----w C:\Program Files\MSI

2008-07-31 19:07 --------- d-----w C:\Program Files\Intel

2008-07-31 19:00 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-07-31 19:00 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-07-31 18:51 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-07-31 18:51 --------- d-----w C:\Documents and Settings\Adam\Dane aplikacji\DAEMON Tools

2008-07-31 18:25 --------- d-----w C:\Program Files\SAGEM WiFi manager

2008-07-31 18:24 --------- d-----w C:\Program Files\SAGEM

2008-07-31 12:17 --------- d-----w C:\Program Files\Windows Media Connect 2

2008-07-23 16:50 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys

2008-07-23 16:50 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-07-23 16:50 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of C:\temp ----

2008-09-13 21:23 130 --a------ C:\temp\debug.txt

2008-09-02 16:10 219 --a------ C:\temp\{871ce3c5-6e97-3363-a174-3208198ce6fd}\chrome.manifest

2008-09-02 16:10 115308 --a------ C:\temp\{871ce3c5-6e97-3363-a174-3208198ce6fd}\chrome\su.jar

2008-09-02 13:30 1683 --a------ C:\temp\{871ce3c5-6e97-3363-a174-3208198ce6fd}\install.rdf

2008-08-29 17:38 162 --a------ C:\temp\{871ce3c5-6e97-3363-a174-3208198ce6fd}\su.reg

------- Sigcheck -------

2007-07-10 15:06 642560 ce594e18fe0d0af804f1f3694921ce62 C:\WINDOWS\system32\user32.dll

2007-07-14 00:56 814592 ce7193c5f7c01b19768e066087c1c919 C:\WINDOWS\system32\wininet.dll

2007-10-16 01:19 360576 0fb6743e937c7bb248b2530a5a77abc6 C:\WINDOWS\system32\drivers\tcpip.sys

2007-10-19 00:19 2145280 6c264e21d3bd7082b43fc016d760c1d1 C:\WINDOWS\system32\ntoskrnl.exe

2007-10-17 21:30 974848 16df8a100e8966e48ba00c86f6c89972 C:\WINDOWS\explorer.exe

2007-10-17 21:32 104448 64af31fd88f01255bd841aa9b2dd030f C:\WINDOWS\system32\wuauclt.exe

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

"DAEMON Tools Lite"="D:\Pobieranie\DAEMON Tools Lite\daemon.exe" [2008-02-14 486856]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"dscsetmnt"="C:\WINDOWS\system32\duzunsjm.exe" [2008-09-14 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920]

"PCSuiteTrayApplication"="D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]

"RTHDCPL"="RTHDCPL.EXE" [2007-10-17 C:\WINDOWS\RTHDCPL.EXE]

"nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

"Nokia.PCSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"nltide_3"="advpack.dll" [2007-10-09 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

SAGEM Wi-Fi 11g USB adapter LAN Utility.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2008-07-31 835584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableStatusMessages"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Adam^Menu Start^Programy^Autostart^.security]

path=C:\Documents and Settings\Adam\Menu Start\Programy\Autostart\.security

backup=C:\WINDOWS\pss\.securityStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^.security]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\.security

backup=C:\WINDOWS\pss\.securityCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-04 04:44 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"D:\\Program Files\\Gadu-Gadu\\gg.exe"=

"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

R0 mv61xx;mv61xx;C:\WINDOWS\system32\DRIVERS\mv61xx.sys [2007-10-17 91520]

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 260608]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]

S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]

S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ]

.

- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-lphc56ej0e1f9 - C:\WINDOWS\system32\lphc56ej0e1f9.exe

HKLM-Run-inrhc16ej0e1f9 - C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\.ttF.tmp.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-14 14:53:52

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Alwil Software\Avast4\Setup\avast.setup

.

**************************************************************************

.

Czas ukończenia: 2008-09-14 14:55:13 - komputer został uruchomiony ponownie [Adam]

ComboFix-quarantined-files.txt 2008-09-14 12:55:10

ComboFix2.txt 2008-09-14 11:51:41

Przed: 23,673,376,768 bajt˘w wolnych

Po: 23,632,162,816 bajt˘w wolnych

259

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.