vuzi utworzono 14 września 2008 utworzono 14 września 2008 Od niedawna wyskakuje mi ikonka na na pasku; "You have a seciurity problem!" Wklejam logi z Hijack : Logfile of HijackThis v1.99.1Scan saved at 10:18:28, on 2008-09-14 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20627) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\All Users\Dane aplikacji\xsvchghc\forafgvw.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe D:\Pobieranie\DAEMON Tools Lite\daemon.exe C:\DOCUME~1\Adam\USTAWI~1\Temp\video1018.cfg.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\vgzwlkxi.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\DOCUME~1\Adam\USTAWI~1\Temp\c.exe D:\Pobieranie\Opera\opera.exe C:\DOCUME~1\Adam\USTAWI~1\Temp\Rar$EX00.390\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll O2 - BHO: PC-Antispy Site Blocker Button - {60B244BE-559D-4269-B96E-CD264D828EC9} - C:\Program Files\PC-Antispy\ASpyStBlk.dll (file missing) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Pobieranie\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [somefox] C:\DOCUME~1\Adam\USTAWI~1\Temp\video1018.cfg.exe O4 - HKCU\..\Run: [DbWinInfo] C:\WINDOWS\system32\vgzwlkxi.exe O4 - Global Startup: SAGEM Wi-Fi 11g USB adapter LAN Utility.lnk = ? O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O11 - Options group: [TABS] Tabbed Browsing O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Gość komentarz 14 września 2008 komentarz 14 września 2008 O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dllO2 - BHO: PC-Antispy Site Blocker Button - {60B244BE-559D-4269-B96E-CD264D828EC9} - C:\Program Files\PC-Antispy\ASpyStBlk.dll (file missing)O4 - HKCU\..\Run: [DbWinInfo] C:\WINDOWS\system32\vgzwlkxi.exeO4 - HKCU\..\Run: [somefox] C:\DOCUME~1\Adam\USTAWI~1\Temp\video1018.cfg.exe Te w/w wpisy sfiksuj w Hijacku: >>Hijack>>scan(Do a system scan only)>>zaznacz je >>Fix checked Pobierz ComboFix,ale nie uruchamiaj Wklej do Notatnika File::C:\WINDOWS\system32\msxml71.dllC:\WINDOWS\system32\vgzwlkxi.exeC:\DOCUME~1\Adam\USTAWI~1\Temp\video1018.cfg.exeFolder::C:\Program Files\PC-Antispy >>Plik>>Zapisz jako... >>> CFScript Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe --> Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania. Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.
vuzi komentarz 14 września 2008 Autor komentarz 14 września 2008 Log z ComboFix: ComboFix 08-09-13.05 - Adam 2008-09-14 13:50:14.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1571 [GMT 2:00] Uruchomiony z: C:\Documents and Settings\Adam\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\Adam\Pulpit\CFScript.txt * Utworzono nowy punkt przywracania UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\DOCUME~1\Adam\USTAWI~1\Temp\video1018.cfg.exe C:\Program Files\Inet Delivery C:\Program Files\Inet Delivery\inetdl.exe C:\Program Files\Inet Delivery\intdel.exe C:\Program Files\PC-Antispy C:\Recycled\Recycled C:\WINDOWS\a.bat C:\WINDOWS\base64.tmp C:\WINDOWS\bdn.com C:\WINDOWS\FVProtect.exe C:\WINDOWS\iTunesMusic.exe C:\WINDOWS\mslagent C:\WINDOWS\mslagent\2_mslagent.dll C:\WINDOWS\mslagent\mslagent.exe C:\WINDOWS\mslagent\uninstall.exe C:\WINDOWS\mssecu.exe C:\WINDOWS\system32\akttzn.exe C:\WINDOWS\system32\anticipator.dll C:\WINDOWS\system32\awtoolb.dll C:\WINDOWS\system32\bdn.com C:\WINDOWS\system32\blphc56ej0e1f9.scr C:\WINDOWS\system32\bsva-egihsg52.exe C:\WINDOWS\system32\dpcproxy.exe C:\WINDOWS\system32\emesx.dll C:\WINDOWS\system32\h@tkeysh@@k.dll C:\WINDOWS\system32\hoproxy.dll C:\WINDOWS\system32\hxiwlgpm.dat C:\WINDOWS\system32\hxiwlgpm.exe C:\WINDOWS\system32\lphc56ej0e1f9.exe C:\WINDOWS\system32\medup012.dll C:\WINDOWS\system32\medup020.dll C:\WINDOWS\system32\msgp.exe C:\WINDOWS\system32\msnbho.dll C:\WINDOWS\system32\mssecu.exe C:\WINDOWS\system32\msvchost.exe C:\WINDOWS\system32\mtr2.exe C:\WINDOWS\system32\mwin32.exe C:\WINDOWS\system32\netode.exe C:\WINDOWS\system32\newsd32.exe C:\WINDOWS\system32\phc56ej0e1f9.bmp C:\WINDOWS\system32\ps1.exe C:\WINDOWS\system32\psof1.exe C:\WINDOWS\system32\psoft1.exe C:\WINDOWS\system32\regc64.dll C:\WINDOWS\system32\regm64.dll C:\WINDOWS\system32\Rundl1.exe C:\WINDOWS\system32\smp C:\WINDOWS\system32\smp\msrc.exe C:\WINDOWS\system32\sncntr.exe C:\WINDOWS\system32\ssurf022.dll C:\WINDOWS\system32\ssvchost.com C:\WINDOWS\system32\ssvchost.exe C:\WINDOWS\system32\sysreq.exe C:\WINDOWS\system32\taack.dat C:\WINDOWS\system32\taack.exe C:\WINDOWS\system32\temp#01.exe C:\WINDOWS\system32\thun.dll C:\WINDOWS\system32\thun32.dll C:\WINDOWS\system32\VBIEWER.OCX C:\WINDOWS\system32\vbsys2.dll C:\WINDOWS\system32\vcatchpi.dll C:\WINDOWS\system32\vgzwlkxi.exe C:\WINDOWS\system32\winlogonpc.exe C:\WINDOWS\system32\winsystem.exe C:\WINDOWS\system32\WINWGPX.EXE C:\WINDOWS\userconfig9x.dll C:\WINDOWS\winsystem.exe C:\WINDOWS\zip1.tmp C:\WINDOWS\zip2.tmp C:\WINDOWS\zip3.tmp C:\WINDOWS\zipped.tmp . ((((((((((((((((((((((((( Pliki utworzone od 2008-08-14 do 2008-09-14 ))))))))))))))))))))))))))))))) . 2008-09-13 20:54 . 2008-09-13 20:54 <DIR> d-------- C:\Documents and Settings\Adam\Phone Browser 2008-09-13 20:35 . 2008-09-13 20:35 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-09-13 19:22 . 2008-09-13 19:22 0 --ah----- C:\WINDOWS\.security 2008-09-13 19:16 . 2008-09-13 19:16 <DIR> d-------- C:\temp\{871ce3c5-6e97-3363-a174-3208198ce6fd} 2008-09-13 19:16 . 2008-09-13 20:38 <DIR> d-------- C:\temp 2008-09-13 19:16 . 2008-09-13 19:16 <DIR> d-------- C:\Program Files\SAV 2008-09-13 19:16 . 2008-09-13 19:16 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\xsvchghc 2008-09-10 19:44 . 2008-09-10 19:44 <DIR> d-------- C:\Program Files\Alwil Software 2008-09-08 17:36 . 2008-09-08 17:36 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-09-08 17:36 . 2008-09-08 19:21 <DIR> d-------- C:\Program Files\Wizard 2008-09-08 17:36 . 2008-09-08 17:36 <DIR> d-------- C:\Program Files\Common Files\grafa 2008-09-08 17:36 . 2008-09-08 17:36 <DIR> d-------- C:\Program Files\Common Files\Borland Shared 2008-09-07 15:16 . 2008-09-07 15:16 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-09-07 14:22 . 2008-09-07 14:22 <DIR> d-------- C:\Program Files\Vplayer 2008-09-07 14:22 . 2008-09-08 20:49 2,476 --a------ C:\WINDOWS\VPlayer.INI 2008-09-07 14:22 . 2008-09-08 20:49 88 --a------ C:\WINDOWS\VplayerINI.vpl 2008-09-06 19:57 . 2008-09-07 15:14 <DIR> d-------- C:\Program Files\AC3Filter 2008-09-05 16:47 . 2008-09-05 16:47 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\Gadu-Gadu 2008-09-05 16:17 . 2008-09-05 16:17 <DIR> d-------- C:\WINDOWS\ROSE Online Evolution 2008-09-02 16:43 . 2008-09-14 13:50 <DIR> dr-hs---- C:\Recycled 2008-09-01 15:25 . 2008-09-01 15:25 50 --a------ C:\WINDOWS\MegaManager.INI 2008-09-01 13:06 . 2008-09-01 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Megaupload 2008-09-01 13:06 . 2008-09-01 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\EmailNotifier 2008-09-01 13:06 . 2008-09-01 13:06 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\Megaupload 2008-09-01 13:06 . 2008-09-01 13:06 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\EmailNotifier 2008-08-26 20:24 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys 2008-08-26 20:23 . 2008-08-26 20:23 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-08-26 20:23 . 2008-08-26 20:23 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-08-26 20:22 . 2008-08-26 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nokia 2008-08-26 20:18 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-08-26 20:18 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys 2008-08-26 20:18 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys 2008-08-26 20:18 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys 2008-08-26 20:18 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys 2008-08-26 20:17 . 2008-08-26 20:17 <DIR> d-------- C:\Program Files\Nokia 2008-08-26 20:17 . 2008-08-26 20:17 <DIR> d-------- C:\Program Files\MSXML 6.0 2008-08-26 20:17 . 2008-02-01 16:17 138,112 --a------ C:\WINDOWS\system32\drivers\nmwcdnsu.sys 2008-08-26 20:17 . 2008-02-01 16:17 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdnsuc.sys 2008-08-26 14:40 . 2008-08-26 14:40 <DIR> d-------- C:\Program Files\LucasArts 2008-08-26 14:30 . 2008-08-26 14:30 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe 2008-08-25 18:07 . 2008-08-25 18:07 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\Nokia Multimedia Player 2008-08-25 07:43 . 2008-08-25 07:43 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-08-25 07:42 . 2006-10-08 21:51 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-08-25 07:41 . 2008-08-25 07:41 <DIR> d-------- C:\Program Files\DIFX 2008-08-25 07:41 . 2008-08-25 07:41 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2008-08-25 07:41 . 2008-08-26 20:17 <DIR> d-------- C:\Program Files\Common Files\Nokia 2008-08-25 07:41 . 2008-08-25 07:42 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite 2008-08-25 07:41 . 2008-08-25 07:41 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\PC Suite 2008-08-25 07:41 . 2008-08-26 20:25 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\Nokia 2008-08-25 07:40 . 2008-08-25 07:41 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-08-25 07:40 . 2008-08-25 07:40 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2008-08-25 07:40 . 2008-08-26 20:17 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Installations 2008-08-25 07:40 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2008-08-25 07:40 . 2007-02-22 11:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2008-08-25 07:40 . 2008-05-07 07:38 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-08-25 07:40 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2008-08-25 07:40 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2008-08-25 07:40 . 2007-02-22 11:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2008-08-24 14:03 . 2008-08-24 14:03 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\DivX 2008-08-24 14:01 . 2008-09-13 20:33 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\Samsung 2008-08-24 14:00 . 2003-02-21 18:42 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2008-08-24 14:00 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll 2008-08-24 13:59 . 2008-09-14 09:23 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers 2008-08-24 13:59 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys 2008-08-24 13:59 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-08-24 13:57 . 2008-09-04 21:29 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-08-23 21:40 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-08-19 22:26 . 2008-09-07 15:14 <DIR> d-------- C:\Program Files\DivX 2008-08-19 22:19 . 2008-08-19 22:19 <DIR> d-------- C:\Program Files\The Playa 2008-08-19 22:19 . 2008-08-19 22:19 <DIR> d-------- C:\Program Files\DivXCodec 2008-08-19 22:11 . 2008-09-13 20:39 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-08-19 21:46 . 2008-08-19 21:46 <DIR> d-------- C:\Program Files\Common Files\LightScribe 2008-08-19 21:45 . 2008-08-26 14:30 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\Ahead 2008-08-19 21:43 . 2008-08-19 21:43 <DIR> d-------- C:\Program Files\Nero 2008-08-19 21:43 . 2008-08-19 21:46 <DIR> d-------- C:\Program Files\Common Files\Ahead 2008-08-19 21:43 . 2008-08-19 21:43 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero 2008-08-19 19:27 . 2003-07-21 05:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd 2008-08-19 19:27 . 2005-01-04 20:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys 2008-08-19 19:26 . 2008-08-19 19:26 <DIR> d-------- C:\Program Files\Common Files\INCA Shared 2008-08-18 18:25 . 2008-08-18 18:26 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\DVD Shrink 2008-08-17 15:17 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-13 18:54 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-17 13:18 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys 2008-08-17 13:18 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys 2008-08-01 07:54 --------- d-----w C:\Program Files\Common Files\EasyInfo 2008-08-01 07:07 --------- d-----w C:\Program Files\VDOTool 2008-08-01 06:51 90,112 ----a-w C:\WINDOWS\DUMP6457.tmp 2008-07-31 19:19 --------- d-----w C:\Program Files\MSI 2008-07-31 19:07 --------- d-----w C:\Program Files\Intel 2008-07-31 19:00 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-07-31 19:00 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-07-31 18:51 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-07-31 18:51 --------- d-----w C:\Documents and Settings\Adam\Dane aplikacji\DAEMON Tools 2008-07-31 18:25 --------- d-----w C:\Program Files\SAGEM WiFi manager 2008-07-31 18:24 --------- d-----w C:\Program Files\SAGEM 2008-07-31 12:17 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-07-25 08:34 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-07-25 08:34 683,520 ----a-w C:\WINDOWS\system32\divx.dll 2008-07-25 08:34 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-07-25 08:34 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-07-25 08:34 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-07-25 08:34 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-07-25 08:34 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-07-25 08:34 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-07-25 08:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-07-25 08:34 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-07-23 16:50 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-07-23 16:50 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-07-23 16:50 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys 2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-07-23 16:50 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-07-23 16:50 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll . ------- Sigcheck ------- 2007-07-10 15:06 642560 ce594e18fe0d0af804f1f3694921ce62 C:\WINDOWS\system32\user32.dll 2007-07-14 00:56 814592 ce7193c5f7c01b19768e066087c1c919 C:\WINDOWS\system32\wininet.dll 2007-10-16 01:19 360576 0fb6743e937c7bb248b2530a5a77abc6 C:\WINDOWS\system32\drivers\tcpip.sys 2007-10-19 00:19 2145280 6c264e21d3bd7082b43fc016d760c1d1 C:\WINDOWS\system32\ntoskrnl.exe 2007-10-17 21:30 974848 16df8a100e8966e48ba00c86f6c89972 C:\WINDOWS\explorer.exe 2007-10-17 21:32 104448 64af31fd88f01255bd841aa9b2dd030f C:\WINDOWS\system32\wuauclt.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360] "DAEMON Tools Lite"="D:\Pobieranie\DAEMON Tools Lite\daemon.exe" [2008-02-14 486856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920] "PCSuiteTrayApplication"="D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "RTHDCPL"="RTHDCPL.EXE" [2007-10-17 C:\WINDOWS\RTHDCPL.EXE] "nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] "Nokia.PCSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2007-10-09 C:\WINDOWS\system32\advpack.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "ldZvjyMc5z"="C:\Documents and Settings\All Users\Dane aplikacji\xsvchghc\forafgvw.exe" [2008-09-13 69632] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ SAGEM Wi-Fi 11g USB adapter LAN Utility.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2008-07-31 835584] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMHelp"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMHelp"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^Adam^Menu Start^Programy^Autostart^.security] path=C:\Documents and Settings\Adam\Menu Start\Programy\Autostart\.security backup=C:\WINDOWS\pss\.securityStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^.security] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\.security backup=C:\WINDOWS\pss\.securityCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-04 04:44 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "D:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= R0 mv61xx;mv61xx;C:\WINDOWS\system32\DRIVERS\mv61xx.sys [2007-10-17 91520] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 260608] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320] S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [ ] S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ] *Newly Created Service* - PROCEXP90 . - - - - USUNIĘTO PUSTE WPISY - - - - WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file) HKLM-Run-lphc56ej0e1f9 - C:\WINDOWS\system32\lphc56ej0e1f9.exe HKLM-Run-inrhc16ej0e1f9 - C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\.tt9.tmp.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-14 13:51:16 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2008-09-14 13:51:40 ComboFix-quarantined-files.txt 2008-09-14 11:51:38 Przed: 23,597,260,800 bajt˘w wolnych Po: 23,700,873,216 bajt˘w wolnych 303 Folder C:\Qoobox usunąłem.
Gość komentarz 14 września 2008 komentarz 14 września 2008 Wklej do Notatnika: File::C:\WINDOWS\.securityE:\NTGLM7X.sys C:\Documents and Settings\All Users\Dane aplikacji\xsvchghc\forafgvw.exeFolder::C:\temp\{871ce3c5-6e97-3363-a174-3208198ce6fd}C:\Program Files\SAVC:\Documents and Settings\All Users\Dane aplikacji\xsvchghcC:\RecycledDirLook::C:\tempDriver::SetupNTGLM7XRegistry::[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]"ldZvjyMc5z"=- >>Plik>>Zapisz jako... >>> CFScript Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe --> Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania. Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.
vuzi komentarz 14 września 2008 Autor komentarz 14 września 2008 Zrobione: ComboFix 08-09-13.05 - Adam 2008-09-14 14:51:05.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1580 [GMT 2:00] Uruchomiony z: C:\Documents and Settings\Adam\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\Adam\Pulpit\CFScript.txt * Utworzono nowy punkt przywracania UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Dane aplikacji\xsvchghc C:\Documents and Settings\All Users\Dane aplikacji\xsvchghc\forafgvw.exe C:\Program Files\SAV C:\Program Files\SAV\sav.ooo C:\Program Files\SAV\sav0.dat C:\Program Files\SAV\sav1.dat C:\Recycled C:\Recycled\desktop.ini C:\Recycled\INFO2 C:\temp\{871ce3c5-6e97-3363-a174-3208198ce6fd} C:\temp\{871ce3c5-6e97-3363-a174-3208198ce6fd}\chrome.manifest C:\temp\{871ce3c5-6e97-3363-a174-3208198ce6fd}\chrome\su.jar C:\temp\{871ce3c5-6e97-3363-a174-3208198ce6fd}\install.rdf C:\temp\{871ce3c5-6e97-3363-a174-3208198ce6fd}\su.reg C:\WINDOWS\.security C:\WINDOWS\system32\blphc56ej0e1f9.scr C:\WINDOWS\system32\lphc56ej0e1f9.exe C:\WINDOWS\system32\phc56ej0e1f9.bmp . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SETUPNTGLM7X -------\Service_SetupNTGLM7X ((((((((((((((((((((((((( Pliki utworzone od 2008-08-14 do 2008-09-14 ))))))))))))))))))))))))))))))) . 2008-09-14 14:14 . 2008-09-14 14:14 94,208 --a------ C:\WINDOWS\system32\duzunsjm.exe 2008-09-14 13:54 . 2008-09-14 13:54 <DIR> d-------- C:\WINDOWS\system32\xircom 2008-09-14 13:54 . 2008-09-14 13:54 <DIR> d-------- C:\WINDOWS\srchasst 2008-09-14 13:54 . 2008-09-14 13:54 <DIR> d-------- C:\WINDOWS\msagent 2008-09-14 13:54 . 2008-09-14 13:54 <DIR> d-------- C:\Program Files\microsoft frontpage 2008-09-13 20:54 . 2008-09-13 20:54 <DIR> d-------- C:\Documents and Settings\Adam\Phone Browser 2008-09-13 20:35 . 2008-09-13 20:35 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-09-13 19:16 . 2008-09-14 14:51 <DIR> d-------- C:\temp 2008-09-10 19:44 . 2008-09-10 19:44 <DIR> d-------- C:\Program Files\Alwil Software 2008-09-08 17:36 . 2008-09-08 17:36 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-09-08 17:36 . 2008-09-08 19:21 <DIR> d-------- C:\Program Files\Wizard 2008-09-08 17:36 . 2008-09-08 17:36 <DIR> d-------- C:\Program Files\Common Files\grafa 2008-09-08 17:36 . 2008-09-08 17:36 <DIR> d-------- C:\Program Files\Common Files\Borland Shared 2008-09-07 15:16 . 2008-09-07 15:16 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-09-07 14:22 . 2008-09-07 14:22 <DIR> d-------- C:\Program Files\Vplayer 2008-09-07 14:22 . 2008-09-08 20:49 2,476 --a------ C:\WINDOWS\VPlayer.INI 2008-09-07 14:22 . 2008-09-08 20:49 88 --a------ C:\WINDOWS\VplayerINI.vpl 2008-09-06 19:57 . 2008-09-07 15:14 <DIR> d-------- C:\Program Files\AC3Filter 2008-09-05 16:47 . 2008-09-05 16:47 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\Gadu-Gadu 2008-09-05 16:17 . 2008-09-05 16:17 <DIR> d-------- C:\WINDOWS\ROSE Online Evolution 2008-09-01 15:25 . 2008-09-01 15:25 50 --a------ C:\WINDOWS\MegaManager.INI 2008-09-01 13:06 . 2008-09-01 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Megaupload 2008-09-01 13:06 . 2008-09-01 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\EmailNotifier 2008-09-01 13:06 . 2008-09-01 13:06 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\Megaupload 2008-09-01 13:06 . 2008-09-01 13:06 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\EmailNotifier 2008-08-26 20:24 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys 2008-08-26 20:23 . 2008-08-26 20:23 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-08-26 20:23 . 2008-08-26 20:23 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-08-26 20:22 . 2008-08-26 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nokia 2008-08-26 20:18 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-08-26 20:18 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys 2008-08-26 20:18 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys 2008-08-26 20:18 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys 2008-08-26 20:18 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys 2008-08-26 20:17 . 2008-08-26 20:17 <DIR> d-------- C:\Program Files\Nokia 2008-08-26 20:17 . 2008-08-26 20:17 <DIR> d-------- C:\Program Files\MSXML 6.0 2008-08-26 20:17 . 2008-02-01 16:17 138,112 --a------ C:\WINDOWS\system32\drivers\nmwcdnsu.sys 2008-08-26 20:17 . 2008-02-01 16:17 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdnsuc.sys 2008-08-26 14:40 . 2008-08-26 14:40 <DIR> d-------- C:\Program Files\LucasArts 2008-08-26 14:30 . 2008-08-26 14:30 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe 2008-08-25 18:07 . 2008-08-25 18:07 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\Nokia Multimedia Player 2008-08-25 07:43 . 2008-08-25 07:43 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-08-25 07:42 . 2006-10-08 21:51 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-08-25 07:41 . 2008-08-25 07:41 <DIR> d-------- C:\Program Files\DIFX 2008-08-25 07:41 . 2008-08-25 07:41 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2008-08-25 07:41 . 2008-08-26 20:17 <DIR> d-------- C:\Program Files\Common Files\Nokia 2008-08-25 07:41 . 2008-08-25 07:42 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite 2008-08-25 07:41 . 2008-08-25 07:41 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\PC Suite 2008-08-25 07:41 . 2008-08-26 20:25 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\Nokia 2008-08-25 07:40 . 2008-08-25 07:41 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-08-25 07:40 . 2008-08-25 07:40 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2008-08-25 07:40 . 2008-08-26 20:17 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Installations 2008-08-25 07:40 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2008-08-25 07:40 . 2007-02-22 11:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2008-08-25 07:40 . 2008-05-07 07:38 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-08-25 07:40 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2008-08-25 07:40 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2008-08-25 07:40 . 2007-02-22 11:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2008-08-24 14:03 . 2008-08-24 14:03 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\DivX 2008-08-24 14:01 . 2008-09-13 20:33 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\Samsung 2008-08-24 14:00 . 2003-02-21 18:42 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2008-08-24 14:00 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll 2008-08-24 13:59 . 2008-09-14 09:23 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers 2008-08-24 13:59 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys 2008-08-24 13:59 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-08-24 13:57 . 2008-09-04 21:29 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-08-23 21:40 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-08-19 22:26 . 2008-09-07 15:14 <DIR> d-------- C:\Program Files\DivX 2008-08-19 22:19 . 2008-08-19 22:19 <DIR> d-------- C:\Program Files\The Playa 2008-08-19 22:19 . 2008-08-19 22:19 <DIR> d-------- C:\Program Files\DivXCodec 2008-08-19 22:11 . 2008-09-13 20:39 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-08-19 21:46 . 2008-08-19 21:46 <DIR> d-------- C:\Program Files\Common Files\LightScribe 2008-08-19 21:45 . 2008-08-26 14:30 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\Ahead 2008-08-19 21:43 . 2008-08-19 21:43 <DIR> d-------- C:\Program Files\Nero 2008-08-19 21:43 . 2008-08-19 21:46 <DIR> d-------- C:\Program Files\Common Files\Ahead 2008-08-19 21:43 . 2008-08-19 21:43 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero 2008-08-19 19:27 . 2003-07-21 05:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd 2008-08-19 19:27 . 2005-01-04 20:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys 2008-08-19 19:26 . 2008-08-19 19:26 <DIR> d-------- C:\Program Files\Common Files\INCA Shared 2008-08-18 18:25 . 2008-08-18 18:26 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\DVD Shrink 2008-08-17 15:17 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-13 18:54 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-17 13:18 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys 2008-08-17 13:18 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys 2008-08-01 07:54 --------- d-----w C:\Program Files\Common Files\EasyInfo 2008-08-01 07:07 --------- d-----w C:\Program Files\VDOTool 2008-08-01 06:51 90,112 ----a-w C:\WINDOWS\DUMP6457.tmp 2008-07-31 19:19 --------- d-----w C:\Program Files\MSI 2008-07-31 19:07 --------- d-----w C:\Program Files\Intel 2008-07-31 19:00 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-07-31 19:00 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-07-31 18:51 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-07-31 18:51 --------- d-----w C:\Documents and Settings\Adam\Dane aplikacji\DAEMON Tools 2008-07-31 18:25 --------- d-----w C:\Program Files\SAGEM WiFi manager 2008-07-31 18:24 --------- d-----w C:\Program Files\SAGEM 2008-07-31 12:17 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-07-23 16:50 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-07-23 16:50 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-07-23 16:50 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\temp ---- 2008-09-13 21:23 130 --a------ C:\temp\debug.txt 2008-09-02 16:10 219 --a------ C:\temp\{871ce3c5-6e97-3363-a174-3208198ce6fd}\chrome.manifest 2008-09-02 16:10 115308 --a------ C:\temp\{871ce3c5-6e97-3363-a174-3208198ce6fd}\chrome\su.jar 2008-09-02 13:30 1683 --a------ C:\temp\{871ce3c5-6e97-3363-a174-3208198ce6fd}\install.rdf 2008-08-29 17:38 162 --a------ C:\temp\{871ce3c5-6e97-3363-a174-3208198ce6fd}\su.reg ------- Sigcheck ------- 2007-07-10 15:06 642560 ce594e18fe0d0af804f1f3694921ce62 C:\WINDOWS\system32\user32.dll 2007-07-14 00:56 814592 ce7193c5f7c01b19768e066087c1c919 C:\WINDOWS\system32\wininet.dll 2007-10-16 01:19 360576 0fb6743e937c7bb248b2530a5a77abc6 C:\WINDOWS\system32\drivers\tcpip.sys 2007-10-19 00:19 2145280 6c264e21d3bd7082b43fc016d760c1d1 C:\WINDOWS\system32\ntoskrnl.exe 2007-10-17 21:30 974848 16df8a100e8966e48ba00c86f6c89972 C:\WINDOWS\explorer.exe 2007-10-17 21:32 104448 64af31fd88f01255bd841aa9b2dd030f C:\WINDOWS\system32\wuauclt.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360] "DAEMON Tools Lite"="D:\Pobieranie\DAEMON Tools Lite\daemon.exe" [2008-02-14 486856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "dscsetmnt"="C:\WINDOWS\system32\duzunsjm.exe" [2008-09-14 94208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920] "PCSuiteTrayApplication"="D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360] "RTHDCPL"="RTHDCPL.EXE" [2007-10-17 C:\WINDOWS\RTHDCPL.EXE] "nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] "Nokia.PCSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2007-10-09 C:\WINDOWS\system32\advpack.dll] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ SAGEM Wi-Fi 11g USB adapter LAN Utility.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2008-07-31 835584] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMHelp"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMHelp"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^Adam^Menu Start^Programy^Autostart^.security] path=C:\Documents and Settings\Adam\Menu Start\Programy\Autostart\.security backup=C:\WINDOWS\pss\.securityStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^.security] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\.security backup=C:\WINDOWS\pss\.securityCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-04 04:44 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "D:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= R0 mv61xx;mv61xx;C:\WINDOWS\system32\DRIVERS\mv61xx.sys [2007-10-17 91520] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 260608] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320] S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ] . - - - - USUNIĘTO PUSTE WPISY - - - - HKLM-Run-lphc56ej0e1f9 - C:\WINDOWS\system32\lphc56ej0e1f9.exe HKLM-Run-inrhc16ej0e1f9 - C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\.ttF.tmp.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-14 14:53:52 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . ------------------------ Pozostałe uruchomione procesy ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Alwil Software\Avast4\Setup\avast.setup . ************************************************************************** . Czas ukończenia: 2008-09-14 14:55:13 - komputer został uruchomiony ponownie [Adam] ComboFix-quarantined-files.txt 2008-09-14 12:55:10 ComboFix2.txt 2008-09-14 11:51:41 Przed: 23,673,376,768 bajt˘w wolnych Po: 23,632,162,816 bajt˘w wolnych 259
Gość komentarz 14 września 2008 komentarz 14 września 2008 Wg mnie - czysto. Przeczyść komputer Ccleanerem Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.