x-kom hosting

Sprawdzanie logów

alonso
utworzono
utworzono

Hijack

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:13:18, on 2008-09-15Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\ATKKBService.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\Mixer.exeC:\Program Files\Ahead\InCD\InCD.exeC:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\PROGRA~1\NEOSTR~1\CnxMon.exeC:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exeC:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Program Files\FlashGet\FlashGet.exeC:\Program Files\Tlen.pl\tlen.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Neostrada TP\NeostradaTP.exeC:\Program Files\HP\Digital Imaging\bin\hpqgalry.exeC:\Program Files\Neostrada TP\ComComp.exeC:\Program Files\Neostrada TP\Watch.exeC:\Program Files\Opera\opera.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Winamp\winamp.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLLO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: LexlibPlugin - {1094613F-84B6-4131-AEC1-71DF88291044} - C:\WINDOWS\system32\pllib.dllO2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dllO3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startupO4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exeO4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exeO4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeO4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /minO4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [ares] "D:\Programy\Ares\Ares.exe" -hO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [EdHTML] C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /noneO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exeO8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htmO8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htmO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dllO9 - Extra 'Tools' menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dllO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{41566F53-11EC-4077-8258-865D4B4DA6B0}: NameServer = 194.204.159.1 217.98.63.164O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe--End of file - 8258 bytes

Gość
komentarz
komentarz
O2 - BHO: LexlibPlugin - {1094613F-84B6-4131-AEC1-71DF88291044} - C:\WINDOWS\system32\pllib.dllO2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)

Te w/w wpisy sfiksuj w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >>Fix checked

Pobierz ComboFix,ale nie uruchamiaj

Wklej do Notatnika:

File::C:\WINDOWS\system32\pllib.dll

>>Plik>>Zapisz jako... >>> CFScript

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

-->cfscriptb5b4me3.gif

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.

alonso
komentarz
komentarz

Jest tylko jedno ale. Nie mogę umieścić plików w koszu. Gdy wezmę w „łapkę” plik i najadę na kosz plik wraca na swoje miejsce na pulpicie. Tak samo nie mogę przenieść pliku na pulpicie w inne miejsce.

Mateusz J.
komentarz
komentarz

W takim razie utwórz po prostu loga: http://www.forumpc.pl/index.php?showtopic=11018

Następnie użyjemy programu The Avenger, ale to po przeanalizowaniu loga z ComboFix podam Ci instrukcję :)

alonso
komentarz
komentarz
ComboFix 08-09-14.06 - Komputer 2008-09-15 15:55:58.2 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.292 [GMT 2:00]Uruchomiony z: C:\Documents and Settings\Komputer\Pulpit\ComboFix.exe * Utworzono nowy punkt przywracania[b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b].(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\youtubex.dll.(((((((((((((((((((((((((   Pliki utworzone od 2008-08-15 do 2008-09-15  ))))))))))))))))))))))))))))))).2008-09-15 13:54 . 2008-09-15 13:54	54,156	--ah-----	C:\WINDOWS\QTFont.qfn2008-09-15 13:54 . 2008-09-15 13:54	1,409	--a------	C:\WINDOWS\QTFont.for2008-09-14 11:10 . 2008-09-15 09:34	<DIR>	d--------	C:\Temp2008-09-13 18:27 . 2008-09-13 18:33	<DIR>	d--------	C:\tmpDownload2008-09-10 20:29 . 2008-09-10 20:29	<DIR>	d--------	C:\Program Files\Edgard Multimedia2008-09-01 19:42 . 2008-09-01 19:42	<DIR>	d--h-----	C:\WINDOWS\PIF2008-08-31 23:01 . 1999-12-17 10:13	86,016	--a------	C:\WINDOWS\unvise32.exe2008-08-31 22:58 . 2008-08-31 22:58	<DIR>	d--------	C:\Program Files\Binboy2008-08-31 19:27 . 2008-08-31 19:27	<DIR>	d--------	C:\Program Files\Cream Software2008-08-31 19:27 . 2008-08-31 19:33	<DIR>	d--------	C:\Documents and Settings\Komputer\Dane aplikacji\Cream Software2008-08-31 18:34 . 2008-08-31 22:38	<DIR>	d--------	C:\Program Files\HtmlList Html Editor2008-08-26 16:05 . 2008-08-26 16:06	<DIR>	d--------	C:\Documents and Settings\Komputer\Dane aplikacji\mIRC2008-08-21 23:39 . 2008-08-21 23:39	<DIR>	d--------	C:\Documents and Settings\Komputer\Dane aplikacji\Babbel2008-08-21 12:21 . 2008-08-21 12:21	<DIR>	d--------	C:\Program Files\EA SPORTS2008-08-21 12:21 . 2008-08-21 12:21	547	--a------	C:\WINDOWS\eReg.dat2008-08-20 08:55 . 2008-08-20 08:55	<DIR>	d--hs----	C:\found.003.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-09-15 13:56	---------	d-----w	C:\Program Files\FlashGet2008-09-15 13:54	---------	d-----w	C:\Program Files\Neostrada TP2008-09-09 16:55	---------	d-----w	C:\Documents and Settings\Komputer\Dane aplikacji\AdobeUM2008-08-30 11:07	---------	d-----w	C:\Program Files\Synop 2.02008-08-22 10:34	---------	d-----w	C:\Program Files\FM Modifier 2.22008-08-19 15:13	---------	d-----w	C:\Documents and Settings\Komputer\Dane aplikacji\BearShare2008-08-12 11:31	---------	d-----w	C:\Program Files\rFactor2008-08-07 17:56	---------	d-----w	C:\Program Files\Real Alternative2008-08-07 17:56	---------	d-----w	C:\Program Files\QT Lite2008-08-07 10:40	755,200	----a-w	C:\WINDOWS\system32\ir50_32.dll2008-08-07 10:40	391,168	----a-w	C:\WINDOWS\system32\i263_32.drv2008-08-07 10:39	77,824	----a-w	C:\WINDOWS\system32\mmswitch.dll2008-08-07 10:39	258,048	----a-w	C:\WINDOWS\system32\libFLAC.dll2008-08-07 10:38	892,928	----a-w	C:\WINDOWS\system32\iconv.dll2008-08-07 10:37	455,680	----a-w	C:\WINDOWS\system32\libmplayer.dll2008-08-07 10:37	3,598,336	----a-w	C:\WINDOWS\system32\libavcodec.dll2008-08-07 10:37	126,976	----a-w	C:\WINDOWS\system32\libmpeg2_ff.dll2008-08-07 10:36	921,600	----a-w	C:\WINDOWS\system32\vorbisenc.dll2008-08-07 10:36	56,832	----a-w	C:\WINDOWS\system32\ff_unrar.dll2008-08-07 10:36	41,472	----a-w	C:\WINDOWS\system32\ff_liba52.dll2008-08-07 10:36	397,312	----a-w	C:\WINDOWS\system32\ff_libfaad2.dll2008-08-07 10:36	237,568	----a-w	C:\WINDOWS\system32\OggDS.dll2008-08-07 10:36	23,552	----a-w	C:\WINDOWS\system32\ff_wmv9.dll2008-08-07 10:36	172,032	----a-w	C:\WINDOWS\system32\ff_libdts.dll2008-08-07 10:36	143,360	----a-w	C:\WINDOWS\system32\ff_libmad.dll2008-08-07 10:36	135,168	----a-w	C:\WINDOWS\system32\ff_samplerate.dll2008-08-07 10:36	118,784	----a-w	C:\WINDOWS\system32\ff_realaac.dll2008-08-07 10:36	102,912	----a-w	C:\WINDOWS\system32\ff_tremor.dll2008-08-07 10:35	9,216	----a-w	C:\WINDOWS\system32\cpuinf32.dll2008-08-07 10:35	45,056	----a-w	C:\WINDOWS\system32\ogg.dll2008-08-07 10:35	245,760	----a-w	C:\WINDOWS\system32\mplvpx.dll2008-08-07 10:35	188,416	----a-w	C:\WINDOWS\system32\vorbis.dll2008-08-07 10:35	1,415,680	----a-w	C:\WINDOWS\system32\WMV9VCM.dll2008-08-07 10:34	755,027	----a-w	C:\WINDOWS\system32\xvidcore.dll2008-08-07 10:34	524,288	----a-w	C:\WINDOWS\system32\DivXsm.exe2008-08-07 10:34	159,839	----a-w	C:\WINDOWS\system32\xvidvfw.dll2008-08-07 10:34	141,312	----a-w	C:\WINDOWS\system32\mp4.dll2008-08-07 10:34	108,032	----a-w	C:\WINDOWS\system32\avi.dll2008-08-07 10:33	79,360	----a-w	C:\WINDOWS\system32\mkzlib.dll2008-08-07 10:33	23,552	----a-w	C:\WINDOWS\system32\mkunicode.dll2008-08-07 10:33	163,840	----a-w	C:\WINDOWS\system32\ts.dll2008-08-07 10:33	159,744	----a-w	C:\WINDOWS\system32\mmfinfo.dll2008-08-07 10:33	148,992	----a-w	C:\WINDOWS\system32\mkx.dll2008-08-07 10:33	120,832	----a-w	C:\WINDOWS\system32\ogm.dll2008-08-07 10:32	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer2008-08-06 17:27	---------	d-----w	C:\Program Files\AliveMedia2008-08-06 17:16	---------	d-----w	C:\Program Files\FDRLab2008-08-03 12:21	---------	d-----w	C:\Program Files\Google2008-07-30 12:03	---------	d-----w	C:\Documents and Settings\Komputer\Dane aplikacji\Synop2008-07-28 16:34	---------	d-----w	C:\Program Files\Neat Image2008-07-25 12:14	---------	d-----w	C:\Program Files\Gadu-Gadu2008-07-21 22:59	---------	d-----w	C:\Documents and Settings\Komputer\Dane aplikacji\Sports Interactive2008-07-16 10:15	---------	d-----w	C:\Program Files\Trend Micro2008-07-15 16:46	---------	d-----w	C:\Program Files\Norton Security Scan2008-07-15 16:45	---------	d-----w	C:\Program Files\Opera2008-07-15 16:45	---------	d-----w	C:\Program Files\Codemasters2008-07-15 10:54	---------	d--h--w	C:\Program Files\InstallShield Installation Information2008-07-15 09:05	---------	d-----w	C:\Program Files\CyberLink2006-06-29 14:45	712,704	----a-r	C:\WINDOWS\inf\OTHER\AUDIO3D.DLL2004-03-11 11:27	40,960	----a-w	C:\Program Files\Uninstall_CDS.exe.------- Sigcheck -------2004-08-03 23:14  359040  9f4b36614a0fc234525ba224957de55c	C:\WINDOWS\system32\dllcache\tcpip.sys2004-08-03 23:14  359040  6a603809f598332dbedd535bdbce313e	C:\WINDOWS\system32\drivers\tcpip.sys.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2008-01-15 6290944]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-19 68856]"EdHTML"="C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe" [2003-03-24 1443328][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-09-07 1400944]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 5537792]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-02-24 86016]"RemoteControl"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 32768]"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 79224]"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 24576]"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 20480]"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 53248]"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 36352]"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 128920]"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 2007088]"C-Media Mixer"="Mixer.exe" [2006-06-29 C:\WINDOWS\mixer.exe]"nwiz"="nwiz.exe" [2005-02-24 C:\WINDOWS\system32\nwiz.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-07-06 113664]HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]HP Image Zone - szybkie uruchamianie.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"vidc.I420"= i263_32.drv[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Tlen.pl\\tlen.exe"="C:\\Program Files\\Opera\\opera.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"="D:\\BearShare\\BearShare.exe"="C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Documents and Settings\\Komputer\\Pulpit\\FM08\\fm.exe"="D:\\Programy\\emule\\emule.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"8461:TCP"= 8461:TCP:GoD High Port"8462:TCP"= 8462:TCP:GoD Low PortR1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 78416]R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]S3 SaiHFF04;SaiHFF04;C:\WINDOWS\system32\DRIVERS\SaiHFF04.sys [2006-08-08 182528]S3 SaiIFF04;Immersion's HID USB Driver (FF04);C:\WINDOWS\system32\DRIVERS\SaiIFF04.sys [2006-08-08 16512]S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys [ ]S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96fef781-4366-11dd-bb4c-806d6172696f}]\Shell\AutoRun\command - F:\Setup.exe.Zawartość folderu 'Zaplanowane zadania'.- - - - USUNIĘTO PUSTE WPISY - - - -HKCU-Run-ares - D:\Programy\Ares\Ares.exe.------- Skan uzupełniający -------.FireFox -: Profile - C:\Documents and Settings\Komputer\Dane aplikacji\Mozilla\Firefox\Profiles\wwp2iphu.default\.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-09-15 15:59:02Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.Czas ukończenia: 2008-09-15 16:00:36ComboFix-quarantined-files.txt  2008-09-15 14:00:29Przed: 1,223,827,456 bajt˘w wolnychPo: 2,130,169,856 bajt˘w wolnych178
Mateusz J.
komentarz
komentarz

Użyj programu The Avenger wg tego opisu.

Skrypt do wklejenia:

Files to delete:C:\WINDOWS\system32\pllib.dllFolders to deleteC:\found.003

Na koniec pokaż raport z usuwania.

alonso
komentarz
komentarz
Logfile of The Avenger Version 2.0, © by Swandog46http://swandog46.geekstogo.comPlatform:  Windows XP*******************Script file opened successfully.Script file read successfully.Backups directory opened successfully at C:\Avenger*******************Beginning to process script file:Rootkit scan active.No rootkits found!Error:  file "C:\WINDOWS\system32\pllib.dll" not found!Deletion of file "C:\WINDOWS\system32\pllib.dll" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)  --> the object does not existError:  file "Folders to delete" not found!Deletion of file "Folders to delete" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)  --> the object does not existError: "C:\found.003" is a folder, not a file!Deletion of file "C:\found.003" failed!Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)  --> use "Folders to delete:" instead of "Files to delete:" to delete a directoryCompleted script processing.*******************Finished!  Terminate.
Mateusz J.
komentarz
komentarz

Nic się nie usunęło.

Przeskanuj komputer skanerem online (Kaspresky) oraz SpyBotem

alonso
komentarz
komentarz

Teraz chyba jest OK

Logfile of The Avenger Version 2.0, © by Swandog46http://swandog46.geekstogo.comPlatform:  Windows XP*******************Script file opened successfully.Script file read successfully.Backups directory opened successfully at C:\Avenger*******************Beginning to process script file:Rootkit scan active.No rootkits found!Error:  file "C:\WINDOWS\system32\pllib.dll" not found!Deletion of file "C:\WINDOWS\system32\pllib.dll" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)  --> the object does not existError:  file "Folders to delete" not found!Deletion of file "Folders to delete" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)  --> the object does not existError: "C:\found.003" is a folder, not a file!Deletion of file "C:\found.003" failed!Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)  --> use "Folders to delete:" instead of "Files to delete:" to delete a directoryCompleted script processing.*******************Finished!  Terminate.
Mateusz J.
komentarz
komentarz
Teraz chyba jest OK
wg The Avenger-a pliki nie istnieją.

Pokaż ponownie log z ComboFix.

alonso
komentarz
komentarz
ComboFix 08-09-14.06 - Komputer 2008-09-18 19:43:44.3 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.239 [GMT 2:00]Uruchomiony z: C:\Documents and Settings\Komputer\Pulpit\ComboFix.exe[b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b].(((((((((((((((((((((((((   Pliki utworzone od 2008-08-18 do 2008-09-18  ))))))))))))))))))))))))))))))).2008-09-17 19:03 . 2008-09-17 19:03	<DIR>	d--------	C:\Program Files\Nowe Gadu-Gadu2008-09-17 19:03 . 2008-09-17 19:07	<DIR>	d--------	C:\Documents and Settings\Komputer\Dane aplikacji\Nowe Gadu-Gadu2008-09-15 17:25 . 2008-09-15 17:25	<DIR>	d--------	C:\Program Files\Spybot - Search & Destroy2008-09-15 13:54 . 2008-09-15 13:54	54,156	--ah-----	C:\WINDOWS\QTFont.qfn2008-09-15 13:54 . 2008-09-15 13:54	1,409	--a------	C:\WINDOWS\QTFont.for2008-09-14 11:10 . 2008-09-15 09:34	<DIR>	d--------	C:\Temp2008-09-13 18:27 . 2008-09-13 18:33	<DIR>	d--------	C:\tmpDownload2008-09-10 20:29 . 2008-09-10 20:29	<DIR>	d--------	C:\Program Files\Edgard Multimedia2008-09-01 19:42 . 2008-09-01 19:42	<DIR>	d--h-----	C:\WINDOWS\PIF2008-08-31 23:01 . 1999-12-17 10:13	86,016	--a------	C:\WINDOWS\unvise32.exe2008-08-31 22:58 . 2008-08-31 22:58	<DIR>	d--------	C:\Program Files\Binboy2008-08-31 19:27 . 2008-08-31 19:27	<DIR>	d--------	C:\Program Files\Cream Software2008-08-31 19:27 . 2008-08-31 19:33	<DIR>	d--------	C:\Documents and Settings\Komputer\Dane aplikacji\Cream Software2008-08-31 18:34 . 2008-08-31 22:38	<DIR>	d--------	C:\Program Files\HtmlList Html Editor2008-08-26 16:05 . 2008-08-26 16:06	<DIR>	d--------	C:\Documents and Settings\Komputer\Dane aplikacji\mIRC2008-08-21 23:39 . 2008-08-21 23:39	<DIR>	d--------	C:\Documents and Settings\Komputer\Dane aplikacji\Babbel2008-08-21 12:21 . 2008-08-21 12:21	<DIR>	d--------	C:\Program Files\EA SPORTS2008-08-21 12:21 . 2008-08-21 12:21	547	--a------	C:\WINDOWS\eReg.dat2008-08-20 08:55 . 2008-08-20 08:55	<DIR>	d--hs----	C:\found.003.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-09-18 16:06	---------	d-----w	C:\Program Files\FlashGet2008-09-18 15:03	---------	d-----w	C:\Program Files\Neostrada TP2008-09-09 16:55	---------	d-----w	C:\Documents and Settings\Komputer\Dane aplikacji\AdobeUM2008-08-30 11:07	---------	d-----w	C:\Program Files\Synop 2.02008-08-22 10:34	---------	d-----w	C:\Program Files\FM Modifier 2.22008-08-19 15:13	---------	d-----w	C:\Documents and Settings\Komputer\Dane aplikacji\BearShare2008-08-12 11:31	---------	d-----w	C:\Program Files\rFactor2008-08-07 17:56	---------	d-----w	C:\Program Files\Real Alternative2008-08-07 17:56	---------	d-----w	C:\Program Files\QT Lite2008-08-07 10:40	755,200	----a-w	C:\WINDOWS\system32\ir50_32.dll2008-08-07 10:40	391,168	----a-w	C:\WINDOWS\system32\i263_32.drv2008-08-07 10:39	77,824	----a-w	C:\WINDOWS\system32\mmswitch.dll2008-08-07 10:39	258,048	----a-w	C:\WINDOWS\system32\libFLAC.dll2008-08-07 10:38	892,928	----a-w	C:\WINDOWS\system32\iconv.dll2008-08-07 10:37	455,680	----a-w	C:\WINDOWS\system32\libmplayer.dll2008-08-07 10:37	3,598,336	----a-w	C:\WINDOWS\system32\libavcodec.dll2008-08-07 10:37	126,976	----a-w	C:\WINDOWS\system32\libmpeg2_ff.dll2008-08-07 10:36	921,600	----a-w	C:\WINDOWS\system32\vorbisenc.dll2008-08-07 10:36	56,832	----a-w	C:\WINDOWS\system32\ff_unrar.dll2008-08-07 10:36	41,472	----a-w	C:\WINDOWS\system32\ff_liba52.dll2008-08-07 10:36	397,312	----a-w	C:\WINDOWS\system32\ff_libfaad2.dll2008-08-07 10:36	237,568	----a-w	C:\WINDOWS\system32\OggDS.dll2008-08-07 10:36	23,552	----a-w	C:\WINDOWS\system32\ff_wmv9.dll2008-08-07 10:36	172,032	----a-w	C:\WINDOWS\system32\ff_libdts.dll2008-08-07 10:36	143,360	----a-w	C:\WINDOWS\system32\ff_libmad.dll2008-08-07 10:36	135,168	----a-w	C:\WINDOWS\system32\ff_samplerate.dll2008-08-07 10:36	118,784	----a-w	C:\WINDOWS\system32\ff_realaac.dll2008-08-07 10:36	102,912	----a-w	C:\WINDOWS\system32\ff_tremor.dll2008-08-07 10:35	9,216	----a-w	C:\WINDOWS\system32\cpuinf32.dll2008-08-07 10:35	45,056	----a-w	C:\WINDOWS\system32\ogg.dll2008-08-07 10:35	245,760	----a-w	C:\WINDOWS\system32\mplvpx.dll2008-08-07 10:35	188,416	----a-w	C:\WINDOWS\system32\vorbis.dll2008-08-07 10:35	1,415,680	----a-w	C:\WINDOWS\system32\WMV9VCM.dll2008-08-07 10:34	755,027	----a-w	C:\WINDOWS\system32\xvidcore.dll2008-08-07 10:34	524,288	----a-w	C:\WINDOWS\system32\DivXsm.exe2008-08-07 10:34	159,839	----a-w	C:\WINDOWS\system32\xvidvfw.dll2008-08-07 10:34	141,312	----a-w	C:\WINDOWS\system32\mp4.dll2008-08-07 10:34	108,032	----a-w	C:\WINDOWS\system32\avi.dll2008-08-07 10:33	79,360	----a-w	C:\WINDOWS\system32\mkzlib.dll2008-08-07 10:33	23,552	----a-w	C:\WINDOWS\system32\mkunicode.dll2008-08-07 10:33	163,840	----a-w	C:\WINDOWS\system32\ts.dll2008-08-07 10:33	159,744	----a-w	C:\WINDOWS\system32\mmfinfo.dll2008-08-07 10:33	148,992	----a-w	C:\WINDOWS\system32\mkx.dll2008-08-07 10:33	120,832	----a-w	C:\WINDOWS\system32\ogm.dll2008-08-07 10:32	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer2008-08-06 17:27	---------	d-----w	C:\Program Files\AliveMedia2008-08-06 17:16	---------	d-----w	C:\Program Files\FDRLab2008-08-03 12:21	---------	d-----w	C:\Program Files\Google2008-07-30 12:03	---------	d-----w	C:\Documents and Settings\Komputer\Dane aplikacji\Synop2008-07-28 16:34	---------	d-----w	C:\Program Files\Neat Image2008-07-25 12:14	---------	d-----w	C:\Program Files\Gadu-Gadu2008-07-21 22:59	---------	d-----w	C:\Documents and Settings\Komputer\Dane aplikacji\Sports Interactive2006-06-29 14:45	712,704	----a-r	C:\WINDOWS\inf\OTHER\AUDIO3D.DLL2004-03-11 11:27	40,960	----a-w	C:\Program Files\Uninstall_CDS.exe.------- Sigcheck -------2004-08-03 23:14  359040  9f4b36614a0fc234525ba224957de55c	C:\WINDOWS\system32\dllcache\tcpip.sys2004-08-03 23:14  359040  6a603809f598332dbedd535bdbce313e	C:\WINDOWS\system32\drivers\tcpip.sys.(((((((((((((((((((((((((((((   snapshot@2008-09-15_16.00.08.20   ))))))))))))))))))))))))))))))))))))))))).- 2008-09-15 12:59:23	75,212	----a-w	C:\WINDOWS\system32\perfc009.dat+ 2008-09-18 17:46:14	75,212	----a-w	C:\WINDOWS\system32\perfc009.dat- 2008-09-15 12:59:23	96,616	----a-w	C:\WINDOWS\system32\perfc015.dat+ 2008-09-18 17:46:14	96,616	----a-w	C:\WINDOWS\system32\perfc015.dat- 2008-09-15 12:59:23	430,220	----a-w	C:\WINDOWS\system32\perfh009.dat+ 2008-09-18 17:46:14	430,220	----a-w	C:\WINDOWS\system32\perfh009.dat- 2008-09-15 12:59:23	489,208	----a-w	C:\WINDOWS\system32\perfh015.dat+ 2008-09-18 17:46:14	489,208	----a-w	C:\WINDOWS\system32\perfh015.dat- 2008-09-15 12:55:12	16,384	----atw	C:\WINDOWS\Temp\Perflib_Perfdata_464.dat+ 2008-09-16 16:49:56	16,384	----atw	C:\WINDOWS\Temp\Perflib_Perfdata_464.dat+ 2006-12-01 20:56:00	96,256	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll+ 2006-12-01 20:54:32	479,232	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll+ 2006-12-01 20:54:34	548,864	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll+ 2006-12-01 20:54:32	626,688	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll+ 2006-12-01 22:25:52	1,101,824	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll+ 2006-12-01 22:25:56	1,093,120	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll+ 2006-12-01 22:25:58	69,632	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll+ 2006-12-01 22:26:00	57,856	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll+ 2006-12-01 22:08:00	40,960	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll+ 2006-12-01 22:08:00	45,056	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll+ 2006-12-01 22:08:00	65,536	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll+ 2006-12-01 22:08:00	57,344	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll+ 2006-12-01 22:08:00	61,440	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll+ 2006-12-01 22:08:00	61,440	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll+ 2006-12-01 22:08:00	61,440	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll+ 2006-12-01 22:08:00	49,152	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll+ 2006-12-01 22:08:00	49,152	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll+ 2006-12-01 22:46:44	65,536	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2008-01-15 6290944]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-19 68856]"EdHTML"="C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe" [2003-03-24 1443328]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]"Nowe Gadu-Gadu"="C:\Program Files\Nowe Gadu-Gadu\gg.exe" [2008-08-14 9929312][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-09-07 1400944]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 5537792]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-02-24 86016]"RemoteControl"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 32768]"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 79224]"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 24576]"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 20480]"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 53248]"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 36352]"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 128920]"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 2007088]"C-Media Mixer"="Mixer.exe" [2006-06-29 C:\WINDOWS\mixer.exe]"nwiz"="nwiz.exe" [2005-02-24 C:\WINDOWS\system32\nwiz.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-07-06 113664]HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]HP Image Zone - szybkie uruchamianie.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"vidc.I420"= i263_32.drv[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Tlen.pl\\tlen.exe"="C:\\Program Files\\Opera\\opera.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"="D:\\BearShare\\BearShare.exe"="C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Documents and Settings\\Komputer\\Pulpit\\FM08\\fm.exe"="D:\\Programy\\emule\\emule.exe"="C:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"8461:TCP"= 8461:TCP:GoD High Port"8462:TCP"= 8462:TCP:GoD Low PortR1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 78416]R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]S3 SaiHFF04;SaiHFF04;C:\WINDOWS\system32\DRIVERS\SaiHFF04.sys [2006-08-08 182528]S3 SaiIFF04;Immersion's HID USB Driver (FF04);C:\WINDOWS\system32\DRIVERS\SaiIFF04.sys [2006-08-08 16512]S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys [ ]S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96fef781-4366-11dd-bb4c-806d6172696f}]\Shell\AutoRun\command - F:\Setup.exe.Zawartość folderu 'Zaplanowane zadania'..------- Skan uzupełniający -------.FireFox -: Profile - C:\Documents and Settings\Komputer\Dane aplikacji\Mozilla\Firefox\Profiles\wwp2iphu.default\.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-09-18 19:46:31Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.Czas ukończenia: 2008-09-18 19:48:07ComboFix-quarantined-files.txt  2008-09-18 17:48:00ComboFix2.txt  2008-09-15 14:00:37Przed: 1,997,217,792 bajt˘w wolnychPo: 1,994,829,824 bajt˘w wolnych202

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.