alonso utworzono 15 września 2008 utworzono 15 września 2008 Hijack Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:13:18, on 2008-09-15Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\ATKKBService.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\Mixer.exeC:\Program Files\Ahead\InCD\InCD.exeC:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\PROGRA~1\NEOSTR~1\CnxMon.exeC:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exeC:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Program Files\FlashGet\FlashGet.exeC:\Program Files\Tlen.pl\tlen.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Neostrada TP\NeostradaTP.exeC:\Program Files\HP\Digital Imaging\bin\hpqgalry.exeC:\Program Files\Neostrada TP\ComComp.exeC:\Program Files\Neostrada TP\Watch.exeC:\Program Files\Opera\opera.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Winamp\winamp.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLLO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: LexlibPlugin - {1094613F-84B6-4131-AEC1-71DF88291044} - C:\WINDOWS\system32\pllib.dllO2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dllO3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startupO4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exeO4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exeO4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeO4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /minO4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [ares] "D:\Programy\Ares\Ares.exe" -hO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [EdHTML] C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /noneO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exeO8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htmO8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htmO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dllO9 - Extra 'Tools' menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dllO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{41566F53-11EC-4077-8258-865D4B4DA6B0}: NameServer = 194.204.159.1 217.98.63.164O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe--End of file - 8258 bytes
Gość komentarz 15 września 2008 komentarz 15 września 2008 O2 - BHO: LexlibPlugin - {1094613F-84B6-4131-AEC1-71DF88291044} - C:\WINDOWS\system32\pllib.dllO2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing) Te w/w wpisy sfiksuj w Hijacku: >>Hijack>>scan(Do a system scan only)>>zaznacz je >>Fix checked Pobierz ComboFix,ale nie uruchamiaj Wklej do Notatnika: File::C:\WINDOWS\system32\pllib.dll >>Plik>>Zapisz jako... >>> CFScript Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe --> Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania. Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.
alonso komentarz 15 września 2008 Autor komentarz 15 września 2008 Jest tylko jedno ale. Nie mogę umieścić plików w koszu. Gdy wezmę w „łapkę” plik i najadę na kosz plik wraca na swoje miejsce na pulpicie. Tak samo nie mogę przenieść pliku na pulpicie w inne miejsce.
Mateusz J. komentarz 15 września 2008 komentarz 15 września 2008 W takim razie utwórz po prostu loga: http://www.forumpc.pl/index.php?showtopic=11018 Następnie użyjemy programu The Avenger, ale to po przeanalizowaniu loga z ComboFix podam Ci instrukcję
alonso komentarz 15 września 2008 Autor komentarz 15 września 2008 ComboFix 08-09-14.06 - Komputer 2008-09-15 15:55:58.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.292 [GMT 2:00]Uruchomiony z: C:\Documents and Settings\Komputer\Pulpit\ComboFix.exe * Utworzono nowy punkt przywracania[b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b].((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\youtubex.dll.((((((((((((((((((((((((( Pliki utworzone od 2008-08-15 do 2008-09-15 ))))))))))))))))))))))))))))))).2008-09-15 13:54 . 2008-09-15 13:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn2008-09-15 13:54 . 2008-09-15 13:54 1,409 --a------ C:\WINDOWS\QTFont.for2008-09-14 11:10 . 2008-09-15 09:34 <DIR> d-------- C:\Temp2008-09-13 18:27 . 2008-09-13 18:33 <DIR> d-------- C:\tmpDownload2008-09-10 20:29 . 2008-09-10 20:29 <DIR> d-------- C:\Program Files\Edgard Multimedia2008-09-01 19:42 . 2008-09-01 19:42 <DIR> d--h----- C:\WINDOWS\PIF2008-08-31 23:01 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe2008-08-31 22:58 . 2008-08-31 22:58 <DIR> d-------- C:\Program Files\Binboy2008-08-31 19:27 . 2008-08-31 19:27 <DIR> d-------- C:\Program Files\Cream Software2008-08-31 19:27 . 2008-08-31 19:33 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\Cream Software2008-08-31 18:34 . 2008-08-31 22:38 <DIR> d-------- C:\Program Files\HtmlList Html Editor2008-08-26 16:05 . 2008-08-26 16:06 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\mIRC2008-08-21 23:39 . 2008-08-21 23:39 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\Babbel2008-08-21 12:21 . 2008-08-21 12:21 <DIR> d-------- C:\Program Files\EA SPORTS2008-08-21 12:21 . 2008-08-21 12:21 547 --a------ C:\WINDOWS\eReg.dat2008-08-20 08:55 . 2008-08-20 08:55 <DIR> d--hs---- C:\found.003.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-09-15 13:56 --------- d-----w C:\Program Files\FlashGet2008-09-15 13:54 --------- d-----w C:\Program Files\Neostrada TP2008-09-09 16:55 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\AdobeUM2008-08-30 11:07 --------- d-----w C:\Program Files\Synop 2.02008-08-22 10:34 --------- d-----w C:\Program Files\FM Modifier 2.22008-08-19 15:13 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\BearShare2008-08-12 11:31 --------- d-----w C:\Program Files\rFactor2008-08-07 17:56 --------- d-----w C:\Program Files\Real Alternative2008-08-07 17:56 --------- d-----w C:\Program Files\QT Lite2008-08-07 10:40 755,200 ----a-w C:\WINDOWS\system32\ir50_32.dll2008-08-07 10:40 391,168 ----a-w C:\WINDOWS\system32\i263_32.drv2008-08-07 10:39 77,824 ----a-w C:\WINDOWS\system32\mmswitch.dll2008-08-07 10:39 258,048 ----a-w C:\WINDOWS\system32\libFLAC.dll2008-08-07 10:38 892,928 ----a-w C:\WINDOWS\system32\iconv.dll2008-08-07 10:37 455,680 ----a-w C:\WINDOWS\system32\libmplayer.dll2008-08-07 10:37 3,598,336 ----a-w C:\WINDOWS\system32\libavcodec.dll2008-08-07 10:37 126,976 ----a-w C:\WINDOWS\system32\libmpeg2_ff.dll2008-08-07 10:36 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll2008-08-07 10:36 56,832 ----a-w C:\WINDOWS\system32\ff_unrar.dll2008-08-07 10:36 41,472 ----a-w C:\WINDOWS\system32\ff_liba52.dll2008-08-07 10:36 397,312 ----a-w C:\WINDOWS\system32\ff_libfaad2.dll2008-08-07 10:36 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll2008-08-07 10:36 23,552 ----a-w C:\WINDOWS\system32\ff_wmv9.dll2008-08-07 10:36 172,032 ----a-w C:\WINDOWS\system32\ff_libdts.dll2008-08-07 10:36 143,360 ----a-w C:\WINDOWS\system32\ff_libmad.dll2008-08-07 10:36 135,168 ----a-w C:\WINDOWS\system32\ff_samplerate.dll2008-08-07 10:36 118,784 ----a-w C:\WINDOWS\system32\ff_realaac.dll2008-08-07 10:36 102,912 ----a-w C:\WINDOWS\system32\ff_tremor.dll2008-08-07 10:35 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll2008-08-07 10:35 45,056 ----a-w C:\WINDOWS\system32\ogg.dll2008-08-07 10:35 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll2008-08-07 10:35 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll2008-08-07 10:35 1,415,680 ----a-w C:\WINDOWS\system32\WMV9VCM.dll2008-08-07 10:34 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll2008-08-07 10:34 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe2008-08-07 10:34 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll2008-08-07 10:34 141,312 ----a-w C:\WINDOWS\system32\mp4.dll2008-08-07 10:34 108,032 ----a-w C:\WINDOWS\system32\avi.dll2008-08-07 10:33 79,360 ----a-w C:\WINDOWS\system32\mkzlib.dll2008-08-07 10:33 23,552 ----a-w C:\WINDOWS\system32\mkunicode.dll2008-08-07 10:33 163,840 ----a-w C:\WINDOWS\system32\ts.dll2008-08-07 10:33 159,744 ----a-w C:\WINDOWS\system32\mmfinfo.dll2008-08-07 10:33 148,992 ----a-w C:\WINDOWS\system32\mkx.dll2008-08-07 10:33 120,832 ----a-w C:\WINDOWS\system32\ogm.dll2008-08-07 10:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer2008-08-06 17:27 --------- d-----w C:\Program Files\AliveMedia2008-08-06 17:16 --------- d-----w C:\Program Files\FDRLab2008-08-03 12:21 --------- d-----w C:\Program Files\Google2008-07-30 12:03 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\Synop2008-07-28 16:34 --------- d-----w C:\Program Files\Neat Image2008-07-25 12:14 --------- d-----w C:\Program Files\Gadu-Gadu2008-07-21 22:59 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\Sports Interactive2008-07-16 10:15 --------- d-----w C:\Program Files\Trend Micro2008-07-15 16:46 --------- d-----w C:\Program Files\Norton Security Scan2008-07-15 16:45 --------- d-----w C:\Program Files\Opera2008-07-15 16:45 --------- d-----w C:\Program Files\Codemasters2008-07-15 10:54 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-07-15 09:05 --------- d-----w C:\Program Files\CyberLink2006-06-29 14:45 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL2004-03-11 11:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe.------- Sigcheck -------2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys2004-08-03 23:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2008-01-15 6290944]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-19 68856]"EdHTML"="C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe" [2003-03-24 1443328][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-09-07 1400944]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 5537792]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-02-24 86016]"RemoteControl"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 32768]"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 79224]"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 24576]"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 20480]"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 53248]"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 36352]"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 128920]"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 2007088]"C-Media Mixer"="Mixer.exe" [2006-06-29 C:\WINDOWS\mixer.exe]"nwiz"="nwiz.exe" [2005-02-24 C:\WINDOWS\system32\nwiz.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-07-06 113664]HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]HP Image Zone - szybkie uruchamianie.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"vidc.I420"= i263_32.drv[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Tlen.pl\\tlen.exe"="C:\\Program Files\\Opera\\opera.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"="D:\\BearShare\\BearShare.exe"="C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Documents and Settings\\Komputer\\Pulpit\\FM08\\fm.exe"="D:\\Programy\\emule\\emule.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"8461:TCP"= 8461:TCP:GoD High Port"8462:TCP"= 8462:TCP:GoD Low PortR1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 78416]R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]S3 SaiHFF04;SaiHFF04;C:\WINDOWS\system32\DRIVERS\SaiHFF04.sys [2006-08-08 182528]S3 SaiIFF04;Immersion's HID USB Driver (FF04);C:\WINDOWS\system32\DRIVERS\SaiIFF04.sys [2006-08-08 16512]S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys [ ]S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96fef781-4366-11dd-bb4c-806d6172696f}]\Shell\AutoRun\command - F:\Setup.exe.Zawartość folderu 'Zaplanowane zadania'.- - - - USUNIĘTO PUSTE WPISY - - - -HKCU-Run-ares - D:\Programy\Ares\Ares.exe.------- Skan uzupełniający -------.FireFox -: Profile - C:\Documents and Settings\Komputer\Dane aplikacji\Mozilla\Firefox\Profiles\wwp2iphu.default\.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-09-15 15:59:02Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.Czas ukończenia: 2008-09-15 16:00:36ComboFix-quarantined-files.txt 2008-09-15 14:00:29Przed: 1,223,827,456 bajt˘w wolnychPo: 2,130,169,856 bajt˘w wolnych178
Mateusz J. komentarz 15 września 2008 komentarz 15 września 2008 Użyj programu The Avenger wg tego opisu. Skrypt do wklejenia: Files to delete:C:\WINDOWS\system32\pllib.dllFolders to deleteC:\found.003 Na koniec pokaż raport z usuwania.
alonso komentarz 15 września 2008 Autor komentarz 15 września 2008 Logfile of The Avenger Version 2.0, © by Swandog46http://swandog46.geekstogo.comPlatform: Windows XP*******************Script file opened successfully.Script file read successfully.Backups directory opened successfully at C:\Avenger*******************Beginning to process script file:Rootkit scan active.No rootkits found!Error: file "C:\WINDOWS\system32\pllib.dll" not found!Deletion of file "C:\WINDOWS\system32\pllib.dll" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: file "Folders to delete" not found!Deletion of file "Folders to delete" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: "C:\found.003" is a folder, not a file!Deletion of file "C:\found.003" failed!Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY) --> use "Folders to delete:" instead of "Files to delete:" to delete a directoryCompleted script processing.*******************Finished! Terminate.
Mateusz J. komentarz 15 września 2008 komentarz 15 września 2008 Nic się nie usunęło. Przeskanuj komputer skanerem online (Kaspresky) oraz SpyBotem
alonso komentarz 15 września 2008 Autor komentarz 15 września 2008 Teraz chyba jest OK Logfile of The Avenger Version 2.0, © by Swandog46http://swandog46.geekstogo.comPlatform: Windows XP*******************Script file opened successfully.Script file read successfully.Backups directory opened successfully at C:\Avenger*******************Beginning to process script file:Rootkit scan active.No rootkits found!Error: file "C:\WINDOWS\system32\pllib.dll" not found!Deletion of file "C:\WINDOWS\system32\pllib.dll" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: file "Folders to delete" not found!Deletion of file "Folders to delete" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: "C:\found.003" is a folder, not a file!Deletion of file "C:\found.003" failed!Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY) --> use "Folders to delete:" instead of "Files to delete:" to delete a directoryCompleted script processing.*******************Finished! Terminate.
Mateusz J. komentarz 15 września 2008 komentarz 15 września 2008 Teraz chyba jest OKwg The Avenger-a pliki nie istnieją.Pokaż ponownie log z ComboFix.
alonso komentarz 18 września 2008 Autor komentarz 18 września 2008 ComboFix 08-09-14.06 - Komputer 2008-09-18 19:43:44.3 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.239 [GMT 2:00]Uruchomiony z: C:\Documents and Settings\Komputer\Pulpit\ComboFix.exe[b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b].((((((((((((((((((((((((( Pliki utworzone od 2008-08-18 do 2008-09-18 ))))))))))))))))))))))))))))))).2008-09-17 19:03 . 2008-09-17 19:03 <DIR> d-------- C:\Program Files\Nowe Gadu-Gadu2008-09-17 19:03 . 2008-09-17 19:07 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\Nowe Gadu-Gadu2008-09-15 17:25 . 2008-09-15 17:25 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy2008-09-15 13:54 . 2008-09-15 13:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn2008-09-15 13:54 . 2008-09-15 13:54 1,409 --a------ C:\WINDOWS\QTFont.for2008-09-14 11:10 . 2008-09-15 09:34 <DIR> d-------- C:\Temp2008-09-13 18:27 . 2008-09-13 18:33 <DIR> d-------- C:\tmpDownload2008-09-10 20:29 . 2008-09-10 20:29 <DIR> d-------- C:\Program Files\Edgard Multimedia2008-09-01 19:42 . 2008-09-01 19:42 <DIR> d--h----- C:\WINDOWS\PIF2008-08-31 23:01 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe2008-08-31 22:58 . 2008-08-31 22:58 <DIR> d-------- C:\Program Files\Binboy2008-08-31 19:27 . 2008-08-31 19:27 <DIR> d-------- C:\Program Files\Cream Software2008-08-31 19:27 . 2008-08-31 19:33 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\Cream Software2008-08-31 18:34 . 2008-08-31 22:38 <DIR> d-------- C:\Program Files\HtmlList Html Editor2008-08-26 16:05 . 2008-08-26 16:06 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\mIRC2008-08-21 23:39 . 2008-08-21 23:39 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\Babbel2008-08-21 12:21 . 2008-08-21 12:21 <DIR> d-------- C:\Program Files\EA SPORTS2008-08-21 12:21 . 2008-08-21 12:21 547 --a------ C:\WINDOWS\eReg.dat2008-08-20 08:55 . 2008-08-20 08:55 <DIR> d--hs---- C:\found.003.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-09-18 16:06 --------- d-----w C:\Program Files\FlashGet2008-09-18 15:03 --------- d-----w C:\Program Files\Neostrada TP2008-09-09 16:55 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\AdobeUM2008-08-30 11:07 --------- d-----w C:\Program Files\Synop 2.02008-08-22 10:34 --------- d-----w C:\Program Files\FM Modifier 2.22008-08-19 15:13 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\BearShare2008-08-12 11:31 --------- d-----w C:\Program Files\rFactor2008-08-07 17:56 --------- d-----w C:\Program Files\Real Alternative2008-08-07 17:56 --------- d-----w C:\Program Files\QT Lite2008-08-07 10:40 755,200 ----a-w C:\WINDOWS\system32\ir50_32.dll2008-08-07 10:40 391,168 ----a-w C:\WINDOWS\system32\i263_32.drv2008-08-07 10:39 77,824 ----a-w C:\WINDOWS\system32\mmswitch.dll2008-08-07 10:39 258,048 ----a-w C:\WINDOWS\system32\libFLAC.dll2008-08-07 10:38 892,928 ----a-w C:\WINDOWS\system32\iconv.dll2008-08-07 10:37 455,680 ----a-w C:\WINDOWS\system32\libmplayer.dll2008-08-07 10:37 3,598,336 ----a-w C:\WINDOWS\system32\libavcodec.dll2008-08-07 10:37 126,976 ----a-w C:\WINDOWS\system32\libmpeg2_ff.dll2008-08-07 10:36 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll2008-08-07 10:36 56,832 ----a-w C:\WINDOWS\system32\ff_unrar.dll2008-08-07 10:36 41,472 ----a-w C:\WINDOWS\system32\ff_liba52.dll2008-08-07 10:36 397,312 ----a-w C:\WINDOWS\system32\ff_libfaad2.dll2008-08-07 10:36 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll2008-08-07 10:36 23,552 ----a-w C:\WINDOWS\system32\ff_wmv9.dll2008-08-07 10:36 172,032 ----a-w C:\WINDOWS\system32\ff_libdts.dll2008-08-07 10:36 143,360 ----a-w C:\WINDOWS\system32\ff_libmad.dll2008-08-07 10:36 135,168 ----a-w C:\WINDOWS\system32\ff_samplerate.dll2008-08-07 10:36 118,784 ----a-w C:\WINDOWS\system32\ff_realaac.dll2008-08-07 10:36 102,912 ----a-w C:\WINDOWS\system32\ff_tremor.dll2008-08-07 10:35 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll2008-08-07 10:35 45,056 ----a-w C:\WINDOWS\system32\ogg.dll2008-08-07 10:35 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll2008-08-07 10:35 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll2008-08-07 10:35 1,415,680 ----a-w C:\WINDOWS\system32\WMV9VCM.dll2008-08-07 10:34 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll2008-08-07 10:34 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe2008-08-07 10:34 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll2008-08-07 10:34 141,312 ----a-w C:\WINDOWS\system32\mp4.dll2008-08-07 10:34 108,032 ----a-w C:\WINDOWS\system32\avi.dll2008-08-07 10:33 79,360 ----a-w C:\WINDOWS\system32\mkzlib.dll2008-08-07 10:33 23,552 ----a-w C:\WINDOWS\system32\mkunicode.dll2008-08-07 10:33 163,840 ----a-w C:\WINDOWS\system32\ts.dll2008-08-07 10:33 159,744 ----a-w C:\WINDOWS\system32\mmfinfo.dll2008-08-07 10:33 148,992 ----a-w C:\WINDOWS\system32\mkx.dll2008-08-07 10:33 120,832 ----a-w C:\WINDOWS\system32\ogm.dll2008-08-07 10:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer2008-08-06 17:27 --------- d-----w C:\Program Files\AliveMedia2008-08-06 17:16 --------- d-----w C:\Program Files\FDRLab2008-08-03 12:21 --------- d-----w C:\Program Files\Google2008-07-30 12:03 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\Synop2008-07-28 16:34 --------- d-----w C:\Program Files\Neat Image2008-07-25 12:14 --------- d-----w C:\Program Files\Gadu-Gadu2008-07-21 22:59 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\Sports Interactive2006-06-29 14:45 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL2004-03-11 11:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe.------- Sigcheck -------2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys2004-08-03 23:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys.((((((((((((((((((((((((((((( snapshot@2008-09-15_16.00.08.20 ))))))))))))))))))))))))))))))))))))))))).- 2008-09-15 12:59:23 75,212 ----a-w C:\WINDOWS\system32\perfc009.dat+ 2008-09-18 17:46:14 75,212 ----a-w C:\WINDOWS\system32\perfc009.dat- 2008-09-15 12:59:23 96,616 ----a-w C:\WINDOWS\system32\perfc015.dat+ 2008-09-18 17:46:14 96,616 ----a-w C:\WINDOWS\system32\perfc015.dat- 2008-09-15 12:59:23 430,220 ----a-w C:\WINDOWS\system32\perfh009.dat+ 2008-09-18 17:46:14 430,220 ----a-w C:\WINDOWS\system32\perfh009.dat- 2008-09-15 12:59:23 489,208 ----a-w C:\WINDOWS\system32\perfh015.dat+ 2008-09-18 17:46:14 489,208 ----a-w C:\WINDOWS\system32\perfh015.dat- 2008-09-15 12:55:12 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_464.dat+ 2008-09-16 16:49:56 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_464.dat+ 2006-12-01 20:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll+ 2006-12-01 20:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll+ 2006-12-01 20:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll+ 2006-12-01 20:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll+ 2006-12-01 22:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll+ 2006-12-01 22:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll+ 2006-12-01 22:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll+ 2006-12-01 22:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll+ 2006-12-01 22:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll+ 2006-12-01 22:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll+ 2006-12-01 22:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll+ 2006-12-01 22:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll+ 2006-12-01 22:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2008-01-15 6290944]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-19 68856]"EdHTML"="C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe" [2003-03-24 1443328]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]"Nowe Gadu-Gadu"="C:\Program Files\Nowe Gadu-Gadu\gg.exe" [2008-08-14 9929312][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-09-07 1400944]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 5537792]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-02-24 86016]"RemoteControl"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 32768]"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 79224]"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 24576]"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 20480]"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 53248]"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 36352]"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 128920]"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 2007088]"C-Media Mixer"="Mixer.exe" [2006-06-29 C:\WINDOWS\mixer.exe]"nwiz"="nwiz.exe" [2005-02-24 C:\WINDOWS\system32\nwiz.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-07-06 113664]HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]HP Image Zone - szybkie uruchamianie.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"vidc.I420"= i263_32.drv[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Tlen.pl\\tlen.exe"="C:\\Program Files\\Opera\\opera.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"="D:\\BearShare\\BearShare.exe"="C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Documents and Settings\\Komputer\\Pulpit\\FM08\\fm.exe"="D:\\Programy\\emule\\emule.exe"="C:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"8461:TCP"= 8461:TCP:GoD High Port"8462:TCP"= 8462:TCP:GoD Low PortR1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 78416]R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]S3 SaiHFF04;SaiHFF04;C:\WINDOWS\system32\DRIVERS\SaiHFF04.sys [2006-08-08 182528]S3 SaiIFF04;Immersion's HID USB Driver (FF04);C:\WINDOWS\system32\DRIVERS\SaiIFF04.sys [2006-08-08 16512]S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys [ ]S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96fef781-4366-11dd-bb4c-806d6172696f}]\Shell\AutoRun\command - F:\Setup.exe.Zawartość folderu 'Zaplanowane zadania'..------- Skan uzupełniający -------.FireFox -: Profile - C:\Documents and Settings\Komputer\Dane aplikacji\Mozilla\Firefox\Profiles\wwp2iphu.default\.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-09-18 19:46:31Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.Czas ukończenia: 2008-09-18 19:48:07ComboFix-quarantined-files.txt 2008-09-18 17:48:00ComboFix2.txt 2008-09-15 14:00:37Przed: 1,997,217,792 bajt˘w wolnychPo: 1,994,829,824 bajt˘w wolnych202
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.