Fisherek utworzono 17 września 2008 utworzono 17 września 2008 >Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:49:56, on 2008-09-17Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exeC:\Program Files\Ahead\InCD\InCD.exeC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\lexpps.exeC:\Program Files\Gadu-Gadu\gg.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Alwil Software\Avast4\setup\avast.setupD:\Adrian\HJTI\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssbR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/pl/ýR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - (no file)O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dllO3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [bearShare] "C:\Program Files\BearShare\BearShare.exe" /pauseO4 - HKLM\..\Run: [Kalendarz2006] C:\Documents and Settings\śledż\Pulpit\Kalendarz2006\Kalendarz.exeO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -hO4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automountO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exeO4 - HKCU\..\Run: [TV Watcher] "D:\Adrian\TV Watcher\TV Watcher.exe" /aO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI699F~1\ZAINST~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{A30934BF-F2A2-45EC-B9C7-9FE0A2162DB4}: NameServer = 194.204.152.34O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exeO23 - Service: Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC (UserAccess) - Unknown owner - C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe--End of file - 8106 bytes .------- Skan uzupełniający -------.R0 -: HKCU-Main,Start Page = hxxp://google.daemonsearch.com/pl/ýR1 -: HKCU-Internet Connection Wizard,ShellNext = iexploreR1 -: HKCU-Internet Settings,ProxyServer = socks=R1 -: HKCU-Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%sO8 -: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MI699F~1\ZAINST~2\Office10\EXCEL.EXE/3000O17 -: HKLM\CCS\Interface\{A30934BF-F2A2-45EC-B9C7-9FE0A2162DB4}: NameServer = 194.204.152.34.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-09-17 22:58:55Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPIskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...HKLM\Software\Microsoft\Windows\CurrentVersion\Run Kalendarz2006 = C:\Documents and Settings\?led?\Pulpit\Kalendarz2006\Kalendarz.exe??????????????????????????y???????????????????y???????????????????y???????????????????y???????????????????????L???Q?7~????????y???I?Z??????????????????(8~????h???????,^???????????????????? HKCU\Software\Microsoft\Windows\CurrentVersion\Run PowerBar = ????????l?@?????????D?????6~??????????????6~l?@?l?@????? ???????????W?9~??6~??????6~K?6~x???????[?6~???????? ??????????????|x???0??????????? ?????8~?????????????????OP?????M???????l?@?l?@?????Q?7~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@ skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.Czas ukończenia: 2008-09-17 22:59:57ComboFix-quarantined-files.txt 2008-09-17 20:59:54Przed: 3,809,378,304 bajt˘w wolnychPo: 5,810,094,080 bajt˘w wolnych160 --- E O F --- 2008-09-11 14:08:28
Mateusz J. komentarz 18 września 2008 komentarz 18 września 2008 Loga z ComboFix zrób jeszcze raz, bo ten co dałeś, to tylko jego mały kawałek.
Fisherek komentarz 18 września 2008 Autor komentarz 18 września 2008 ComboFix 08-09-16.05 - ˜ledľ 2008-09-17 22:55:54.1 - [b]FAT32[/b]x86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.244 [GMT 2:00]Uruchomiony z: C:\Documents and Settings\˜ledľ\Pulpit\ComboFix.exe * Utworzono nowy punkt przywracania[b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b].((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\moniczka.RODZICE\Cookies\moniczka@ehg-warnerbrothers.hitbox[2].txtC:\Documents and Settings\Uzytkownik\Dane aplikacji\Install.dat.((((((((((((((((((((((((( Pliki utworzone od 2008-08-17 do 2008-09-17 ))))))))))))))))))))))))))))))).2008-09-13 13:43 . 2001-08-17 20:13 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys2008-09-13 13:43 . 2001-08-17 20:13 27,165 --a------ C:\WINDOWS\system32\dllcache\fetnd5.sys2008-09-03 15:32 . 2008-09-03 15:32 <DIR> d-------- C:\Program Files\EuroPlus+ REWARD2008-09-03 15:32 . 2060-08-18 19:02 2,023,424 --------- C:\WINDOWS\system32\Vcl50.bpl2008-09-03 15:32 . 2060-08-18 19:02 1,496,064 --------- C:\WINDOWS\system32\Cc3250mt.dll2008-09-03 15:32 . 2060-08-18 18:40 909,824 --------- C:\WINDOWS\system32\Cp3245mt.dll2008-09-03 15:32 . 2060-08-18 19:02 248,832 --------- C:\WINDOWS\system32\Vclx50.bpl2008-09-03 15:32 . 2000-01-24 05:01 101,888 --------- C:\WINDOWS\system32\vcljpg50.bpl2008-09-03 15:31 . <DIR> C:\Documents and Settings\śledż\WINDOWS2008-08-30 14:06 . <DIR> C:\Documents and Settings\śledż\Dane aplikacji\Hide IP NG2008-08-29 11:16 . 2008-08-29 11:16 <DIR> d-------- C:\Documents and Settings\moniczka.RODZICE\Dane aplikacji\FDRLab2008-08-27 12:34 . 2008-08-27 12:34 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak2008-08-26 13:41 . <DIR> C:\Documents and Settings\śledż\Dane aplikacji\WebCompiler32008-08-26 00:35 . <DIR> C:\Documents and Settings\śledż\Dane aplikacji\FDRLab2008-08-26 00:22 . <DIR> C:\Documents and Settings\śledż\Dane aplikacji\concept design2008-08-26 00:22 . 2006-05-21 16:15 966,144 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll2008-08-26 00:22 . 2006-05-21 16:15 877,568 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll2008-08-26 00:22 . 2006-05-21 16:15 634,880 --a------ C:\WINDOWS\system32\NCTAudioEditor2.dll2008-08-26 00:22 . 2006-05-21 16:15 522,752 --a------ C:\WINDOWS\system32\NCTAudioTransform2.dll2008-08-26 00:22 . 2006-05-21 16:15 467,968 --a------ C:\WINDOWS\system32\NCTAudioRecord2.dll2008-08-26 00:22 . 2006-05-21 16:15 467,456 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll2008-08-26 00:22 . 2006-05-21 16:15 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll2008-08-21 22:37 . 2008-08-21 22:37 <DIR> d--hs---- C:\FOUND.006.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2060-08-18 16:40 24,064 ------w C:\WINDOWS\system32\Borlndmm.dll2008-09-16 21:43 1,138,688 ----a-w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NTUSER.DAT2008-09-16 21:43 1,138,688 ----a-w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NTUSER.DAT2008-07-31 12:13 --------- d-----w C:\Documents and Settings\kora\Dane aplikacji\Media Player Classic2008-07-30 19:46 --------- d-----w C:\Documents and Settings\moniczka.RODZICE\Dane aplikacji\Media Player Classic2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll2008-06-23 09:49 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll2008-06-20 17:42 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe2007-07-11 10:08 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys2007-07-11 10:08 56 --sh--r C:\WINDOWS\system32\D479C238B4.sys.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 2111176]"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-15 964608]"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-07-02 219008]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-03-03 266240][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-14 1397760]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 86016]"SoundMan"="SOUNDMAN.EXE" [2003-08-05 C:\WINDOWS\SOUNDMAN.EXE]"nwiz"="nwiz.exe" [2006-10-22 C:\WINDOWS\system32\nwiz.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]C:\Documents and Settings\Adrian\Menu Start\Programy\Autostart\Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2006-01-21 118784]C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.l3codecp"= l3codecp.acm"VIDC.YV12"= yv12vfw.dll[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\WINDOWS\\System32\\LEXPPS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Skype\\Phone\\Skype.exe"=R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2004-12-17 179968]*Newly Created Service* - CATCHME*Newly Created Service* - PROCEXP90.- - - - USUNIĘTO PUSTE WPISY - - - -Toolbar-TempData - (no file)Toolbar-Order - (no file)HKCU-Run-TV Watcher - D:\Adrian\TV Watcher\TV Watcher.exeHKCU-Run-PowerBar - (no file)HKLM-Run-BearShare - C:\Program Files\BearShare\BearShare.exeHKLM-Run-Kalendarz2006 - C:\Documents and Settings\śledż\Pulpit\Kalendarz2006\Kalendarz.exeHKLM-Run-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe.------- Skan uzupełniający -------.R0 -: HKCU-Main,Start Page = hxxp://google.daemonsearch.com/pl/ýR1 -: HKCU-Internet Connection Wizard,ShellNext = iexploreR1 -: HKCU-Internet Settings,ProxyServer = socks=R1 -: HKCU-Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%sO8 -: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MI699F~1\ZAINST~2\Office10\EXCEL.EXE/3000O17 -: HKLM\CCS\Interface\{A30934BF-F2A2-45EC-B9C7-9FE0A2162DB4}: NameServer = 194.204.152.34.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-09-17 22:58:55Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPIskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...HKLM\Software\Microsoft\Windows\CurrentVersion\Run Kalendarz2006 = C:\Documents and Settings\?led?\Pulpit\Kalendarz2006\Kalendarz.exe??????????????????????????y???????????????????y???????????????????y???????????????????y???????????????????????L???Q?7~????????y???I?Z??????????????????(8~????h???????,^???????????????????? HKCU\Software\Microsoft\Windows\CurrentVersion\Run PowerBar = ????????l?@?????????D?????6~??????????????6~l?@?l?@????? ???????????W?9~??6~??????6~K?6~x???????[?6~???????? ??????????????|x???0??????????? ?????8~?????????????????OP?????M???????l?@?l?@?????Q?7~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@ skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.Czas ukończenia: 2008-09-17 22:59:57ComboFix-quarantined-files.txt 2008-09-17 20:59:54Przed: 3,809,378,304 bajt˘w wolnychPo: 5,810,094,080 bajt˘w wolnych160 --- E O F --- 2008-09-11 14:08:28
Mateusz J. komentarz 18 września 2008 komentarz 18 września 2008 O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - (no file)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing) Fix w HijackThis. Do notatnika wklej: Folder::C:\FOUND.006 W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą CFScript.txt i zapisz go w tym katalogu co ściągnięty i zapisany został combofix Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt Tak jak na obrazku: Rozpocznie się usuwanie i powstanie log , który pokazujesz na forum. Jaki powód sprawdzania logów?
Fisherek komentarz 18 września 2008 Autor komentarz 18 września 2008 Powód sprawdzania logów jest taki kliknij a to są logi wygenerowane tak jak kazałeś: ComboFix 08-09-16.05 - ledľ 2008-09-18 21:57:47.2 - [b]FAT32[/b]x86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.264 [GMT 2:00]Uruchomiony z: C:\Documents and Settings\ledľ\Pulpit\ComboFix.exeCommand switches used :: C:\Documents and Settings\ledľ\Pulpit\CFScript.txt.txt * Utworzono nowy punkt przywracania[b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b].((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).C:\FOUND.006C:\FOUND.006\FILE0000.CHKC:\FOUND.006\FILE0001.CHKC:\FOUND.006\FILE0002.CHKC:\FOUND.006\FILE0003.CHKC:\FOUND.006\FILE0004.CHKC:\FOUND.006\FILE0005.CHKC:\FOUND.006\FILE0006.CHK.((((((((((((((((((((((((( Pliki utworzone od 2008-08-18 do 2008-09-18 ))))))))))))))))))))))))))))))).2008-09-13 13:43 . 2001-08-17 20:13 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys2008-09-13 13:43 . 2001-08-17 20:13 27,165 --a------ C:\WINDOWS\system32\dllcache\fetnd5.sys2008-09-03 15:32 . 2008-09-03 15:32 <DIR> d-------- C:\Program Files\EuroPlus+ REWARD2008-09-03 15:32 . 2060-08-18 19:02 2,023,424 --------- C:\WINDOWS\system32\Vcl50.bpl2008-09-03 15:32 . 2060-08-18 19:02 1,496,064 --------- C:\WINDOWS\system32\Cc3250mt.dll2008-09-03 15:32 . 2060-08-18 18:40 909,824 --------- C:\WINDOWS\system32\Cp3245mt.dll2008-09-03 15:32 . 2060-08-18 19:02 248,832 --------- C:\WINDOWS\system32\Vclx50.bpl2008-09-03 15:32 . 2000-01-24 05:01 101,888 --------- C:\WINDOWS\system32\vcljpg50.bpl2008-09-03 15:31 . <DIR> C:\Documents and Settings\śledż\WINDOWS2008-08-30 14:06 . <DIR> C:\Documents and Settings\śledż\Dane aplikacji\Hide IP NG2008-08-29 11:16 . 2008-08-29 11:16 <DIR> d-------- C:\Documents and Settings\moniczka.RODZICE\Dane aplikacji\FDRLab2008-08-27 12:34 . 2008-08-27 12:34 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak2008-08-26 13:41 . <DIR> C:\Documents and Settings\śledż\Dane aplikacji\WebCompiler32008-08-26 00:35 . <DIR> C:\Documents and Settings\śledż\Dane aplikacji\FDRLab2008-08-26 00:22 . <DIR> C:\Documents and Settings\śledż\Dane aplikacji\concept design2008-08-26 00:22 . 2006-05-21 16:15 966,144 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll2008-08-26 00:22 . 2006-05-21 16:15 877,568 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll2008-08-26 00:22 . 2006-05-21 16:15 634,880 --a------ C:\WINDOWS\system32\NCTAudioEditor2.dll2008-08-26 00:22 . 2006-05-21 16:15 522,752 --a------ C:\WINDOWS\system32\NCTAudioTransform2.dll2008-08-26 00:22 . 2006-05-21 16:15 467,968 --a------ C:\WINDOWS\system32\NCTAudioRecord2.dll2008-08-26 00:22 . 2006-05-21 16:15 467,456 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll2008-08-26 00:22 . 2006-05-21 16:15 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2060-08-18 16:40 24,064 ------w C:\WINDOWS\system32\Borlndmm.dll2008-09-18 12:46 1,138,688 ----a-w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NTUSER.DAT2008-09-18 12:46 1,138,688 ----a-w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NTUSER.DAT2008-07-31 12:13 --------- d-----w C:\Documents and Settings\kora\Dane aplikacji\Media Player Classic2008-07-30 19:46 --------- d-----w C:\Documents and Settings\moniczka.RODZICE\Dane aplikacji\Media Player Classic2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll2008-06-23 09:49 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll2008-06-20 17:42 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe2007-07-11 10:08 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys2007-07-11 10:08 56 --sh--r C:\WINDOWS\system32\D479C238B4.sys.((((((((((((((((((((((((((((( snapshot@2008-09-17_22.59.21.84 ))))))))))))))))))))))))))))))))))))))))).+ 2008-09-18 16:47:08 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_f4.dat.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 2111176]"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-15 964608]"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-07-02 219008]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-03-03 266240][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-14 1397760]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 86016]"SoundMan"="SOUNDMAN.EXE" [2003-08-05 C:\WINDOWS\SOUNDMAN.EXE]"nwiz"="nwiz.exe" [2006-10-22 C:\WINDOWS\system32\nwiz.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]C:\Documents and Settings\Adrian\Menu Start\Programy\Autostart\Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2006-01-21 118784]C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.l3codecp"= l3codecp.acm"VIDC.YV12"= yv12vfw.dll[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\WINDOWS\\System32\\LEXPPS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Skype\\Phone\\Skype.exe"=R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2004-12-17 179968].- - - - USUNIĘTO PUSTE WPISY - - - -Toolbar-TempData - (no file)Toolbar-Order - (no file)**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-09-18 22:00:20Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPIskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.Czas ukończenia: 2008-09-18 22:01:15ComboFix-quarantined-files.txt 2008-09-18 20:01:12ComboFix2.txt 2008-09-17 21:00:00Przed: 5,741,887,488 bajt˘w wolnychPo: 5,728,747,520 bajt˘w wolnych148 --- E O F --- 2008-09-11 14:08:28
Mateusz J. komentarz 19 września 2008 komentarz 19 września 2008 Log czysty. Usuń folder c:\QooBox Przeskanuj komputer skanerem online (Kaspersky).
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.