x-kom hosting

prosba o sprawdzenie loga

mln
utworzono
utworzono
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:18:48, on 2008-11-12Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\WINDOWS\System32\snmp.exeC:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\DAEMON Tools Lite\daemon.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\PROGRA~1\AVG\AVG8\avgam.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\Program Files\AVG\AVG8\avgtray.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeE:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\Java\jre1.6.0_03\bin\jucheck.exeE:\Silkroad\sro_client.exeC:\Program Files\foobar2000\foobar2000.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/defaultR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.globalmuonline.com/game_notices2.php?id=337R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLLO2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dllO3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dllO3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLLO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=112408 serial=DR12CRF-2777169-WNH lang=ENO4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osbootO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automountO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorunO4 - HKCU\..\Run: [Gadu-Gadu] "E:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: avgrsstx.dllO23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exeO23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe--End of file - 7148 bytes

Gość
komentarz
komentarz

W logu nic nie widzę.

Jeśli chcesz to możesz dać log z ComboFixa.

mln
komentarz
komentarz
ComboFix 08-11-11.01 - mln 2008-11-12 15:34:37.2 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.943 [GMT 1:00]Uruchomiony z: c:\documents and settings\mln\Pulpit\ComboFix.exe[b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b].(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\Cfx32.licc:\windows\system32\cfx32.ocx.(((((((((((((((((((((((((   Pliki utworzone od 2008-10-12 do 2008-11-12  ))))))))))))))))))))))))))))))).2008-11-12 13:07 . 2008-11-12 13:07	<DIR>	d--h-----	C:\$AVG8.VAULT$2008-11-12 12:41 . 2008-11-12 14:25	<DIR>	d--------	c:\windows\system32\drivers\Avg2008-11-12 12:41 . 2008-11-12 12:41	<DIR>	d--------	c:\program files\AVG2008-11-12 12:41 . 2008-11-12 12:41	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\avg82008-11-12 12:41 . 2008-11-12 12:41	98,440	--a------	c:\windows\system32\drivers\avgldx86.sys2008-11-12 12:41 . 2008-11-12 12:41	90,632	--a------	c:\windows\system32\drivers\avgtdix.sys2008-11-12 12:41 . 2008-11-12 12:41	12,936	--a------	c:\windows\system32\drivers\avgrkx86.sys2008-11-12 12:41 . 2008-11-12 12:41	10,520	--a------	c:\windows\system32\avgrsstx.dll2008-11-12 11:34 . 2008-11-12 11:34	<DIR>	d--------	c:\documents and settings\mln\Dane aplikacji\AVGTOOLBAR2008-11-09 14:07 . 2008-11-09 14:07	2,680	--a------	c:\windows\system32\sdbackup.reg2008-11-09 13:35 . 2004-08-18 09:34	442,368	-ra------	c:\windows\system32\vp6vfw.dll2008-11-06 12:38 . 2008-11-06 12:38	<DIR>	d--------	c:\documents and settings\silk\Dane aplikacji\Folder przesyłania Share-to-Web2008-11-06 12:37 . 2008-11-12 15:37	<DIR>	d--h-----	c:\documents and settings\silk\Ustawienia lokalne2008-11-06 12:37 . 2008-11-06 12:38	<DIR>	dr-------	c:\documents and settings\silk\Ulubione2008-11-06 12:37 . 2007-10-28 22:07	<DIR>	d--h-----	c:\documents and settings\silk\Szablony2008-11-06 12:37 . 2008-11-06 12:40	<DIR>	d--------	c:\documents and settings\silk\Pulpit2008-11-06 12:37 . 2008-11-06 12:38	<DIR>	dr-------	c:\documents and settings\silk\Moje dokumenty2008-11-06 12:37 . 2007-10-28 22:00	<DIR>	dr-------	c:\documents and settings\silk\Menu Start2008-11-06 12:37 . 2008-11-06 12:40	<DIR>	dr-h-----	c:\documents and settings\silk\Dane aplikacji2008-11-06 12:37 . 2008-11-12 12:41	<DIR>	d--------	c:\documents and settings\silk2008-10-29 13:24 . 2008-10-29 13:24	444	--a------	c:\windows\system32\d3d8caps.dat2008-10-28 16:56 . 2001-10-26 17:29	66,048	--a------	c:\windows\system32\s3legacy.dll2008-10-28 16:56 . 2001-10-26 17:29	66,048	--a--c---	c:\windows\system32\dllcache\s3legacy.dll2008-10-28 16:56 . 2001-08-17 21:57	65,664	--a------	c:\windows\system32\drivers\s3legacy.sys2008-10-28 16:56 . 2001-08-17 21:57	65,664	--a--c---	c:\windows\system32\dllcache\s3legacy.sys2008-10-14 10:42 . 2008-10-14 10:43	<DIR>	d--------	c:\program files\ALLPlayer.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-11-12 14:08	---------	d-----w	c:\documents and settings\mln\Dane aplikacji\Skype2008-11-12 13:13	---------	d-----w	c:\documents and settings\mln\Dane aplikacji\foobar20002008-11-12 11:46	---------	d-----w	c:\documents and settings\mln\Dane aplikacji\skypePM2008-11-12 11:34	912,464	--sha-w	c:\windows\system32\drivers\fidbox.idx2008-11-12 11:34	80,646,176	--sha-w	c:\windows\system32\drivers\fidbox.dat2008-11-12 11:17	40,960	----a-w	c:\windows\Internet Logs\xDB37.tmp2008-11-12 10:27	---------	d-----w	c:\program files\Common Files\Adobe2008-11-12 09:48	---------	d-----w	c:\program files\KM Wakeup2008-11-12 09:33	404,480	----a-w	c:\windows\Internet Logs\xDB36.tmp2008-11-11 00:35	---------	d-----w	c:\documents and settings\mln\Dane aplikacji\Azureus2008-11-10 23:43	---------	d-----w	c:\program files\Total Video Converter2008-11-07 11:35	---------	d-----w	c:\program files\Burn4Free2008-11-07 10:59	---------	d-----w	c:\program files\Kliper2008-11-07 09:42	526,848	----a-w	c:\windows\Internet Logs\xDB35.tmp2008-11-03 23:01	---------	d-----w	c:\program files\Vuze2008-11-01 09:31	---------	d-----w	c:\program files\Internet Download Manager2008-11-01 09:31	---------	d-----w	c:\documents and settings\mln\Dane aplikacji\IDM2008-11-01 09:08	---------	d-----w	c:\documents and settings\mln\Dane aplikacji\DMCache2008-10-31 15:04	138,752	----a-w	c:\windows\Internet Logs\xDB34.tmp2008-10-30 10:16	54,784	----a-w	c:\windows\Internet Logs\xDB33.tmp2008-10-29 22:47	75,264	----a-w	c:\windows\Internet Logs\xDB32.tmp2008-10-29 14:10	66,560	----a-w	c:\windows\Internet Logs\xDB31.tmp2008-10-28 21:06	45,056	----a-w	c:\windows\Internet Logs\xDB30.tmp2008-10-28 15:39	34,304	----a-w	c:\windows\Internet Logs\xDB2F.tmp2008-10-28 15:09	43,520	----a-w	c:\windows\Internet Logs\xDB2E.tmp2008-10-28 14:11	220,160	----a-w	c:\windows\Internet Logs\xDB2D.tmp2008-10-26 06:20	377,856	----a-w	c:\windows\Internet Logs\xDB2C.tmp2008-10-23 15:26	---------	d-----w	c:\documents and settings\mln\Dane aplikacji\teamspeak22008-10-22 12:23	37,888	----a-w	c:\windows\Internet Logs\xDB2B.tmp2008-10-22 11:02	267,776	----a-w	c:\windows\Internet Logs\xDB28.tmp2008-10-22 11:02	2,230,272	----a-w	c:\windows\Internet Logs\xDB29.tmp2008-10-22 11:01	2,230,272	----a-w	c:\windows\Internet Logs\xDB2A.tmp2008-10-16 23:06	2,228,224	----a-w	c:\windows\Internet Logs\xDB27.tmp2008-10-13 14:37	11,714,044	----a-w	c:\windows\Internet Logs\tvDebug.zip2008-10-13 14:30	272,384	----a-w	c:\windows\Internet Logs\xDB26.tmp2008-10-10 08:45	---------	d-----w	c:\documents and settings\mln\Dane aplikacji\Corel2008-10-07 16:16	476,672	----a-w	c:\windows\Internet Logs\xDB25.tmp2008-10-07 15:24	---------	d-----w	c:\documents and settings\mln\Dane aplikacji\InstallShield Installation Information2008-10-06 19:24	---------	d-----w	c:\program files\MSBuild2008-10-06 19:23	---------	d-----w	c:\program files\Reference Assemblies2008-10-06 19:14	---------	d-----w	c:\program files\MSXML 6.02008-10-06 15:28	98,304	----a-w	c:\windows\system32CmdLineExt.dll2008-09-30 19:21	712,192	----a-w	c:\windows\Internet Logs\xDB24.tmp2008-09-29 15:30	21,840	----atw	c:\windows\system32\SIntfNT.dll2008-09-29 15:30	17,212	----atw	c:\windows\system32\SIntf32.dll2008-09-29 15:30	12,067	----atw	c:\windows\system32\SIntf16.dll2008-09-29 08:44	---------	d-----w	c:\program files\Free Music Zilla2008-09-27 22:09	---------	d---a-w	c:\documents and settings\All Users\Dane aplikacji\TEMP2008-09-25 12:26	---------	d-----w	c:\documents and settings\mln\Dane aplikacji\AdobeUM2008-09-23 15:27	---------	d-----w	c:\documents and settings\mln\Dane aplikacji\FMZilla2008-09-23 15:21	---------	d-----w	c:\documents and settings\mln\Dane aplikacji\Orbit2008-09-18 18:24	319,488	----a-w	c:\windows\HideWin.exe2008-09-18 18:24	---------	d--h--w	c:\program files\InstallShield Installation Information2008-09-18 18:24	---------	d-----w	c:\program files\Realtek2008-09-17 23:03	209,408	----a-w	c:\windows\Internet Logs\xDB23.tmp2008-09-16 11:35	752,128	----a-w	c:\windows\Internet Logs\xDB22.tmp2008-09-15 18:11	---------	d-----w	c:\program files\NAPI-PROJEKT2008-09-11 20:19	2,784,768	----a-w	c:\windows\Internet Logs\xDB21.tmp2008-09-10 22:43	232,075	----a-w	c:\windows\Burn4Free_Toolbar_Uninstaller_7281.exe2008-09-10 18:16	1,531,904	----a-w	c:\windows\Internet Logs\xDB20.tmp2008-09-07 01:04	815,104	----a-w	c:\windows\Internet Logs\xDB1E.tmp2008-09-07 01:04	2,130,432	----a-w	c:\windows\Internet Logs\xDB1F.tmp2008-08-19 16:49	2,098,176	----a-w	c:\windows\Internet Logs\xDB1D.tmp2008-08-19 16:49	194,048	----a-w	c:\windows\Internet Logs\xDB1C.tmp2008-08-19 12:58	66,872	----a-w	c:\windows\system32\PnkBstrA.exe2008-08-19 12:58	107,832	----a-w	c:\windows\system32\PnkBstrB.exe2008-08-16 16:55	676,864	----a-w	c:\windows\Internet Logs\xDB1B.tmp2008-01-21 14:24	1	----a-w	c:\documents and settings\mln\SI.bin2007-12-04 11:08	32	----a-w	c:\documents and settings\All Users\Dane aplikacji\ezsid.dat2004-08-03 23:44	413,696	--sh--w	c:\windows\system32\msvcp60.dll2004-08-03 23:44	553,472	--sh--w	c:\windows\system32\oleaut32.dll2004-08-03 23:44	12,288	--sh--w	c:\windows\system32\regsvr32.exe.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]2008-09-10 23:43	806912	--a------	c:\program files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [2008-09-10 806912][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [2008-09-10 806912][HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-12-22 221056]"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-02-14 486856]"Gadu-Gadu"="e:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088]"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 919016]"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-26 185896]"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-12 1235736]"nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe]"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 c:\windows\RTHDCPL.exe]"SoundMan"="SOUNDMAN.EXE" [2008-06-18 c:\windows\SoundMan.exe]"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 c:\windows\alcwzrd.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=avgrsstx.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"vidc.I420"= vdrcodec.dll"VIDC.MJPG"= Pvmjpg21.dll"VIDC.PIM1"= pclepim1.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center]"UpdatesDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="e:\\gry\\valve\\Steam.exe"="c:\\Program Files\\AVG\\AVG8\\avgam.exe"="c:\\Program Files\\AVG\\AVG8\\avgemc.exe"="c:\\Program Files\\AVG\\AVG8\\avgupd.exe"="c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-11-12 12936]R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-12 98440]R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-12 90632]R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-12 874776]R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-12 231704]S3 s3legacy;s3legacy;c:\windows\system32\DRIVERS\s3legacy.sys [2001-08-17 65664]*Newly Created Service* - AVG8EMC*Newly Created Service* - AVG8WD*Newly Created Service* - AVGLDX86*Newly Created Service* - AVGMFX86*Newly Created Service* - AVGRKX86*Newly Created Service* - AVGTDIX..------- Skan uzupełniający -------.FireFox -: Profile - c:\documents and settings\mln\Dane aplikacji\Mozilla\Firefox\Profiles\hkowg6sg.default\FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dllFF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-11-12 15:37:49Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.Czas ukończenia: 2008-11-12 15:39:21ComboFix-quarantined-files.txt  2008-11-12 14:39:05ComboFix2.txt  2008-04-08 19:37:58Przed: 2,606,784,512 bajtów wolnychPo: 6,070,632,448 bajtów wolnych203
Mateusz J.
komentarz
komentarz

Do notatnika wklej:

Folder::c:\windows\Internet Logs

W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą CFScript.txt i zapisz go w tym katalogu co ściągnięty i zapisany został combofix

Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt Tak jak na obrazku:

82650GIF.gif

Po restarcie usuń ręcznie folder C: \Qoobox.

Jaki powód sprawdzania logów?

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.