lukas355 utworzono 16 grudnia 2008 utworzono 16 grudnia 2008 Oto moje Logi forumowicz dar55 kazał mi je tu wstawić w związku z tym tematem http://www.forumpc.pl/index.php?showtopic=79132 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:10:18, on 2008-12-15Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\System32\FTRTSVC.exeC:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\AutoConnect\AutoConnect.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLLO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft\PaperPort\11\Config\Ereg\Ereg.iniO4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exeO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exeO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1226144624394O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{A8C0650B-C429-49B0-812D-C94933CF9D71}: NameServer = 194.204.159.1 217.98.63.164O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO20 - AppInit_DLLs: avgrsstx.dllO23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exeO23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exeO23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exeO23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exeO23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exeO23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exeO23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exeO23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeO23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)--End of file - 6675 bytes
Mateusz J. komentarz 16 grudnia 2008 komentarz 16 grudnia 2008 O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing) Fix, ogólnie ejst ok. Pokaż jeszcze log z ComboFix.
lukas355 komentarz 16 grudnia 2008 Autor komentarz 16 grudnia 2008 I z combosa ComboFix 08-12-09.03 - Łukasz 2008-12-16 19:00:36.3 - NTFSx86Uruchomiony z: d:\program files\ComboFix.exe.((((((((((((((((((((((((( Pliki utworzone od 2008-11-16 do 2008-12-16 ))))))))))))))))))))))))))))))).2008-12-16 18:39 . 2008-12-16 18:40 <DIR> d-------- c:\windows\system32\CatRoot22008-12-15 16:07 . 2008-12-15 16:09 <DIR> d-------- c:\windows\system32\CT22008-12-11 18:55 . 2008-12-11 18:55 <DIR> d-------- c:\program files\Trend Micro2008-12-11 13:23 . 2008-04-14 21:51 221,184 --a------ c:\windows\system32\wmpns.dll2008-12-08 17:00 . 2008-12-14 10:51 69 --a------ c:\windows\NeroDigital.ini2008-12-04 15:48 . 2008-12-04 15:48 <DIR> d-------- c:\program files\SiSoftware2008-12-02 17:45 . 2008-12-03 15:53 <DIR> d-------- c:\program files\HWiNFO32.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-12-16 17:49 --------- d-----w c:\program files\AutoConnect2008-12-11 16:03 --------- d-----w c:\program files\neostrada tp2008-12-11 12:37 --------- d-----w c:\program files\Winamp2008-12-11 12:36 --------- d-----w c:\program files\xp-AntiSpy2008-12-11 12:35 --------- d-----w c:\program files\Ares2008-12-11 12:33 --------- d-----w c:\program files\AIMP22008-11-19 16:54 --------- d--h--w c:\program files\InstallShield Installation Information2008-11-19 08:17 --------- d-----w c:\program files\lg_fwupdate2008-11-11 12:49 --------- d-----w c:\documents and settings\Łukasz\Dane aplikacji\Ahead2008-11-10 17:29 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\LightScribe2008-11-10 17:16 --------- d-----w c:\program files\Common Files\LightScribe2008-11-10 17:10 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Ahead2008-11-10 17:09 --------- d-----w c:\program files\Common Files\Ahead2008-11-10 17:07 --------- d-----w c:\program files\Nero2008-11-10 17:07 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Nero2008-11-10 16:49 --------- d-----w c:\program files\CyberLink2008-11-09 16:15 --------- d-----w c:\documents and settings\Łukasz\Dane aplikacji\Media Player Classic2008-11-09 16:01 --------- d-----w c:\documents and settings\Łukasz\Dane aplikacji\CyberLink2008-11-09 15:59 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\CyberLink2008-11-08 19:06 --------- d-----w c:\program files\Universal2008-11-07 20:27 --------- d-----w c:\program files\Reference Assemblies2008-10-21 15:21 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ScanSoft2008-10-20 14:24 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help2008-10-19 17:06 --------- d-----w c:\program files\MSXML 4.02008-10-18 19:37 --------- d-----w c:\documents and settings\Łukasz\Dane aplikacji\Reallusion2008-10-18 19:28 --------- d-----w c:\program files\Brother2008-10-18 19:27 --------- d-----w c:\program files\Reallusion2008-10-18 16:09 --------- d-----r c:\documents and settings\Łukasz\Dane aplikacji\Brother2008-10-18 15:30 --------- d-----w c:\documents and settings\Łukasz\Dane aplikacji\ScanSoft2008-10-18 14:22 --------- d-----w c:\documents and settings\Łukasz\Dane aplikacji\InstallShield2008-10-18 14:17 --------- d-----w c:\program files\Nuance2008-10-18 14:13 --------- d-----w c:\program files\Common Files\ScanSoft Shared2008-10-18 14:12 --------- d-----w c:\program files\ScanSoft2008-10-18 14:09 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Brother.((((((((((((((((((((((((((((( snapshot@2008-12-11_18.01.25,00 ))))))))))))))))))))))))))))))))))))))))).+ 2008-08-14 13:46:46 2,137,600 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2GDR\ntkrnlmp.exe+ 2008-08-14 13:46:58 2,059,008 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2GDR\ntkrnlpa.exe+ 2008-08-14 13:46:44 2,017,280 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2GDR\ntkrpamp.exe+ 2008-08-14 13:46:56 2,181,632 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2GDR\ntoskrnl.exe+ 2008-08-14 13:40:50 2,144,256 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2QFE\ntkrnlmp.exe+ 2008-08-14 13:40:59 2,064,256 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2QFE\ntkrnlpa.exe+ 2008-08-14 13:40:43 2,022,400 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2QFE\ntkrpamp.exe+ 2008-08-14 13:40:50 2,187,264 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2QFE\ntoskrnl.exe+ 2008-08-14 13:26:24 2,146,816 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3GDR\ntkrnlmp.exe+ 2008-08-14 13:26:28 2,067,328 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3GDR\ntkrnlpa.exe+ 2008-08-14 13:26:21 2,025,472 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3GDR\ntkrpamp.exe+ 2008-08-14 13:26:27 2,190,464 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3GDR\ntoskrnl.exe+ 2008-08-14 13:57:26 2,146,816 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3QFE\ntkrnlmp.exe+ 2008-08-14 17:27:30 2,067,328 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3QFE\ntkrnlpa.exe+ 2008-08-14 13:57:25 2,025,472 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3QFE\ntkrpamp.exe+ 2008-08-14 17:27:32 2,190,464 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3QFE\ntoskrnl.exe+ 2007-11-30 11:21:28 19,320 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\spmsg.dll+ 2007-11-30 11:21:28 234,360 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\spuninst.exe+ 2007-11-30 11:21:28 26,488 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\update\spcustom.dll+ 2007-11-30 12:40:47 763,256 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\update\update.exe+ 2008-07-09 07:57:23 398,200 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\update\updspapi.dll.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AutoConnect"="c:\program files\AutoConnect\AutoConnect.exe" [2006-12-03 310784][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]"WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2004-08-23 20480]"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-04 1234712][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=avgrsstx.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm"msacm.mpegacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]--------- 2007-03-12 13:51 663552 c:\program files\Brother\Brmfcmon\BrMfcWnd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]--------- 2007-01-26 14:58 65536 c:\program files\Brother\ControlCenter3\BrCtrCen.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]--a------ 2007-11-26 14:54 1057064 c:\program files\Nero\Nero 7\InCD\InCD.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]--a------ 2007-01-29 20:10 46632 c:\program files\ScanSoft\PaperPort\IndexSearch.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]--a------ 2007-01-08 22:17 52256 c:\program files\CyberLink\PowerDVD\Language\Language.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]--a------ 2008-11-10 18:28 548864 c:\program files\lg_fwupdate\fwupdate.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]--a------ 2007-12-05 12:30 2295072 c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]--a------ 2007-03-01 14:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]--a------ 2007-01-29 20:12 30248 c:\program files\ScanSoft\PaperPort\pptd40nt.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]--a------ 2006-06-15 11:36 229376 d:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]--a------ 2006-06-19 14:59 1449984 d:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]--------- 2007-03-14 21:01 71216 c:\program files\CyberLink\PowerDVD\PDVDServ.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]--a------ 2007-11-26 14:54 1629480 c:\program files\Nero\Nero 7\InCD\NBHGui.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]--a------ 2005-01-24 18:58 81920 d:\progra~1\SONICS~1\SSAAD.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]--a------ 2006-10-25 08:03 210472 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]--------- 2004-10-14 14:55 32768 c:\progra~1\NEOSTR~1\GestMAJ.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\AVG\\AVG8\\avgemc.exe"="c:\\Program Files\\AVG\\AVG8\\avgupd.exe"="c:\\WINDOWS\\system32\\dplaysvr.exe"="c:\\Program Files\\Ares\\Ares.exe"="c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP1\\RpcSandraSrv.exe"="c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP1\\Win32\\RpcDataSrv.exe"=[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{092b2e70-84ce-11dd-a3d4-4d6564696130}]\Shell\AutoRun\command - F:\e.cmd\Shell\explore\Command - F:\e.cmd\Shell\open\Command - F:\e.cmd[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]"c:\program files\Common Files\LightScribe\LSRunOnce.exe"..------- Skan uzupełniający -------.uStart Page = hxxp://www.google.pl/IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000IE: { - c:\program files\Messenger\msmsgs.exeIE: {c:\program files\Messenger\msmsgs.exe - -TCP: {A8C0650B-C429-49B0-812D-C94933CF9D71} = 194.204.159.1 217.98.63.164FireFox -: Profile - c:\documents and settings\Łukasz\Dane aplikacji\Mozilla\Firefox\Profiles\kzu6swyn.default\FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava11.dllFF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava12.dllFF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava13.dllFF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava32.dllFF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJPI140_03.dllFF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPOJI610.dllFF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava11.dllFF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava12.dllFF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava13.dllFF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava32.dllFF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJPI140_03.dllFF -: plugin - c:\program files\Mozilla Firefox\plugins\NPOJI610.dllFF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-12-16 19:07:28Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: **************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(504)c:\windows\system32\avgrsstx.dll- - - - - - - > 'lsass.exe'(636)c:\windows\system32\avgrsstx.dll.Czas ukończenia: 2008-12-16 19:11:09ComboFix-quarantined-files.txt 2008-12-16 18:10:57ComboFix2.txt 2008-12-11 17:37:37ComboFix3.txt 2008-12-11 17:03:20Przed: 2 162 311 168 bajtów wolnychPo: 2,152,599,552 bajtów wolnych315 --- E O F --- 2008-11-07 00:20:11
Gość komentarz 17 grudnia 2008 komentarz 17 grudnia 2008 Masz "rozpierduche" w rejestrze... Wklej do Notatnika: Registry::[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{092b2e70-84ce-11dd-a3d4-4d6564696130}] >>Plik>>Zapisz jako... >>> CFScript Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe --> Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania. Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.
lukas355 komentarz 17 grudnia 2008 Autor komentarz 17 grudnia 2008 ComboFix 08-12-09.03 - Łukasz 2008-12-17 14:47:56.4 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.9 [GMT 1:00]Uruchomiony z: d:\program files\ComboFix.exeUżyto następujących komend :: d:\program files\CFScript.txt * Utworzono nowy punkt przywracania.((((((((((((((((((((((((( Pliki utworzone od 2008-11-17 do 2008-12-17 ))))))))))))))))))))))))))))))).2008-12-16 19:31 . 2003-06-25 16:05 266,360 --a------ c:\windows\system32\TweakUI.exe2008-12-16 19:31 . 2002-06-21 15:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf2008-12-16 18:39 . 2008-12-16 18:40 <DIR> d-------- c:\windows\system32\CatRoot22008-12-15 16:07 . 2008-12-15 16:09 <DIR> d-------- c:\windows\system32\CT22008-12-11 18:55 . 2008-12-11 18:55 <DIR> d-------- c:\program files\Trend Micro2008-12-11 13:23 . 2008-04-14 21:51 221,184 --a------ c:\windows\system32\wmpns.dll2008-12-08 17:00 . 2008-12-14 10:51 69 --a------ c:\windows\NeroDigital.ini2008-12-04 15:48 . 2008-12-04 15:48 <DIR> d-------- c:\program files\SiSoftware2008-12-02 17:45 . 2008-12-03 15:53 <DIR> d-------- c:\program files\HWiNFO32.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-12-17 13:03 --------- d-----w c:\program files\AutoConnect2008-12-11 16:03 --------- d-----w c:\program files\neostrada tp2008-12-11 12:37 --------- d-----w c:\program files\Winamp2008-12-11 12:36 --------- d-----w c:\program files\xp-AntiSpy2008-12-11 12:35 --------- d-----w c:\program files\Ares2008-12-11 12:33 --------- d-----w c:\program files\AIMP22008-11-19 16:54 --------- d--h--w c:\program files\InstallShield Installation Information2008-11-19 08:17 --------- d-----w c:\program files\lg_fwupdate2008-11-11 12:49 --------- d-----w c:\documents and settings\Łukasz\Dane aplikacji\Ahead2008-11-10 17:29 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\LightScribe2008-11-10 17:16 --------- d-----w c:\program files\Common Files\LightScribe2008-11-10 17:10 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Ahead2008-11-10 17:09 --------- d-----w c:\program files\Common Files\Ahead2008-11-10 17:07 --------- d-----w c:\program files\Nero2008-11-10 17:07 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Nero2008-11-10 16:49 --------- d-----w c:\program files\CyberLink2008-11-09 16:15 --------- d-----w c:\documents and settings\Łukasz\Dane aplikacji\Media Player Classic2008-11-09 16:01 --------- d-----w c:\documents and settings\Łukasz\Dane aplikacji\CyberLink2008-11-09 15:59 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\CyberLink2008-11-08 19:06 --------- d-----w c:\program files\Universal2008-11-07 20:27 --------- d-----w c:\program files\Reference Assemblies2008-10-21 15:21 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ScanSoft2008-10-20 14:24 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help2008-10-19 17:06 --------- d-----w c:\program files\MSXML 4.02008-10-18 19:37 --------- d-----w c:\documents and settings\Łukasz\Dane aplikacji\Reallusion2008-10-18 19:28 --------- d-----w c:\program files\Brother2008-10-18 19:27 --------- d-----w c:\program files\Reallusion2008-10-18 16:09 --------- d-----r c:\documents and settings\Łukasz\Dane aplikacji\Brother2008-10-18 15:30 --------- d-----w c:\documents and settings\Łukasz\Dane aplikacji\ScanSoft2008-10-18 14:22 --------- d-----w c:\documents and settings\Łukasz\Dane aplikacji\InstallShield2008-10-18 14:17 --------- d-----w c:\program files\Nuance2008-10-18 14:13 --------- d-----w c:\program files\Common Files\ScanSoft Shared2008-10-18 14:12 --------- d-----w c:\program files\ScanSoft2008-10-18 14:09 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Brother.((((((((((((((((((((((((((((( snapshot@2008-12-11_18.01.25,00 ))))))))))))))))))))))))))))))))))))))))).+ 2008-08-14 13:46:46 2,137,600 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2GDR\ntkrnlmp.exe+ 2008-08-14 13:46:58 2,059,008 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2GDR\ntkrnlpa.exe+ 2008-08-14 13:46:44 2,017,280 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2GDR\ntkrpamp.exe+ 2008-08-14 13:46:56 2,181,632 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2GDR\ntoskrnl.exe+ 2008-08-14 13:40:50 2,144,256 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2QFE\ntkrnlmp.exe+ 2008-08-14 13:40:59 2,064,256 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2QFE\ntkrnlpa.exe+ 2008-08-14 13:40:43 2,022,400 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2QFE\ntkrpamp.exe+ 2008-08-14 13:40:50 2,187,264 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2QFE\ntoskrnl.exe+ 2008-08-14 13:26:24 2,146,816 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3GDR\ntkrnlmp.exe+ 2008-08-14 13:26:28 2,067,328 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3GDR\ntkrnlpa.exe+ 2008-08-14 13:26:21 2,025,472 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3GDR\ntkrpamp.exe+ 2008-08-14 13:26:27 2,190,464 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3GDR\ntoskrnl.exe+ 2008-08-14 13:57:26 2,146,816 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3QFE\ntkrnlmp.exe+ 2008-08-14 17:27:30 2,067,328 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3QFE\ntkrnlpa.exe+ 2008-08-14 13:57:25 2,025,472 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3QFE\ntkrpamp.exe+ 2008-08-14 17:27:32 2,190,464 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3QFE\ntoskrnl.exe+ 2007-11-30 11:21:28 19,320 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\spmsg.dll+ 2007-11-30 11:21:28 234,360 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\spuninst.exe+ 2007-11-30 11:21:28 26,488 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\update\spcustom.dll+ 2007-11-30 12:40:47 763,256 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\update\update.exe+ 2008-07-09 07:57:23 398,200 ----a-w c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\update\updspapi.dll.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AutoConnect"="c:\program files\AutoConnect\AutoConnect.exe" [2006-12-03 310784][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]"WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2004-08-23 20480]"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-04 1234712][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=avgrsstx.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm"msacm.mpegacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]--------- 2007-03-12 13:51 663552 c:\program files\Brother\Brmfcmon\BrMfcWnd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]--------- 2007-01-26 14:58 65536 c:\program files\Brother\ControlCenter3\BrCtrCen.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]--a------ 2006-06-15 11:36 229376 d:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]--a------ 2006-06-19 14:59 1449984 d:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]--------- 2004-10-14 14:55 32768 c:\progra~1\NEOSTR~1\GestMAJ.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\AVG\\AVG8\\avgemc.exe"="c:\\Program Files\\AVG\\AVG8\\avgupd.exe"="c:\\WINDOWS\\system32\\dplaysvr.exe"="c:\\Program Files\\Ares\\Ares.exe"="c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP1\\RpcSandraSrv.exe"="c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP1\\Win32\\RpcDataSrv.exe"=[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]"c:\program files\Common Files\LightScribe\LSRunOnce.exe"..------- Skan uzupełniający -------.uStart Page = hxxp://www.google.pl/IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000IE: { - c:\program files\Messenger\msmsgs.exeIE: {c:\program files\Messenger\msmsgs.exe - -TCP: {A8C0650B-C429-49B0-812D-C94933CF9D71} = 194.204.159.1 217.98.63.164FireFox -: Profile - c:\documents and settings\Łukasz\Dane aplikacji\Mozilla\Firefox\Profiles\kzu6swyn.default\FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava11.dllFF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava12.dllFF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava13.dllFF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava32.dllFF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJPI140_03.dllFF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPOJI610.dllFF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava11.dllFF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava12.dllFF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava13.dllFF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava32.dllFF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJPI140_03.dllFF -: plugin - c:\program files\Mozilla Firefox\plugins\NPOJI610.dllFF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-12-17 14:54:52Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: **************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(504)c:\windows\system32\avgrsstx.dll- - - - - - - > 'lsass.exe'(628)c:\windows\system32\avgrsstx.dll.Czas ukończenia: 2008-12-17 14:58:09ComboFix-quarantined-files.txt 2008-12-17 13:57:57ComboFix2.txt 2008-12-16 18:11:16ComboFix3.txt 2008-12-11 17:37:37ComboFix4.txt 2008-12-11 17:03:20Przed: 2 114 502 656 bajtów wolnychPo: 2,105,077,760 bajtów wolnych167 --- E O F --- 2008-11-07 00:20:11 // Przypominam, że logi wstawiamy w tagi CODE // djarta
Gość komentarz 17 grudnia 2008 komentarz 17 grudnia 2008 Ten log jest już czysty. Usuń ręcznie folder C:\Qoobox, Przeczyść komputer Ccleanerem Z folderu "System Volume Information" usuniesz kopie "wirusów" poprzez chwilowe wyłączenie "Przywracania Systemu": >Panel Sterowania>System>Przywracanie Systemu>>zaznacz w okienku przy "Wyłącz przywracanie na wszystkich dyskach">Zastosuj>OK.Potem możesz powrócić do poprzedniego ustawienia (czyli usunąć zaznaczenie z okienka). Użyj tego programu ---> Dr.WEB CureIt!.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.