x-kom hosting

Logi

lukas355
utworzono
utworzono

Oto moje Logi forumowicz dar55 kazał mi je tu wstawić w związku z tym tematem http://www.forumpc.pl/index.php?showtopic=79132

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:10:18, on 2008-12-15Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\System32\FTRTSVC.exeC:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\AutoConnect\AutoConnect.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLLO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft\PaperPort\11\Config\Ereg\Ereg.iniO4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exeO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exeO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1226144624394O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{A8C0650B-C429-49B0-812D-C94933CF9D71}: NameServer = 194.204.159.1 217.98.63.164O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO20 - AppInit_DLLs: avgrsstx.dllO23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exeO23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exeO23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exeO23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exeO23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exeO23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exeO23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exeO23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeO23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)--End of file - 6675 bytes

Mateusz J.
komentarz
komentarz
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)

Fix, ogólnie ejst ok.

Pokaż jeszcze log z ComboFix.

lukas355
komentarz
komentarz

I z combosa

ComboFix 08-12-09.03 - Łukasz 2008-12-16 19:00:36.3 - NTFSx86Uruchomiony z: d:\program files\ComboFix.exe.(((((((((((((((((((((((((   Pliki utworzone od 2008-11-16 do 2008-12-16  ))))))))))))))))))))))))))))))).2008-12-16 18:39 . 2008-12-16 18:40	<DIR>	d--------	c:\windows\system32\CatRoot22008-12-15 16:07 . 2008-12-15 16:09	<DIR>	d--------	c:\windows\system32\CT22008-12-11 18:55 . 2008-12-11 18:55	<DIR>	d--------	c:\program files\Trend Micro2008-12-11 13:23 . 2008-04-14 21:51	221,184	--a------	c:\windows\system32\wmpns.dll2008-12-08 17:00 . 2008-12-14 10:51	69	--a------	c:\windows\NeroDigital.ini2008-12-04 15:48 . 2008-12-04 15:48	<DIR>	d--------	c:\program files\SiSoftware2008-12-02 17:45 . 2008-12-03 15:53	<DIR>	d--------	c:\program files\HWiNFO32.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-12-16 17:49	---------	d-----w	c:\program files\AutoConnect2008-12-11 16:03	---------	d-----w	c:\program files\neostrada tp2008-12-11 12:37	---------	d-----w	c:\program files\Winamp2008-12-11 12:36	---------	d-----w	c:\program files\xp-AntiSpy2008-12-11 12:35	---------	d-----w	c:\program files\Ares2008-12-11 12:33	---------	d-----w	c:\program files\AIMP22008-11-19 16:54	---------	d--h--w	c:\program files\InstallShield Installation Information2008-11-19 08:17	---------	d-----w	c:\program files\lg_fwupdate2008-11-11 12:49	---------	d-----w	c:\documents and settings\Łukasz\Dane aplikacji\Ahead2008-11-10 17:29	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\LightScribe2008-11-10 17:16	---------	d-----w	c:\program files\Common Files\LightScribe2008-11-10 17:10	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Ahead2008-11-10 17:09	---------	d-----w	c:\program files\Common Files\Ahead2008-11-10 17:07	---------	d-----w	c:\program files\Nero2008-11-10 17:07	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Nero2008-11-10 16:49	---------	d-----w	c:\program files\CyberLink2008-11-09 16:15	---------	d-----w	c:\documents and settings\Łukasz\Dane aplikacji\Media Player Classic2008-11-09 16:01	---------	d-----w	c:\documents and settings\Łukasz\Dane aplikacji\CyberLink2008-11-09 15:59	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\CyberLink2008-11-08 19:06	---------	d-----w	c:\program files\Universal2008-11-07 20:27	---------	d-----w	c:\program files\Reference Assemblies2008-10-21 15:21	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\ScanSoft2008-10-20 14:24	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Microsoft Help2008-10-19 17:06	---------	d-----w	c:\program files\MSXML 4.02008-10-18 19:37	---------	d-----w	c:\documents and settings\Łukasz\Dane aplikacji\Reallusion2008-10-18 19:28	---------	d-----w	c:\program files\Brother2008-10-18 19:27	---------	d-----w	c:\program files\Reallusion2008-10-18 16:09	---------	d-----r	c:\documents and settings\Łukasz\Dane aplikacji\Brother2008-10-18 15:30	---------	d-----w	c:\documents and settings\Łukasz\Dane aplikacji\ScanSoft2008-10-18 14:22	---------	d-----w	c:\documents and settings\Łukasz\Dane aplikacji\InstallShield2008-10-18 14:17	---------	d-----w	c:\program files\Nuance2008-10-18 14:13	---------	d-----w	c:\program files\Common Files\ScanSoft Shared2008-10-18 14:12	---------	d-----w	c:\program files\ScanSoft2008-10-18 14:09	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Brother.(((((((((((((((((((((((((((((   snapshot@2008-12-11_18.01.25,00   ))))))))))))))))))))))))))))))))))))))))).+ 2008-08-14 13:46:46	2,137,600	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2GDR\ntkrnlmp.exe+ 2008-08-14 13:46:58	2,059,008	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2GDR\ntkrnlpa.exe+ 2008-08-14 13:46:44	2,017,280	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2GDR\ntkrpamp.exe+ 2008-08-14 13:46:56	2,181,632	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2GDR\ntoskrnl.exe+ 2008-08-14 13:40:50	2,144,256	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2QFE\ntkrnlmp.exe+ 2008-08-14 13:40:59	2,064,256	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2QFE\ntkrnlpa.exe+ 2008-08-14 13:40:43	2,022,400	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2QFE\ntkrpamp.exe+ 2008-08-14 13:40:50	2,187,264	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2QFE\ntoskrnl.exe+ 2008-08-14 13:26:24	2,146,816	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3GDR\ntkrnlmp.exe+ 2008-08-14 13:26:28	2,067,328	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3GDR\ntkrnlpa.exe+ 2008-08-14 13:26:21	2,025,472	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3GDR\ntkrpamp.exe+ 2008-08-14 13:26:27	2,190,464	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3GDR\ntoskrnl.exe+ 2008-08-14 13:57:26	2,146,816	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3QFE\ntkrnlmp.exe+ 2008-08-14 17:27:30	2,067,328	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3QFE\ntkrnlpa.exe+ 2008-08-14 13:57:25	2,025,472	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3QFE\ntkrpamp.exe+ 2008-08-14 17:27:32	2,190,464	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3QFE\ntoskrnl.exe+ 2007-11-30 11:21:28	19,320	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\spmsg.dll+ 2007-11-30 11:21:28	234,360	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\spuninst.exe+ 2007-11-30 11:21:28	26,488	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\update\spcustom.dll+ 2007-11-30 12:40:47	763,256	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\update\update.exe+ 2008-07-09 07:57:23	398,200	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\update\updspapi.dll.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AutoConnect"="c:\program files\AutoConnect\AutoConnect.exe" [2006-12-03 310784][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]"WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2004-08-23 20480]"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-04 1234712][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=avgrsstx.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm"msacm.mpegacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64.exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64[1].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64[2].exe]"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]--------- 2007-03-12 13:51 663552 c:\program files\Brother\Brmfcmon\BrMfcWnd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]--------- 2007-01-26 14:58 65536 c:\program files\Brother\ControlCenter3\BrCtrCen.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]--a------ 2007-11-26 14:54 1057064 c:\program files\Nero\Nero 7\InCD\InCD.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]--a------ 2007-01-29 20:10 46632 c:\program files\ScanSoft\PaperPort\IndexSearch.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]--a------ 2007-01-08 22:17 52256 c:\program files\CyberLink\PowerDVD\Language\Language.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]--a------ 2008-11-10 18:28 548864 c:\program files\lg_fwupdate\fwupdate.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]--a------ 2007-12-05 12:30 2295072 c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]--a------ 2007-03-01 14:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]--a------ 2007-01-29 20:12 30248 c:\program files\ScanSoft\PaperPort\pptd40nt.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]--a------ 2006-06-15 11:36 229376 d:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]--a------ 2006-06-19 14:59 1449984 d:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]--------- 2007-03-14 21:01 71216 c:\program files\CyberLink\PowerDVD\PDVDServ.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]--a------ 2007-11-26 14:54 1629480 c:\program files\Nero\Nero 7\InCD\NBHGui.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]--a------ 2005-01-24 18:58 81920 d:\progra~1\SONICS~1\SSAAD.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]--a------ 2006-10-25 08:03 210472 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]--------- 2004-10-14 14:55 32768 c:\progra~1\NEOSTR~1\GestMAJ.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\AVG\\AVG8\\avgemc.exe"="c:\\Program Files\\AVG\\AVG8\\avgupd.exe"="c:\\WINDOWS\\system32\\dplaysvr.exe"="c:\\Program Files\\Ares\\Ares.exe"="c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP1\\RpcSandraSrv.exe"="c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP1\\Win32\\RpcDataSrv.exe"=[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{092b2e70-84ce-11dd-a3d4-4d6564696130}]\Shell\AutoRun\command - F:\e.cmd\Shell\explore\Command - F:\e.cmd\Shell\open\Command - F:\e.cmd[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]"c:\program files\Common Files\LightScribe\LSRunOnce.exe"..------- Skan uzupełniający -------.uStart Page = hxxp://www.google.pl/IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000IE: { - c:\program files\Messenger\msmsgs.exeIE: {c:\program files\Messenger\msmsgs.exe -  -TCP: {A8C0650B-C429-49B0-812D-C94933CF9D71} = 194.204.159.1 217.98.63.164FireFox -: Profile - c:\documents and settings\Łukasz\Dane aplikacji\Mozilla\Firefox\Profiles\kzu6swyn.default\FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava11.dllFF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava12.dllFF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava13.dllFF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava32.dllFF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJPI140_03.dllFF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPOJI610.dllFF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava11.dllFF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava12.dllFF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava13.dllFF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava32.dllFF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJPI140_03.dllFF -: plugin - c:\program files\Mozilla Firefox\plugins\NPOJI610.dllFF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-12-16 19:07:28Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: **************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(504)c:\windows\system32\avgrsstx.dll- - - - - - - > 'lsass.exe'(636)c:\windows\system32\avgrsstx.dll.Czas ukończenia: 2008-12-16 19:11:09ComboFix-quarantined-files.txt  2008-12-16 18:10:57ComboFix2.txt  2008-12-11 17:37:37ComboFix3.txt  2008-12-11 17:03:20Przed: 2 162 311 168 bajtów wolnychPo: 2,152,599,552 bajtów wolnych315	--- E O F ---	2008-11-07 00:20:11
Gość
komentarz
komentarz

Masz "rozpierduche" w rejestrze...

Wklej do Notatnika:

Registry::[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64.exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64[1].exe][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64[2].exe][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{092b2e70-84ce-11dd-a3d4-4d6564696130}]

>>Plik>>Zapisz jako... >>> CFScript

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

-->cfscriptb5b4me3.gif

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.

lukas355
komentarz
komentarz
ComboFix 08-12-09.03 - Łukasz 2008-12-17 14:47:56.4 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.9 [GMT 1:00]Uruchomiony z: d:\program files\ComboFix.exeUżyto następujących komend :: d:\program files\CFScript.txt * Utworzono nowy punkt przywracania.(((((((((((((((((((((((((   Pliki utworzone od 2008-11-17 do 2008-12-17  ))))))))))))))))))))))))))))))).2008-12-16 19:31 . 2003-06-25 16:05	266,360	--a------	c:\windows\system32\TweakUI.exe2008-12-16 19:31 . 2002-06-21 15:09	160,217	--a------	c:\windows\system32\PowerToysLicense.rtf2008-12-16 18:39 . 2008-12-16 18:40	<DIR>	d--------	c:\windows\system32\CatRoot22008-12-15 16:07 . 2008-12-15 16:09	<DIR>	d--------	c:\windows\system32\CT22008-12-11 18:55 . 2008-12-11 18:55	<DIR>	d--------	c:\program files\Trend Micro2008-12-11 13:23 . 2008-04-14 21:51	221,184	--a------	c:\windows\system32\wmpns.dll2008-12-08 17:00 . 2008-12-14 10:51	69	--a------	c:\windows\NeroDigital.ini2008-12-04 15:48 . 2008-12-04 15:48	<DIR>	d--------	c:\program files\SiSoftware2008-12-02 17:45 . 2008-12-03 15:53	<DIR>	d--------	c:\program files\HWiNFO32.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-12-17 13:03	---------	d-----w	c:\program files\AutoConnect2008-12-11 16:03	---------	d-----w	c:\program files\neostrada tp2008-12-11 12:37	---------	d-----w	c:\program files\Winamp2008-12-11 12:36	---------	d-----w	c:\program files\xp-AntiSpy2008-12-11 12:35	---------	d-----w	c:\program files\Ares2008-12-11 12:33	---------	d-----w	c:\program files\AIMP22008-11-19 16:54	---------	d--h--w	c:\program files\InstallShield Installation Information2008-11-19 08:17	---------	d-----w	c:\program files\lg_fwupdate2008-11-11 12:49	---------	d-----w	c:\documents and settings\Łukasz\Dane aplikacji\Ahead2008-11-10 17:29	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\LightScribe2008-11-10 17:16	---------	d-----w	c:\program files\Common Files\LightScribe2008-11-10 17:10	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Ahead2008-11-10 17:09	---------	d-----w	c:\program files\Common Files\Ahead2008-11-10 17:07	---------	d-----w	c:\program files\Nero2008-11-10 17:07	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Nero2008-11-10 16:49	---------	d-----w	c:\program files\CyberLink2008-11-09 16:15	---------	d-----w	c:\documents and settings\Łukasz\Dane aplikacji\Media Player Classic2008-11-09 16:01	---------	d-----w	c:\documents and settings\Łukasz\Dane aplikacji\CyberLink2008-11-09 15:59	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\CyberLink2008-11-08 19:06	---------	d-----w	c:\program files\Universal2008-11-07 20:27	---------	d-----w	c:\program files\Reference Assemblies2008-10-21 15:21	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\ScanSoft2008-10-20 14:24	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Microsoft Help2008-10-19 17:06	---------	d-----w	c:\program files\MSXML 4.02008-10-18 19:37	---------	d-----w	c:\documents and settings\Łukasz\Dane aplikacji\Reallusion2008-10-18 19:28	---------	d-----w	c:\program files\Brother2008-10-18 19:27	---------	d-----w	c:\program files\Reallusion2008-10-18 16:09	---------	d-----r	c:\documents and settings\Łukasz\Dane aplikacji\Brother2008-10-18 15:30	---------	d-----w	c:\documents and settings\Łukasz\Dane aplikacji\ScanSoft2008-10-18 14:22	---------	d-----w	c:\documents and settings\Łukasz\Dane aplikacji\InstallShield2008-10-18 14:17	---------	d-----w	c:\program files\Nuance2008-10-18 14:13	---------	d-----w	c:\program files\Common Files\ScanSoft Shared2008-10-18 14:12	---------	d-----w	c:\program files\ScanSoft2008-10-18 14:09	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Brother.(((((((((((((((((((((((((((((   snapshot@2008-12-11_18.01.25,00   ))))))))))))))))))))))))))))))))))))))))).+ 2008-08-14 13:46:46	2,137,600	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2GDR\ntkrnlmp.exe+ 2008-08-14 13:46:58	2,059,008	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2GDR\ntkrnlpa.exe+ 2008-08-14 13:46:44	2,017,280	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2GDR\ntkrpamp.exe+ 2008-08-14 13:46:56	2,181,632	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2GDR\ntoskrnl.exe+ 2008-08-14 13:40:50	2,144,256	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2QFE\ntkrnlmp.exe+ 2008-08-14 13:40:59	2,064,256	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2QFE\ntkrnlpa.exe+ 2008-08-14 13:40:43	2,022,400	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2QFE\ntkrpamp.exe+ 2008-08-14 13:40:50	2,187,264	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2QFE\ntoskrnl.exe+ 2008-08-14 13:26:24	2,146,816	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3GDR\ntkrnlmp.exe+ 2008-08-14 13:26:28	2,067,328	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3GDR\ntkrnlpa.exe+ 2008-08-14 13:26:21	2,025,472	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3GDR\ntkrpamp.exe+ 2008-08-14 13:26:27	2,190,464	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3GDR\ntoskrnl.exe+ 2008-08-14 13:57:26	2,146,816	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3QFE\ntkrnlmp.exe+ 2008-08-14 17:27:30	2,067,328	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3QFE\ntkrnlpa.exe+ 2008-08-14 13:57:25	2,025,472	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3QFE\ntkrpamp.exe+ 2008-08-14 17:27:32	2,190,464	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3QFE\ntoskrnl.exe+ 2007-11-30 11:21:28	19,320	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\spmsg.dll+ 2007-11-30 11:21:28	234,360	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\spuninst.exe+ 2007-11-30 11:21:28	26,488	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\update\spcustom.dll+ 2007-11-30 12:40:47	763,256	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\update\update.exe+ 2008-07-09 07:57:23	398,200	----a-w	c:\windows\SDOLD\Download\e0f2b4f68b88b3164335825c2ea24f7a\update\updspapi.dll.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AutoConnect"="c:\program files\AutoConnect\AutoConnect.exe" [2006-12-03 310784][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]"WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2004-08-23 20480]"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-04 1234712][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=avgrsstx.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm"msacm.mpegacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]--------- 2007-03-12 13:51 663552 c:\program files\Brother\Brmfcmon\BrMfcWnd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]--------- 2007-01-26 14:58 65536 c:\program files\Brother\ControlCenter3\BrCtrCen.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]--a------ 2006-06-15 11:36 229376 d:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]--a------ 2006-06-19 14:59 1449984 d:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]--------- 2004-10-14 14:55 32768 c:\progra~1\NEOSTR~1\GestMAJ.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\AVG\\AVG8\\avgemc.exe"="c:\\Program Files\\AVG\\AVG8\\avgupd.exe"="c:\\WINDOWS\\system32\\dplaysvr.exe"="c:\\Program Files\\Ares\\Ares.exe"="c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP1\\RpcSandraSrv.exe"="c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP1\\Win32\\RpcDataSrv.exe"=[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]"c:\program files\Common Files\LightScribe\LSRunOnce.exe"..------- Skan uzupełniający -------.uStart Page = hxxp://www.google.pl/IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000IE: { - c:\program files\Messenger\msmsgs.exeIE: {c:\program files\Messenger\msmsgs.exe -  -TCP: {A8C0650B-C429-49B0-812D-C94933CF9D71} = 194.204.159.1 217.98.63.164FireFox -: Profile - c:\documents and settings\Łukasz\Dane aplikacji\Mozilla\Firefox\Profiles\kzu6swyn.default\FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava11.dllFF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava12.dllFF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava13.dllFF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava32.dllFF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJPI140_03.dllFF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPOJI610.dllFF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava11.dllFF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava12.dllFF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava13.dllFF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava32.dllFF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJPI140_03.dllFF -: plugin - c:\program files\Mozilla Firefox\plugins\NPOJI610.dllFF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-12-17 14:54:52Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: **************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(504)c:\windows\system32\avgrsstx.dll- - - - - - - > 'lsass.exe'(628)c:\windows\system32\avgrsstx.dll.Czas ukończenia: 2008-12-17 14:58:09ComboFix-quarantined-files.txt  2008-12-17 13:57:57ComboFix2.txt  2008-12-16 18:11:16ComboFix3.txt  2008-12-11 17:37:37ComboFix4.txt  2008-12-11 17:03:20Przed: 2 114 502 656 bajtów wolnychPo: 2,105,077,760 bajtów wolnych167	--- E O F ---	2008-11-07 00:20:11

// Przypominam, że logi wstawiamy w tagi CODE ;)

// djarta

Gość
komentarz
komentarz

Ten log jest już czysty.

Usuń ręcznie folder C:\Qoobox,

Przeczyść komputer Ccleanerem

Z folderu "System Volume Information" usuniesz kopie "wirusów" poprzez chwilowe wyłączenie "Przywracania Systemu":

>Panel Sterowania>System>Przywracanie Systemu>>zaznacz w okienku przy "Wyłącz przywracanie na wszystkich dyskach">Zastosuj>OK.

Potem możesz powrócić do poprzedniego ustawienia (czyli usunąć zaznaczenie z okienka).

Użyj tego programu ---> Dr.WEB CureIt!.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.