dziew993 utworzono 11 stycznia 2009 utworzono 11 stycznia 2009 to jest z hjackthis Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:41:39, on 2009-01-11Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Nero\Nero 7\InCD\NBHGui.exeC:\Program Files\Nero\Nero 7\InCD\InCD.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exeC:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\PC Tools AntiVirus\PCTAVSvc.exeC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\explorer.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLLO2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: adsoftinc - {cc8d453b-939c-8c92-e07e-41c3e6d0bfa6} - C:\WINDOWS\system32\nsn3ED.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dllO3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCANO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exeO4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exeO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Nowy folder (2)\Reader\Reader_sl.exe"O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [AQQ] E:\NOWYFO~2\WAPSTE~1\AQQ.exeO4 - HKCU\..\Run: [iPLA!] C:\Program Files\ipla\ipla.exe /autorunO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exeO4 - Startup: runit_32.lnk = C:\Program Files\runit\runit_32.exeO4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEO8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{0366A9A9-4EB1-4D9D-8322-792BCE7E5DB0}: NameServer = 208.67.222.222,208.67.220.220O17 - HKLM\System\CS1\Services\Tcpip\..\{0366A9A9-4EB1-4D9D-8322-792BCE7E5DB0}: NameServer = 208.67.222.222,208.67.220.220O17 - HKLM\System\CS2\Services\Tcpip\..\{0366A9A9-4EB1-4D9D-8322-792BCE7E5DB0}: NameServer = 208.67.222.222,208.67.220.220O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLLO23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe--End of file - 7582 bytes a to z combofix ComboFix 09-01-10.03 - OEM 2009-01-11 22:33:54.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.2047.1612 [GMT 1:00]Uruchomiony z: c:\documents and settings\OEM\Pulpit\ComboFix.exe * Utworzono nowy punkt przywracania.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\OEM\Dane aplikacji\EurekaLogc:\documents and settings\OEM\Menu Start\Programy\Autostart\ppcb_32.lnkc:\program files\IEToolbarc:\program files\IEToolbar\ECO Bar\basis.xmlc:\program files\IEToolbar\ECO Bar\ecobar.dllc:\program files\IEToolbar\ECO Bar\icons.bmpc:\program files\IEToolbar\ECO Bar\info.txtc:\program files\IEToolbar\ECO Bar\tbhelper.dllc:\program files\IEToolbar\ECO Bar\uninstall.exec:\program files\IEToolbar\ECO Bar\version.txtc:\program files\IEToolbar\ECO Bar\your_logo.pngc:\program files\Mozilla Firefox\plugins\NPMyGlSh.dllc:\program files\myglobalsearchc:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JARc:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFESTc:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JARc:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFESTc:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLLc:\program files\myglobalsearch\bar\1.bin\MGSBAR.DLLc:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLLc:\program files\myglobalsearch\bar\Cache\[u]0[/u]1F1D03F.binc:\program files\myglobalsearch\bar\Cache\[u]0[/u]1F1D2FE.binc:\program files\myglobalsearch\bar\Cache\[u]0[/u]1F1D501.binc:\program files\myglobalsearch\bar\Cache\[u]0[/u]4E88A70c:\program files\myglobalsearch\bar\Cache\files.inic:\program files\myglobalsearch\bar\History\searchc:\program files\myglobalsearch\bar\Settings\prevcfg.htmc:\program files\p2pmaxc:\program files\p2pmax\p2pmax.exec:\program files\p2pmax\p2pmaxu.exec:\program files\ppcboosterc:\program files\ppcbooster\ppcb_32.exec:\program files\ppcbooster\ppcbu_32.exec:\windows\gncyq5.exec:\windows\IE4 Error Log.txtc:\windows\nohh06760.exec:\windows\system32\_jekjvmjaxs.dllc:\windows\system32\jekjvmjaxs.dll.((((((((((((((((((((((((( Pliki utworzone od 2008-12-11 do 2009-01-11 ))))))))))))))))))))))))))))))).2009-01-11 18:51 . 2009-01-11 18:51 <DIR> d-------- c:\windows\speech2009-01-11 18:51 . 2009-01-11 18:51 <DIR> d-------- c:\program files\ivo2009-01-10 13:08 . 2009-01-10 13:08 <DIR> d-------- c:\program files\ipla2009-01-08 22:13 . 2009-01-08 22:13 53 --a------ c:\windows\DelToolbox.bat2009-01-06 18:38 . 2009-01-06 18:38 680,448 --a------ c:\windows\system32\nsn3ED.dll2009-01-03 00:17 . 2009-01-10 12:52 <DIR> d-------- c:\documents and settings\OEM\Dane aplikacji\skypePM2009-01-03 00:17 . 2009-01-03 00:17 56 --ah----- c:\windows\system32\ezsidmv.dat2009-01-03 00:13 . 2009-01-10 13:00 <DIR> d-------- c:\program files\Skype2009-01-03 00:13 . 2009-01-10 13:00 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Skype2009-01-02 20:26 . 2009-01-02 20:26 <DIR> d-------- c:\documents and settings\OEM\WapSter2009-01-01 19:38 . 2009-01-11 18:59 <DIR> d-------- c:\program files\runit2009-01-01 19:38 . 2009-01-01 19:38 196,444 --a------ c:\windows\pn8.exe2009-01-01 19:38 . 2009-01-01 19:38 69,531 --a------ c:\windows\hw5305.exe2009-01-01 19:38 . 2009-01-01 19:38 16,384 --a------ c:\windows\wuan364443.exe2009-01-01 19:38 . 2009-01-01 19:38 16,384 --a------ c:\windows\gbg033414.exe2009-01-01 19:38 . 2009-01-01 19:38 16,384 --a------ c:\windows\feoc827.exe2009-01-01 19:37 . 2009-01-01 19:38 905,544 --a------ c:\windows\ykgee3362.exe2009-01-01 19:37 . 2009-01-09 20:22 85,293 --a------ c:\windows\system32\cont_adsoftinc-remove.exe2009-01-01 19:37 . 2009-01-01 19:37 56,333 --a------ c:\windows\c20232.exe2009-01-01 19:37 . 2009-01-01 19:37 47,577 --a------ c:\windows\system32\dkxkolutgsf.exe2009-01-01 19:37 . 2009-01-01 19:37 16,384 --a------ c:\windows\vtj708346.exe2009-01-01 19:37 . 2009-01-01 19:37 16,384 --a------ c:\windows\o255.exe2009-01-01 19:37 . 2009-01-01 19:37 16,384 --a------ c:\windows\gu58826.exe2009-01-01 13:03 . 2009-01-08 22:12 <DIR> d-------- c:\documents and settings\OEM\Dane aplikacji\Samsung2008-12-31 19:30 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll2008-12-31 19:30 . 2006-07-24 16:05 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys2008-12-31 19:28 . 2008-12-31 19:28 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers2008-12-31 19:28 . 2008-12-31 19:28 <DIR> d-------- c:\program files\Samsung2008-12-31 19:28 . 2007-05-02 11:11 109,704 --a------ c:\windows\system32\drivers\ss_mdm.sys2008-12-31 19:28 . 2007-05-02 11:11 83,592 --a------ c:\windows\system32\drivers\ss_bus.sys2008-12-31 19:28 . 2007-05-02 11:11 15,112 --a------ c:\windows\system32\drivers\ss_mdfl.sys2008-12-31 19:28 . 2007-05-02 11:11 12,424 --a------ c:\windows\system32\drivers\ss_whnt.sys2008-12-31 19:28 . 2007-05-02 11:11 12,424 --a------ c:\windows\system32\drivers\ss_wh.sys2008-12-31 19:28 . 2007-05-02 11:11 12,424 --a------ c:\windows\system32\drivers\ss_cmnt.sys2008-12-31 19:28 . 2007-05-02 11:11 12,424 --a------ c:\windows\system32\drivers\ss_cm.sys2008-12-31 19:28 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico2008-12-31 19:27 . 2009-01-06 21:47 <DIR> d-------- c:\program files\Common Files\Adobe2008-12-26 20:57 . 2008-12-26 20:57 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\1E31C2008-12-26 20:55 . 2008-12-26 21:06 <DIR> d-------- c:\program files\BearShare Applications2008-12-26 20:55 . 2008-09-25 14:20 483,328 --a------ c:\windows\system32\actskn45.ocx2008-12-23 10:27 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll2008-12-23 10:26 . 2008-12-23 10:26 <DIR> d-------- c:\program files\MSBuild2008-12-23 10:26 . 2008-12-23 10:26 <DIR> d-------- c:\program files\Microsoft Works2008-12-23 10:24 . 2008-12-23 10:26 <DIR> d-------- c:\windows\SHELLNEW2008-12-23 10:23 . 2008-12-23 10:23 <DIR> dr-h----- C:\MSOCache2008-12-23 10:23 . 2008-12-23 10:27 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help2008-12-21 12:52 . 2008-12-21 14:32 <DIR> d-------- c:\program files\AVIConverter2008-12-19 21:24 . 2009-01-10 13:08 <DIR> d-------- c:\documents and settings\OEM\Dane aplikacji\ipla2008-12-19 21:24 . 2008-12-19 21:24 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ipla2008-12-19 21:24 . 2008-12-19 21:24 1,060,864 --a------ c:\windows\system32\mfc71.dll2008-12-12 12:12 . 2008-12-12 12:12 <DIR> d-------- c:\program files\MSXML 4.0.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-01-11 21:29 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP2009-01-11 17:59 --------- d-----w c:\program files\PC Tools AntiVirus2009-01-10 11:52 --------- d--h--w c:\program files\InstallShield Installation Information2009-01-08 20:49 --------- d-----w c:\documents and settings\OEM\Dane aplikacji\uTorrent2008-12-29 00:22 --------- d-----w c:\program files\Java2008-12-21 15:59 3,350 --sha-w c:\windows\system32\KGyGaAvL.sys2008-12-09 18:57 --------- d-----w c:\program files\NAPI-PROJEKT2008-12-08 17:22 98,304 ----a-w c:\windows\system32\CmdLineExt.dll2008-12-07 12:50 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Ahead2008-12-07 12:47 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\DivX2008-12-07 12:42 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\PC Tools2008-12-05 16:15 --------- d-----w c:\program files\Rockstar Games2008-12-02 14:38 --------- d-----w c:\program files\Common Files\InstallShield2008-12-02 14:38 --------- d-----w c:\documents and settings\OEM\Dane aplikacji\Corel2008-12-02 14:38 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\InstallShield2008-11-22 22:30 --------- d-----w c:\program files\Electronic Arts2008-11-22 13:04 --------- d-----w c:\program files\Common Files\Wise Installation Wizard2008-11-22 12:18 --------- d-----w c:\program files\Alcohol Soft2008-11-22 12:08 --------- d-----w c:\program files\D-Tools2008-11-22 12:04 --------- d-----w c:\program files\DAEMON Tools Toolbar2008-11-22 11:58 717,296 ----a-w c:\windows\system32\drivers\sptd.sys2008-11-22 11:58 --------- d-----w c:\documents and settings\OEM\Dane aplikacji\DAEMON Tools2008-11-21 19:28 --------- d-----w c:\documents and settings\OEM\Dane aplikacji\Winamp2008-11-21 18:16 --------- d-----w c:\documents and settings\OEM\Dane aplikacji\Ahead2008-11-21 18:06 --------- d-----w c:\program files\Common Files\Ahead2008-11-21 18:06 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Ahead2008-11-21 18:04 --------- d-----w c:\program files\Nero2008-11-21 18:04 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Nero2008-11-21 13:57 442,368 ----a-r c:\windows\system32\vp6vfw.dll2008-11-20 15:51 --------- d-----w c:\program files\Starbreeze Studios2008-11-19 21:32 --------- d-----w c:\program files\Windows Media Connect 22008-11-15 21:26 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Ulead Systems2008-11-15 21:23 --------- d-----w c:\documents and settings\OEM\Dane aplikacji\Ulead Systems2008-11-15 21:21 --------- d-----w c:\program files\Windows Media Components2008-11-15 21:21 --------- d-----w c:\program files\Common Files\InterVideo2008-11-15 17:36 499,712 ----a-w c:\windows\system32\msvcp71.dll2008-11-15 17:36 --------- d-----w c:\program files\Real2008-11-15 17:36 --------- d-----w c:\program files\Common Files\xing shared2008-11-15 17:36 --------- d-----w c:\program files\Common Files\Real2008-11-11 20:18 3,006 ----a-w c:\windows\system32\ealregsnapshot1.reg2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll2008-11-08 20:07 8,218,784 ----a-w C:\Firefox Setup 3.0.3.exe2008-11-06 20:10 315,392 ----a-w c:\windows\HideWin.exe2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll2008-10-16 01:02 668,672 ----a-w c:\windows\system32\wininet.dll2006-06-23 22:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe2009-01-06 17:38 651,776 ----a-w c:\program files\mozilla firefox\components\nsadsoftinc.dll.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]2008-09-02 15:05 398776 --a------ c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc8d453b-939c-8c92-e07e-41c3e6d0bfa6}]2009-01-06 18:38 680448 --a------ c:\windows\system32\nsn3ED.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]"AQQ"="e:\nowyfo~2\WAPSTE~1\AQQ.exe" [2008-12-22 1656832]"IPLA!"="c:\program files\ipla\ipla.exe" [2008-12-23 2794232][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"PCTAVApp"="c:\program files\PC Tools AntiVirus\PCTAV.exe" [2009-01-08 1370000]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-24 13524992]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-24 86016]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-15 185872]"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]"Adobe Reader Speed Launcher"="e:\nowy folder (2)\Reader\Reader_sl.exe" [2008-06-12 34672]"RTHDCPL"="RTHDCPL.EXE" [2007-12-20 c:\windows\RTHDCPL.exe]"nwiz"="nwiz.exe" [2008-03-24 c:\windows\system32\nwiz.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360][HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="e:\\eMule\\eMule.exe"="e:\\Nowy folder (2)\\uTorrent.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="e:\\Nowy folder (2)\\WapSter AQQ\\AQQ.exe"=R3 st3bus28;st3bus28;c:\windows\system32\drivers\st3bus28.sys [2002-12-28 8416]R3 st3mp28;st3mp28;c:\windows\system32\drivers\st3mp28.sys [2002-12-28 95328]R3 uscsc108;uscsc108;c:\windows\system32\drivers\uscsc108.sys [2003-03-09 102336]--- Other Services/Drivers In Memory ---*Deregistered* - InCDrec*Deregistered* - mchInjDrv.- - - - USUNIĘTO PUSTE WPISY - - - -BHO-{E5C82C2B-84CC-FC31-B200-AF355CB53EC6} - c:\windows\system32\jekjvmjaxs.dllHKCU-Run-Expressivo - e:\nowy folder (2)\Expressivo Demo\expressivo.exeHKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exeHKLM-Run-BearShare - e:\nowy folder (2)\BearShare.exe.------- Skan uzupełniający -------.uStart Page = hxxp://google.bearshare.com/pl/IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dllTCP: {0366A9A9-4EB1-4D9D-8322-792BCE7E5DB0} = 208.67.222.222,208.67.220.220FF - ProfilePath - c:\documents and settings\OEM\Dane aplikacji\Mozilla\Firefox\Profiles\2luatfjc.default\FF - prefs.js: browser.search.defaulturl - hxxp://www9.yoog.com/search.php?q=FF - prefs.js: browser.search.selectedEngine - Yoog SearchFF - prefs.js: browser.startup.homepage - hxxp://pl.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:officialFF - prefs.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=FF - component: c:\program files\Mozilla Firefox\components\nsadsoftinc.dllFF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dllFF - plugin: e:\nowy folder (2)\Reader\browser\nppdf32.dll---- FIREFOX POLICIES ----FF - user.js: browser.search.selectedEngine - Yoog SearchFF - user.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=FF - user.js: keyword.enabled - trueFF - user.js: browser.search.defaultenginename - Yoog SearchFF - user.js: browser.search.defaulturl - hxxp://www9.yoog.com/search.php?q=.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-01-11 22:35:02Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(820)c:\program files\PC Tools AntiVirus\PCTAVHook.dll- - - - - - - > 'lsass.exe'(876)c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dllc:\program files\PC Tools AntiVirus\PCTAVHook.dll- - - - - - - > 'csrss.exe'(796)c:\program files\PC Tools AntiVirus\PCTAVHook.dll.Czas ukończenia: 2009-01-11 22:35:48ComboFix-quarantined-files.txt 2009-01-11 21:35:42Przed: 13 487 874 048 bajtów wolnychPo: 13,767,053,312 bajtów wolnychWindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect263 --- E O F --- 2008-12-19 02:00:25
Mateusz J. komentarz 12 stycznia 2009 komentarz 12 stycznia 2009 c:\windows\system32\nsn3ED.dll Przeskanuj plik na www.virustotal.com Do notatnika wklej: File::c:\windows\pn8.exec:\windows\hw5305.exec:\windows\wuan364443.exec:\windows\gbg033414.exec:\windows\feoc827.exec:\windows\ykgee3362.exec:\windows\system32\cont_adsoftinc-remove.exec:\windows\c20232.exec:\windows\system32\dkxkolutgsf.exec:\windows\vtj708346.exec:\windows\o255.exec:\windows\gu58826.exeFolder::c:\program files\runit W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą CFScript.txt i zapisz go w tym katalogu co ściągnięty i zapisany został combofix Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt Tak jak na obrazku: Rozpocznie się usuwanie i powstanie log , który pokazujesz na forum.
dziew993 komentarz 12 stycznia 2009 Autor komentarz 12 stycznia 2009 oki dzieki i jak teraz sprawdizc czy zadzialalo??
Mateusz J. komentarz 13 stycznia 2009 komentarz 13 stycznia 2009 Pokaż powstały log Sprawdziłeś ten plik?
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.