x-kom hosting

Sprawdzie logi

dziew993
utworzono
utworzono

to jest z hjackthis

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:41:39, on 2009-01-11Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Nero\Nero 7\InCD\NBHGui.exeC:\Program Files\Nero\Nero 7\InCD\InCD.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exeC:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\PC Tools AntiVirus\PCTAVSvc.exeC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\explorer.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLLO2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: adsoftinc - {cc8d453b-939c-8c92-e07e-41c3e6d0bfa6} - C:\WINDOWS\system32\nsn3ED.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dllO3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCANO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osbootO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exeO4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exeO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Nowy folder (2)\Reader\Reader_sl.exe"O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [AQQ] E:\NOWYFO~2\WAPSTE~1\AQQ.exeO4 - HKCU\..\Run: [iPLA!] C:\Program Files\ipla\ipla.exe /autorunO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exeO4 - Startup: runit_32.lnk = C:\Program Files\runit\runit_32.exeO4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEO8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{0366A9A9-4EB1-4D9D-8322-792BCE7E5DB0}: NameServer = 208.67.222.222,208.67.220.220O17 - HKLM\System\CS1\Services\Tcpip\..\{0366A9A9-4EB1-4D9D-8322-792BCE7E5DB0}: NameServer = 208.67.222.222,208.67.220.220O17 - HKLM\System\CS2\Services\Tcpip\..\{0366A9A9-4EB1-4D9D-8322-792BCE7E5DB0}: NameServer = 208.67.222.222,208.67.220.220O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLLO23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe--End of file - 7582 bytes

a to z combofix

ComboFix 09-01-10.03 - OEM 2009-01-11 22:33:54.1 - NTFSx86Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.2047.1612 [GMT 1:00]Uruchomiony z: c:\documents and settings\OEM\Pulpit\ComboFix.exe * Utworzono nowy punkt przywracania.(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\OEM\Dane aplikacji\EurekaLogc:\documents and settings\OEM\Menu Start\Programy\Autostart\ppcb_32.lnkc:\program files\IEToolbarc:\program files\IEToolbar\ECO Bar\basis.xmlc:\program files\IEToolbar\ECO Bar\ecobar.dllc:\program files\IEToolbar\ECO Bar\icons.bmpc:\program files\IEToolbar\ECO Bar\info.txtc:\program files\IEToolbar\ECO Bar\tbhelper.dllc:\program files\IEToolbar\ECO Bar\uninstall.exec:\program files\IEToolbar\ECO Bar\version.txtc:\program files\IEToolbar\ECO Bar\your_logo.pngc:\program files\Mozilla Firefox\plugins\NPMyGlSh.dllc:\program files\myglobalsearchc:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JARc:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFESTc:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JARc:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFESTc:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLLc:\program files\myglobalsearch\bar\1.bin\MGSBAR.DLLc:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLLc:\program files\myglobalsearch\bar\Cache\[u]0[/u]1F1D03F.binc:\program files\myglobalsearch\bar\Cache\[u]0[/u]1F1D2FE.binc:\program files\myglobalsearch\bar\Cache\[u]0[/u]1F1D501.binc:\program files\myglobalsearch\bar\Cache\[u]0[/u]4E88A70c:\program files\myglobalsearch\bar\Cache\files.inic:\program files\myglobalsearch\bar\History\searchc:\program files\myglobalsearch\bar\Settings\prevcfg.htmc:\program files\p2pmaxc:\program files\p2pmax\p2pmax.exec:\program files\p2pmax\p2pmaxu.exec:\program files\ppcboosterc:\program files\ppcbooster\ppcb_32.exec:\program files\ppcbooster\ppcbu_32.exec:\windows\gncyq5.exec:\windows\IE4 Error Log.txtc:\windows\nohh06760.exec:\windows\system32\_jekjvmjaxs.dllc:\windows\system32\jekjvmjaxs.dll.(((((((((((((((((((((((((   Pliki utworzone od 2008-12-11 do 2009-01-11  ))))))))))))))))))))))))))))))).2009-01-11 18:51 . 2009-01-11 18:51	<DIR>	d--------	c:\windows\speech2009-01-11 18:51 . 2009-01-11 18:51	<DIR>	d--------	c:\program files\ivo2009-01-10 13:08 . 2009-01-10 13:08	<DIR>	d--------	c:\program files\ipla2009-01-08 22:13 . 2009-01-08 22:13	53	--a------	c:\windows\DelToolbox.bat2009-01-06 18:38 . 2009-01-06 18:38	680,448	--a------	c:\windows\system32\nsn3ED.dll2009-01-03 00:17 . 2009-01-10 12:52	<DIR>	d--------	c:\documents and settings\OEM\Dane aplikacji\skypePM2009-01-03 00:17 . 2009-01-03 00:17	56	--ah-----	c:\windows\system32\ezsidmv.dat2009-01-03 00:13 . 2009-01-10 13:00	<DIR>	d--------	c:\program files\Skype2009-01-03 00:13 . 2009-01-10 13:00	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Skype2009-01-02 20:26 . 2009-01-02 20:26	<DIR>	d--------	c:\documents and settings\OEM\WapSter2009-01-01 19:38 . 2009-01-11 18:59	<DIR>	d--------	c:\program files\runit2009-01-01 19:38 . 2009-01-01 19:38	196,444	--a------	c:\windows\pn8.exe2009-01-01 19:38 . 2009-01-01 19:38	69,531	--a------	c:\windows\hw5305.exe2009-01-01 19:38 . 2009-01-01 19:38	16,384	--a------	c:\windows\wuan364443.exe2009-01-01 19:38 . 2009-01-01 19:38	16,384	--a------	c:\windows\gbg033414.exe2009-01-01 19:38 . 2009-01-01 19:38	16,384	--a------	c:\windows\feoc827.exe2009-01-01 19:37 . 2009-01-01 19:38	905,544	--a------	c:\windows\ykgee3362.exe2009-01-01 19:37 . 2009-01-09 20:22	85,293	--a------	c:\windows\system32\cont_adsoftinc-remove.exe2009-01-01 19:37 . 2009-01-01 19:37	56,333	--a------	c:\windows\c20232.exe2009-01-01 19:37 . 2009-01-01 19:37	47,577	--a------	c:\windows\system32\dkxkolutgsf.exe2009-01-01 19:37 . 2009-01-01 19:37	16,384	--a------	c:\windows\vtj708346.exe2009-01-01 19:37 . 2009-01-01 19:37	16,384	--a------	c:\windows\o255.exe2009-01-01 19:37 . 2009-01-01 19:37	16,384	--a------	c:\windows\gu58826.exe2009-01-01 13:03 . 2009-01-08 22:12	<DIR>	d--------	c:\documents and settings\OEM\Dane aplikacji\Samsung2008-12-31 19:30 . 2006-05-03 22:53	174,592	--a------	c:\windows\system32\framedyn.dll2008-12-31 19:30 . 2006-07-24 16:05	5,632	--a------	c:\windows\system32\drivers\StarOpen.sys2008-12-31 19:28 . 2008-12-31 19:28	<DIR>	d--------	c:\windows\system32\Samsung_USB_Drivers2008-12-31 19:28 . 2008-12-31 19:28	<DIR>	d--------	c:\program files\Samsung2008-12-31 19:28 . 2007-05-02 11:11	109,704	--a------	c:\windows\system32\drivers\ss_mdm.sys2008-12-31 19:28 . 2007-05-02 11:11	83,592	--a------	c:\windows\system32\drivers\ss_bus.sys2008-12-31 19:28 . 2007-05-02 11:11	15,112	--a------	c:\windows\system32\drivers\ss_mdfl.sys2008-12-31 19:28 . 2007-05-02 11:11	12,424	--a------	c:\windows\system32\drivers\ss_whnt.sys2008-12-31 19:28 . 2007-05-02 11:11	12,424	--a------	c:\windows\system32\drivers\ss_wh.sys2008-12-31 19:28 . 2007-05-02 11:11	12,424	--a------	c:\windows\system32\drivers\ss_cmnt.sys2008-12-31 19:28 . 2007-05-02 11:11	12,424	--a------	c:\windows\system32\drivers\ss_cm.sys2008-12-31 19:28 . 2005-08-28 20:51	766	--a------	c:\windows\system32\Uninstall.ico2008-12-31 19:27 . 2009-01-06 21:47	<DIR>	d--------	c:\program files\Common Files\Adobe2008-12-26 20:57 . 2008-12-26 20:57	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\1E31C2008-12-26 20:55 . 2008-12-26 21:06	<DIR>	d--------	c:\program files\BearShare Applications2008-12-26 20:55 . 2008-09-25 14:20	483,328	--a------	c:\windows\system32\actskn45.ocx2008-12-23 10:27 . 2006-10-26 19:56	32,592	--a------	c:\windows\system32\msonpmon.dll2008-12-23 10:26 . 2008-12-23 10:26	<DIR>	d--------	c:\program files\MSBuild2008-12-23 10:26 . 2008-12-23 10:26	<DIR>	d--------	c:\program files\Microsoft Works2008-12-23 10:24 . 2008-12-23 10:26	<DIR>	d--------	c:\windows\SHELLNEW2008-12-23 10:23 . 2008-12-23 10:23	<DIR>	dr-h-----	C:\MSOCache2008-12-23 10:23 . 2008-12-23 10:27	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Microsoft Help2008-12-21 12:52 . 2008-12-21 14:32	<DIR>	d--------	c:\program files\AVIConverter2008-12-19 21:24 . 2009-01-10 13:08	<DIR>	d--------	c:\documents and settings\OEM\Dane aplikacji\ipla2008-12-19 21:24 . 2008-12-19 21:24	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\ipla2008-12-19 21:24 . 2008-12-19 21:24	1,060,864	--a------	c:\windows\system32\mfc71.dll2008-12-12 12:12 . 2008-12-12 12:12	<DIR>	d--------	c:\program files\MSXML 4.0.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-01-11 21:29	---------	d---a-w	c:\documents and settings\All Users\Dane aplikacji\TEMP2009-01-11 17:59	---------	d-----w	c:\program files\PC Tools AntiVirus2009-01-10 11:52	---------	d--h--w	c:\program files\InstallShield Installation Information2009-01-08 20:49	---------	d-----w	c:\documents and settings\OEM\Dane aplikacji\uTorrent2008-12-29 00:22	---------	d-----w	c:\program files\Java2008-12-21 15:59	3,350	--sha-w	c:\windows\system32\KGyGaAvL.sys2008-12-09 18:57	---------	d-----w	c:\program files\NAPI-PROJEKT2008-12-08 17:22	98,304	----a-w	c:\windows\system32\CmdLineExt.dll2008-12-07 12:50	---------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\Ahead2008-12-07 12:47	---------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\DivX2008-12-07 12:42	---------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\PC Tools2008-12-05 16:15	---------	d-----w	c:\program files\Rockstar Games2008-12-02 14:38	---------	d-----w	c:\program files\Common Files\InstallShield2008-12-02 14:38	---------	d-----w	c:\documents and settings\OEM\Dane aplikacji\Corel2008-12-02 14:38	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\InstallShield2008-11-22 22:30	---------	d-----w	c:\program files\Electronic Arts2008-11-22 13:04	---------	d-----w	c:\program files\Common Files\Wise Installation Wizard2008-11-22 12:18	---------	d-----w	c:\program files\Alcohol Soft2008-11-22 12:08	---------	d-----w	c:\program files\D-Tools2008-11-22 12:04	---------	d-----w	c:\program files\DAEMON Tools Toolbar2008-11-22 11:58	717,296	----a-w	c:\windows\system32\drivers\sptd.sys2008-11-22 11:58	---------	d-----w	c:\documents and settings\OEM\Dane aplikacji\DAEMON Tools2008-11-21 19:28	---------	d-----w	c:\documents and settings\OEM\Dane aplikacji\Winamp2008-11-21 18:16	---------	d-----w	c:\documents and settings\OEM\Dane aplikacji\Ahead2008-11-21 18:06	---------	d-----w	c:\program files\Common Files\Ahead2008-11-21 18:06	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Ahead2008-11-21 18:04	---------	d-----w	c:\program files\Nero2008-11-21 18:04	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Nero2008-11-21 13:57	442,368	----a-r	c:\windows\system32\vp6vfw.dll2008-11-20 15:51	---------	d-----w	c:\program files\Starbreeze Studios2008-11-19 21:32	---------	d-----w	c:\program files\Windows Media Connect 22008-11-15 21:26	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Ulead Systems2008-11-15 21:23	---------	d-----w	c:\documents and settings\OEM\Dane aplikacji\Ulead Systems2008-11-15 21:21	---------	d-----w	c:\program files\Windows Media Components2008-11-15 21:21	---------	d-----w	c:\program files\Common Files\InterVideo2008-11-15 17:36	499,712	----a-w	c:\windows\system32\msvcp71.dll2008-11-15 17:36	---------	d-----w	c:\program files\Real2008-11-15 17:36	---------	d-----w	c:\program files\Common Files\xing shared2008-11-15 17:36	---------	d-----w	c:\program files\Common Files\Real2008-11-11 20:18	3,006	----a-w	c:\windows\system32\ealregsnapshot1.reg2008-11-10 04:43	410,984	----a-w	c:\windows\system32\deploytk.dll2008-11-08 20:07	8,218,784	----a-w	C:\Firefox Setup 3.0.3.exe2008-11-06 20:10	315,392	----a-w	c:\windows\HideWin.exe2008-10-23 12:42	286,720	----a-w	c:\windows\system32\gdi32.dll2008-10-16 13:13	202,776	----a-w	c:\windows\system32\wuweb.dll2008-10-16 13:13	1,809,944	----a-w	c:\windows\system32\wuaueng.dll2008-10-16 13:12	561,688	----a-w	c:\windows\system32\wuapi.dll2008-10-16 13:12	323,608	----a-w	c:\windows\system32\wucltui.dll2008-10-16 13:09	92,696	----a-w	c:\windows\system32\cdm.dll2008-10-16 13:09	51,224	----a-w	c:\windows\system32\wuauclt.exe2008-10-16 13:09	43,544	----a-w	c:\windows\system32\wups2.dll2008-10-16 13:08	34,328	----a-w	c:\windows\system32\wups.dll2008-10-16 01:02	668,672	----a-w	c:\windows\system32\wininet.dll2006-06-23 22:48	32,768	----a-r	c:\windows\inf\UpdateUSB.exe2009-01-06 17:38	651,776	----a-w	c:\program files\mozilla firefox\components\nsadsoftinc.dll.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]2008-09-02 15:05	398776	--a------	c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc8d453b-939c-8c92-e07e-41c3e6d0bfa6}]2009-01-06 18:38	680448	--a------	c:\windows\system32\nsn3ED.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]"AQQ"="e:\nowyfo~2\WAPSTE~1\AQQ.exe" [2008-12-22 1656832]"IPLA!"="c:\program files\ipla\ipla.exe" [2008-12-23 2794232][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"PCTAVApp"="c:\program files\PC Tools AntiVirus\PCTAV.exe" [2009-01-08 1370000]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-24 13524992]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-24 86016]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-15 185872]"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]"Adobe Reader Speed Launcher"="e:\nowy folder (2)\Reader\Reader_sl.exe" [2008-06-12 34672]"RTHDCPL"="RTHDCPL.EXE" [2007-12-20 c:\windows\RTHDCPL.exe]"nwiz"="nwiz.exe" [2008-03-24 c:\windows\system32\nwiz.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360][HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="e:\\eMule\\eMule.exe"="e:\\Nowy folder (2)\\uTorrent.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="e:\\Nowy folder (2)\\WapSter AQQ\\AQQ.exe"=R3 st3bus28;st3bus28;c:\windows\system32\drivers\st3bus28.sys [2002-12-28 8416]R3 st3mp28;st3mp28;c:\windows\system32\drivers\st3mp28.sys [2002-12-28 95328]R3 uscsc108;uscsc108;c:\windows\system32\drivers\uscsc108.sys [2003-03-09 102336]--- Other Services/Drivers In Memory ---*Deregistered* - InCDrec*Deregistered* - mchInjDrv.- - - - USUNIĘTO PUSTE WPISY - - - -BHO-{E5C82C2B-84CC-FC31-B200-AF355CB53EC6} - c:\windows\system32\jekjvmjaxs.dllHKCU-Run-Expressivo - e:\nowy folder (2)\Expressivo Demo\expressivo.exeHKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exeHKLM-Run-BearShare - e:\nowy folder (2)\BearShare.exe.------- Skan uzupełniający -------.uStart Page = hxxp://google.bearshare.com/pl/IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dllTCP: {0366A9A9-4EB1-4D9D-8322-792BCE7E5DB0} = 208.67.222.222,208.67.220.220FF - ProfilePath - c:\documents and settings\OEM\Dane aplikacji\Mozilla\Firefox\Profiles\2luatfjc.default\FF - prefs.js: browser.search.defaulturl - hxxp://www9.yoog.com/search.php?q=FF - prefs.js: browser.search.selectedEngine - Yoog SearchFF - prefs.js: browser.startup.homepage - hxxp://pl.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:officialFF - prefs.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=FF - component: c:\program files\Mozilla Firefox\components\nsadsoftinc.dllFF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dllFF - plugin: e:\nowy folder (2)\Reader\browser\nppdf32.dll---- FIREFOX POLICIES ----FF - user.js: browser.search.selectedEngine - Yoog SearchFF - user.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=FF - user.js: keyword.enabled - trueFF - user.js: browser.search.defaultenginename - Yoog SearchFF - user.js: browser.search.defaulturl - hxxp://www9.yoog.com/search.php?q=.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-01-11 22:35:02Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(820)c:\program files\PC Tools AntiVirus\PCTAVHook.dll- - - - - - - > 'lsass.exe'(876)c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dllc:\program files\PC Tools AntiVirus\PCTAVHook.dll- - - - - - - > 'csrss.exe'(796)c:\program files\PC Tools AntiVirus\PCTAVHook.dll.Czas ukończenia: 2009-01-11 22:35:48ComboFix-quarantined-files.txt  2009-01-11 21:35:42Przed: 13 487 874 048 bajtów wolnychPo: 13,767,053,312 bajtów wolnychWindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect263	--- E O F ---	2008-12-19 02:00:25

Mateusz J.
komentarz
komentarz
c:\windows\system32\nsn3ED.dll

Przeskanuj plik na www.virustotal.com

Do notatnika wklej:

File::c:\windows\pn8.exec:\windows\hw5305.exec:\windows\wuan364443.exec:\windows\gbg033414.exec:\windows\feoc827.exec:\windows\ykgee3362.exec:\windows\system32\cont_adsoftinc-remove.exec:\windows\c20232.exec:\windows\system32\dkxkolutgsf.exec:\windows\vtj708346.exec:\windows\o255.exec:\windows\gu58826.exeFolder::c:\program files\runit

W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą CFScript.txt i zapisz go w tym katalogu co ściągnięty i zapisany został combofix

Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt Tak jak na obrazku:

cfscript10uc2su5.gif

Rozpocznie się usuwanie i powstanie log , który pokazujesz na forum.

dziew993
komentarz
komentarz

oki dzieki i jak teraz sprawdizc czy zadzialalo??

Mateusz J.
komentarz
komentarz

Pokaż powstały log :)

Sprawdziłeś ten plik?

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.