wojtek-pl1 utworzono 25 marca 2009 utworzono 25 marca 2009 (edytowane) Witam Prosiłbym o sprawdzenie logów, instalowałem grę i chcę się upewnić czy żaden syf czasami nie wszedł. ComboFix 09-03-23.01 - Windows 2009-03-25 16:28:46.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.639.389 [GMT 4.5:30]Uruchomiony z: c:\documents and settings\Windows\Pulpit\ComboFix.exeAV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!.((((((((((((((((((((((((( Pliki utworzone od 2009-02-25 do 2009-03-25 ))))))))))))))))))))))))))))))).2009-03-25 15:59 . 2009-03-25 15:59 <DIR> d-------- c:\windows\Cache2009-03-25 15:59 . 2001-05-11 13:18 420,240 --a------ c:\windows\system32\mpg4c32.dll2009-03-25 15:59 . 2001-05-16 17:54 309,616 --a------ c:\windows\system32\wmv8dmod.dll2009-03-25 15:59 . 2001-03-26 04:41 245,760 --a------ c:\windows\system32\mp4sds32.ax2009-03-24 22:46 . 2009-03-24 22:46 <DIR> d-------- c:\program files\CCleaner2009-03-11 12:02 . 2004-08-04 04:14 221,184 --a------ c:\windows\system32\wmpns.dll2009-03-06 14:22 . 2009-03-06 14:22 <DIR> d-------- c:\documents and settings\Windows\Dane aplikacji\BitSpirit2009-03-02 13:37 . 2008-06-20 16:21 361,600 --a------ c:\windows\system32\drivers\tcpip.sys.old.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-03-25 11:20 --------- d--h--w c:\program files\InstallShield Installation Information2009-03-24 10:18 --------- d-----w c:\program files\Unlocker2009-03-04 17:06 --------- d-----w c:\documents and settings\Windows\Dane aplikacji\Audacity2009-02-28 10:19 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\CanonIJPLM2009-02-18 04:07 --------- d-----w c:\documents and settings\Windows\Dane aplikacji\SiteAdvisor2009-02-18 04:07 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\SiteAdvisor2009-02-18 04:07 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\McAfee2009-02-17 07:26 410,984 ----a-w c:\windows\system32\deploytk.dll2009-02-17 07:26 --------- d-----w c:\program files\Java2009-02-17 04:25 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys2009-02-17 04:25 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys2009-02-17 04:25 10,520 ----a-w c:\windows\system32\avgrsstx.dll2009-02-17 04:24 --------- d-----w c:\program files\AVG2009-02-17 04:24 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\avg82009-02-09 14:07 1,847,040 ----a-w c:\windows\system32\win32k.sys2009-02-03 16:40 --------- d-----w c:\documents and settings\Windows\Dane aplikacji\XnView2009-01-11 19:09 1,599,488 --sh--w c:\documents and settings\Windows\Moje dokumentyCkv0Bp_cfdg.exe2009-01-11 18:59 1,599,488 --sh--w c:\documents and settings\Windows\Moje dokumentyPco1L9_cfdg.exe2008-12-13 06:47 835,584 ----a-w c:\documents and settings\Windows\Ygoow.exe2008-12-13 06:47 188,928 ----a-w c:\documents and settings\Windows\XPTable.dll2008-12-13 06:47 141,312 ----a-w c:\documents and settings\Windows\YgoowCore.dll2008-08-31 12:10 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat2008-08-31 12:10 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat2008-08-29 20:13 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008082920080830\index.dat2008-08-31 12:10 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008083120080901\index.dat2008-08-31 12:10 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat.------- Sigcheck -------2008-06-20 16:21 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys2008-06-20 16:29 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys2008-06-20 15:14 360960 744e57c99232201ae98c49168b918f48 c:\windows\$NtServicePackUninstall$\tcpip.sys2008-04-13 23:50 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys2008-06-20 16:21 361600 4afb3b0919649f95c1964aa1fad27d73 c:\windows\system32\drivers\tcpip.sys.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-17 1601304][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_2"="shell32" [X]"nltide_3"="advpack.dll" [2008-12-21 c:\windows\system32\advpack.dll]c:\documents and settings\All Users\Menu Start\Programy\Autostart\GN-WP01GS Utility.lnk - c:\program files\Gigabyte\Gigabyte GN-WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaConfig61.exe [2009-02-17 716800][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"NoResolveTrack"= 1 (0x1)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]2009-02-17 08:55 10520 c:\windows\system32\avgrsstx.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2009-02-17 11:56 148888 c:\program files\Java\jre6\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"="c:\\WINDOWS\\system32\\dpvsetup.exe"="c:\\Program Files\\AVG\\AVG8\\avgemc.exe"="c:\\Program Files\\AVG\\AVG8\\avgupd.exe"="c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="c:\\Documents and Settings\\Windows\\Pulpit\\rocknesx v2.0\\RockNESX.exe"="c:\\WINDOWS\\system32\\dpnsvr.exe"=R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-17 325128]R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-17 107272]R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-17 903960]R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-17 298264]S0 rseb;rseb; [x]..------- Skan uzupełniający -------.uInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyServer = socks=IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htmIE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htmIE: &Ściągnij przy pomocy FlashGet'a - c:\program files\FlashGet\jc_link.htmIE: &Ściągnij wszystko przy pomocy FlashGet'a - c:\program files\FlashGet\jc_all.htmIE: Pobierz z &BitSpirit - c:\program files\BitSpirit\bsurl.htmTCP: {759FDC06-46B0-41C1-9C81-FAF715A62505} = 192.168.1.1,194.204.152.34DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game07.zylom.com/activex/zylomgamesplayer.cabFF - ProfilePath - c:\documents and settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\g0pi725l.default\FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/FF - prefs.js: keyword.URL - hxxp://www.googlc.pl/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-03-25 16:30:43Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.Czas ukończenia: 2009-03-25 16:32:24ComboFix-quarantined-files.txt 2009-03-25 12:02:21Przed: 8 809 316 352 bajtów wolnychPo: 8,798,736,384 bajtów wolnych129 --- E O F --- 2009-03-21 06:45:27 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:33:04, on 2009-03-25Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20978)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Canon\IJPLM\IJPLMSVC.EXEC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\AVG\AVG8\avgcsrvx.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\notepad.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')O4 - Global Startup: GN-WP01GS Utility.lnk = C:\Program Files\Gigabyte\Gigabyte GN-WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaConfig61.exeO8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htmO8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htmO8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htmO8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htmO8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htmO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game07.zylom.com/activex/zylomgamesplayer.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{759FDC06-46B0-41C1-9C81-FAF715A62505}: NameServer = 192.168.1.1,194.204.152.34O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dllO23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXEO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe--End of file - 5112 bytes
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.