prośba o spr. loga.wywaliłam dns'y ukrain.ale nie pomogło

[kalinka]

Forum PROGRAMOSY.PL Strona Główna
Zapisana :: Wiadomość
Od: kalinka

Wysłany: Dzisiaj o 13:35
Temat: To mój log z combofix.Zaraz wyśle log z hijacka.Usunełam te wpisy które zaznaczyłeś;
ComboFix 08-03-10.1 - jacuś 2008-03-12 13:24:47.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1537 [GMT 1:00]
Running from: H:\Documents and Settings\jacuś\Moje dokumenty\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-12 to 2008-03-12 )))))))))))))))))))))))))))))))
.

2008-03-12 13:21 . 2008-03-12 13:21 <DIR> d-------- H:\9d9f0b7f28c7d7478257d3875e72
2008-03-11 23:33 . 2004-08-04 13:00 221,184 --a------ H:\WINDOWS\system32\wmpns.dll
2008-03-11 21:51 . 2008-03-11 21:51 <DIR> d-------- H:\Program Files\Trend Micro
2008-03-11 21:16 . 2008-03-11 21:16 5,124 --a------ H:\dnsbak.reg
2008-03-11 21:15 . 2008-03-12 13:04 <DIR> d-------- H:\fixwareout
2008-03-09 09:43 . 2008-03-09 09:43 <DIR> d-------- H:\Documents and Settings\jacuś\Dane aplikacji\COWON
2008-03-09 09:42 . 2008-03-09 09:46 <DIR> d-------- H:\Program Files\JetAudio
2008-03-09 09:42 . 2008-03-09 09:43 <DIR> d-------- H:\Program Files\Common Files\COWON
2008-03-07 12:18 . 2008-03-09 11:42 <DIR> d-------- H:\Program Files\Incomplete
2008-03-07 12:17 . 2008-03-07 12:17 <DIR> d-------- H:\Documents and Settings\jacuś\Incomplete
2008-03-07 12:17 . 2008-03-07 12:17 <DIR> d-------- H:\Documents and Settings\jacuś\Incomplete
2008-03-07 10:44 . 2008-03-07 10:44 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\Kazaa Lite
2008-03-04 17:35 . 2008-03-04 17:35 <DIR> d-------- H:\Documents and Settings\LocalService\Dane aplikacji\CyberLink
2008-03-04 14:33 . 2008-03-04 14:33 <DIR> d-------- H:\Documents and Settings\JACU~2\Dane aplikacj
2008-03-04 14:32 . 2008-03-04 14:32 <DIR> d-------- H:\Program Files\Java
2008-03-04 14:32 . 2008-03-04 14:32 <DIR> d-------- H:\Program Files\Common Files\Java
2008-03-04 14:32 . 2007-09-24 23:31 69,632 --a------ H:\WINDOWS\system32\javacpl.cpl
2008-03-04 14:21 . 2008-03-09 18:34 <DIR> d-------- H:\Program Files\FrostWire
2008-03-04 14:21 . 2008-03-04 14:21 <DIR> d-------- H:\Program Files\AskSBar
2008-03-04 10:44 . 2008-03-04 13:59 <DIR> d-------- H:\Program Files\Dziobas Rar Player
2008-03-04 10:23 . 2008-03-04 10:23 <DIR> d-------- H:\WINDOWS\Google Toolbar
2008-03-04 10:23 . 2008-03-04 10:25 <DIR> d-------- H:\WINDOWS\__SkypeIEToolbar_Cache
2008-03-02 13:19 . 2008-03-02 13:19 <DIR> d-------- H:\Documents and Settings\jacuś\Dane aplikacji\MfcEmbed
2008-03-02 12:40 . 2008-03-12 13:23 <DIR> d-------- H:\Documents and Settings\jacuś\Dane aplikacji\OpenOfficeT72
2008-03-02 12:34 . 2008-03-02 12:34 <DIR> d-------- H:\Program Files\OpenOfficeT7 2.3.1
2008-02-28 23:06 . 2008-02-28 23:06 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-02-26 20:43 . 2008-02-26 20:46 <DIR> d-------- H:\Program Files\Super Internet TV
2008-02-21 12:34 . 2008-02-21 12:39 <DIR> d-------- H:\Documents and Settings\jacuś\Dane aplikacji\.ABC
2008-02-21 10:51 . 2008-03-04 11:34 <DIR> d-------- H:\Program Files\Shareaza
2008-02-21 10:51 . 2008-02-21 10:51 <DIR> d-------- H:\Documents and Settings\jacuś\Dane aplikacji\Shareaza
2008-02-21 09:51 . 2008-02-21 09:51 1,167 --a------ H:\WINDOWS\mozver.dat
2008-02-21 09:36 . 2008-02-21 09:36 <DIR> d-------- H:\Documents and Settings\jacuś\Dane aplikacji\Talkback
2008-02-21 09:36 . 2008-02-21 09:36 0 --a------ H:\WINDOWS\nsreg.dat
2008-02-21 09:32 . 2008-03-04 09:56 <DIR> d-a------ H:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-02-21 09:26 . 2008-03-11 17:54 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\Google Updater
2008-02-20 23:34 . 2008-03-12 12:51 <DIR> d-------- H:\Program Files\DNA
2008-02-20 23:34 . 2008-03-12 13:17 <DIR> d-------- H:\Documents and Settings\jacuś\Dane aplikacji\DNA
2008-02-20 23:34 . 2008-02-20 23:54 <DIR> d-------- H:\Documents and Settings\jacuś\Dane aplikacji\BitTorrent
2008-02-19 18:08 . 2008-02-19 18:08 <DIR> d-------- H:\Program Files\Common Files\NSV
2008-02-17 22:16 . 2008-03-09 11:40 <DIR> d-------- H:\Program Files\Winamp
2008-02-17 10:37 . 2008-02-17 10:37 <DIR> d-------- H:\Program Files\Windows Media Connect 2
2008-02-17 10:36 . 2008-02-17 10:36 <DIR> d-------- H:\WINDOWS\system32\LogFiles
2008-02-17 10:36 . 2008-02-17 10:37 <DIR> d-------- H:\WINDOWS\system32\drivers\UMDF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-12 12:19 --------- d-----w H:\Documents and Settings\jacuś\Dane aplikacji\Skype
2008-03-12 11:52 --------- d-----w H:\Program Files\Multimedia Card Reader
2008-03-12 11:52 --------- d-----w H:\Program Files\Gadu-Gadu
2008-03-11 20:18 --------- d-----w H:\Documents and Settings\jacuś\Dane aplikacji\skypePM
2008-03-09 08:42 --------- d--h--w H:\Program Files\InstallShield Installation Information
2008-03-08 15:24 --------- d-----w H:\Program Files\Google
2008-02-27 08:21 --------- d-----w H:\Documents and Settings\jacuś\Dane aplikacji\CyberLink
2008-02-27 08:20 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\CyberLink
2008-02-21 11:39 --------- d-----w H:\Documents and Settings\jacuś\Dane aplikacji\.ABC
2008-01-16 10:17 --------- d-----w H:\Program Files\Realtek
2008-01-12 12:59 315,392 ----a-w H:\WINDOWS\HideWin.exe
2008-01-10 18:25 32 ----a-w H:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot@2008-03-12_12.04.27,43 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-09-25 16:58:48 14,640 ------w H:\WINDOWS\system32\spmsg.dll
+ 2006-09-16 00:05:22 14,640 ------w H:\WINDOWS\system32\spmsg.dll
- 2006-09-25 16:58:48 23,856 ----a-w H:\WINDOWS\system32\spupdsvc.exe
+ 2006-09-16 00:05:22 23,856 ----a-w H:\WINDOWS\system32\spupdsvc.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
H:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= H:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-03-04 14:21 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="H:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"Skype"="H:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:11 21803304]
"swg"="H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-20 21:02 68856]
"ctfmon.exe"="H:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"Gadu-Gadu"="H:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]
"BitComet"="H:\Program Files\BitComet\BitComet.exe" [ ]
"BitTorrent DNA"="H:\Program Files\DNA\btdna.exe" [2008-02-20 23:34 287040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"NvCplDaemon"="H:\WINDOWS\system32\NvCpl.dll" [2007-05-10 23:03 8429568]
"nwiz"="nwiz.exe" [2007-05-10 23:03 1626112 H:\WINDOWS\system32\nwiz.exe]
"APVXDWIN"="H:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.exe" [2006-09-13 08:59 311296]
"Sunkist2k"="H:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2004-12-10 11:49 139264]
"RemoteControl"="H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]
"LanguageShortcut"="H:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
"NvMediaCenter"="H:\WINDOWS\system32\NvMcTray.dll" [2007-05-10 23:03 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 11:54 16116224 H:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 H:\WINDOWS\SkyTel.exe]
"WinampAgent"="H:\Program Files\Winamp\winampa.exe" [ ]
"SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

H:\Documents and Settings\jacu˜\Menu Start\Programy\Autostart\
OpenOfficeT7 2.3.1.lnk - H:\Program Files\OpenOfficeT7 2.3.1\program\quickstart.exe [2007-12-08 01:06:24 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2005-09-27 12:13 45056 H:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"H:\\Program Files\\Messenger\\msmsgs.exe"=
"H:\\Program Files\\Gadu-Gadu\\gg.exe"=
"H:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"H:\\WINDOWS\\system32\\mmc.exe"=
"H:\\WINDOWS\\system32\\dpvsetup.exe"=
"H:\\WINDOWS\\system32\\rundll32.exe"=
"H:\\Program Files\\Shareaza\\Shareaza.exe"=
"H:\\Program Files\\Skype\\Phone\\Skype.exe"=
"H:\\Program Files\\DNA\\btdna.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8651:TCP"= 8651:TCP:*:Disabled:BitComet 8651 TCP
"8651:UDP"= 8651:UDP:*:Disabled:BitComet 8651 UDP

R3 usbstor;Sterownik magazynu masowego USB;H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 13:00]
S3 ctlsb16;Sterownik Creative SB16/AWE32/AWE64 (WDM);H:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 20:19]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;I:\romo\EVEREST Ultimate Edition\kerneld.wnt []
S3 RTL8169;Realtek 8169 NT Driver;H:\WINDOWS\system32\DRIVERS\Rtlh86.sys [2007-04-30 06:42]
S3 SetupNTGLM7X;SetupNTGLM7X;G:\NTGLM7X.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-12 13:25:53
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\I:\romo\EVEREST Ultimate Edition\kerneld.wnt"
.
Completion time: 2008-03-12 13:26:13
ComboFix-quarantined-files.txt 2008-03-12 12:26:11
ComboFix2.txt 2008-03-12 12:04:21
ComboFix3.txt 2008-03-12 11:04:37
.
2008-03-11 22:35:20 --- E O F ---
Dziękuje że mi pomagasz. to mój log z combofix



Wszystkie czasy w strefie CET (Europa)

Skocz do: Wybierz forum PROGRAMOSY----------------PROGRAMYSPOLSZCZENIASystem WindowsSystem Linux / UnixHardware-- Modernizacje, zakup sprzętu komputerowego i RTVBezpieczeństwoSterownikiInternet & SieciGrafika & WebmasteringPoradnikiUżytkownicy o Programosy INNE----------------Pog@duchyGry-- Konsole i EmulacjaFilmyMuzykaGSM - Telefonia komórkowaKosz

Powered by phpBB.com &copy; 2001, 2002 phpBB Group Archiwum Programy & Spolszczenia Programosy[quote][/quote]

[Dzi@dek]

Usuń wpisy w HJ:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - H:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - H:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - H:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - H:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll (file missing)
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - H:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (file missing)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - H:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Daj nowe logi z Combofix oraz Hijackthis.

[kalinka]

FAQ Szukaj Użytkownicy Regulamin Forum! Ekipa Profil Wiadomości [0] Wyloguj
Skrzynka Wysłane Do Wysłania Zapisane


Forum PROGRAMOSY.PL Strona Główna
Zapisana :: Wiadomość
Od: kalinka
Do: Dzi@dek
Wysłany: Dzisiaj o 13:35
Temat: To mój log z combofix.Zaraz wyśle log z hijacka.Wielkie dzię
Dziękuje że mi pomagasz!! ComboFix 08-03-10.1 - jacuś 2008-03-12 13:24:47.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1537 [GMT 1:00]
Running from: H:\Documents and Settings\jacuś\Moje dokumenty\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-12 to 2008-03-12 )))))))))))))))))))))))))))))))
.

2008-03-12 13:21 . 2008-03-12 13:21 <DIR> d-------- H:\9d9f0b7f28c7d7478257d3875e72
2008-03-11 23:33 . 2004-08-04 13:00 221,184 --a------ H:\WINDOWS\system32\wmpns.dll
2008-03-11 21:51 . 2008-03-11 21:51 <DIR> d-------- H:\Program Files\Trend Micro
2008-03-11 21:16 . 2008-03-11 21:16 5,124 --a------ H:\dnsbak.reg
2008-03-11 21:15 . 2008-03-12 13:04 <DIR> d-------- H:\fixwareout
2008-03-09 09:43 . 2008-03-09 09:43 <DIR> d-------- H:\Documents and Settings\jacuś\Dane aplikacji\COWON
2008-03-09 09:42 . 2008-03-09 09:46 <DIR> d-------- H:\Program Files\JetAudio
2008-03-09 09:42 . 2008-03-09 09:43 <DIR> d-------- H:\Program Files\Common Files\COWON
2008-03-07 12:18 . 2008-03-09 11:42 <DIR> d-------- H:\Program Files\Incomplete
2008-03-07 12:17 . 2008-03-07 12:17 <DIR> d-------- H:\Documents and Settings\jacuś\Incomplete
2008-03-07 12:17 . 2008-03-07 12:17 <DIR> d-------- H:\Documents and Settings\jacuś\Incomplete
2008-03-07 10:44 . 2008-03-07 10:44 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\Kazaa Lite
2008-03-04 17:35 . 2008-03-04 17:35 <DIR> d-------- H:\Documents and Settings\LocalService\Dane aplikacji\CyberLink
2008-03-04 14:33 . 2008-03-04 14:33 <DIR> d-------- H:\Documents and Settings\JACU~2\Dane aplikacj
2008-03-04 14:32 . 2008-03-04 14:32 <DIR> d-------- H:\Program Files\Java
2008-03-04 14:32 . 2008-03-04 14:32 <DIR> d-------- H:\Program Files\Common Files\Java
2008-03-04 14:32 . 2007-09-24 23:31 69,632 --a------ H:\WINDOWS\system32\javacpl.cpl
2008-03-04 14:21 . 2008-03-09 18:34 <DIR> d-------- H:\Program Files\FrostWire
2008-03-04 14:21 . 2008-03-04 14:21 <DIR> d-------- H:\Program Files\AskSBar
2008-03-04 10:44 . 2008-03-04 13:59 <DIR> d-------- H:\Program Files\Dziobas Rar Player
2008-03-04 10:23 . 2008-03-04 10:23 <DIR> d-------- H:\WINDOWS\Google Toolbar
2008-03-04 10:23 . 2008-03-04 10:25 <DIR> d-------- H:\WINDOWS\__SkypeIEToolbar_Cache
2008-03-02 13:19 . 2008-03-02 13:19 <DIR> d-------- H:\Documents and Settings\jacuś\Dane aplikacji\MfcEmbed
2008-03-02 12:40 . 2008-03-12 13:23 <DIR> d-------- H:\Documents and Settings\jacuś\Dane aplikacji\OpenOfficeT72
2008-03-02 12:34 . 2008-03-02 12:34 <DIR> d-------- H:\Program Files\OpenOfficeT7 2.3.1
2008-02-28 23:06 . 2008-02-28 23:06 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-02-26 20:43 . 2008-02-26 20:46 <DIR> d-------- H:\Program Files\Super Internet TV
2008-02-21 12:34 . 2008-02-21 12:39 <DIR> d-------- H:\Documents and Settings\jacuś\Dane aplikacji\.ABC
2008-02-21 10:51 . 2008-03-04 11:34 <DIR> d-------- H:\Program Files\Shareaza
2008-02-21 10:51 . 2008-02-21 10:51 <DIR> d-------- H:\Documents and Settings\jacuś\Dane aplikacji\Shareaza
2008-02-21 09:51 . 2008-02-21 09:51 1,167 --a------ H:\WINDOWS\mozver.dat
2008-02-21 09:36 . 2008-02-21 09:36 <DIR> d-------- H:\Documents and Settings\jacuś\Dane aplikacji\Talkback
2008-02-21 09:36 . 2008-02-21 09:36 0 --a------ H:\WINDOWS\nsreg.dat
2008-02-21 09:32 . 2008-03-04 09:56 <DIR> d-a------ H:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-02-21 09:26 . 2008-03-11 17:54 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\Google Updater
2008-02-20 23:34 . 2008-03-12 12:51 <DIR> d-------- H:\Program Files\DNA
2008-02-20 23:34 . 2008-03-12 13:17 <DIR> d-------- H:\Documents and Settings\jacuś\Dane aplikacji\DNA
2008-02-20 23:34 . 2008-02-20 23:54 <DIR> d-------- H:\Documents and Settings\jacuś\Dane aplikacji\BitTorrent
2008-02-19 18:08 . 2008-02-19 18:08 <DIR> d-------- H:\Program Files\Common Files\NSV
2008-02-17 22:16 . 2008-03-09 11:40 <DIR> d-------- H:\Program Files\Winamp
2008-02-17 10:37 . 2008-02-17 10:37 <DIR> d-------- H:\Program Files\Windows Media Connect 2
2008-02-17 10:36 . 2008-02-17 10:36 <DIR> d-------- H:\WINDOWS\system32\LogFiles
2008-02-17 10:36 . 2008-02-17 10:37 <DIR> d-------- H:\WINDOWS\system32\drivers\UMDF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-12 12:19 --------- d-----w H:\Documents and Settings\jacuś\Dane aplikacji\Skype
2008-03-12 11:52 --------- d-----w H:\Program Files\Multimedia Card Reader
2008-03-12 11:52 --------- d-----w H:\Program Files\Gadu-Gadu
2008-03-11 20:18 --------- d-----w H:\Documents and Settings\jacuś\Dane aplikacji\skypePM
2008-03-09 08:42 --------- d--h--w H:\Program Files\InstallShield Installation Information
2008-03-08 15:24 --------- d-----w H:\Program Files\Google
2008-02-27 08:21 --------- d-----w H:\Documents and Settings\jacuś\Dane aplikacji\CyberLink
2008-02-27 08:20 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\CyberLink
2008-02-21 11:39 --------- d-----w H:\Documents and Settings\jacuś\Dane aplikacji\.ABC
2008-01-16 10:17 --------- d-----w H:\Program Files\Realtek
2008-01-12 12:59 315,392 ----a-w H:\WINDOWS\HideWin.exe
2008-01-10 18:25 32 ----a-w H:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot@2008-03-12_12.04.27,43 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-09-25 16:58:48 14,640 ------w H:\WINDOWS\system32\spmsg.dll
+ 2006-09-16 00:05:22 14,640 ------w H:\WINDOWS\system32\spmsg.dll
- 2006-09-25 16:58:48 23,856 ----a-w H:\WINDOWS\system32\spupdsvc.exe
+ 2006-09-16 00:05:22 23,856 ----a-w H:\WINDOWS\system32\spupdsvc.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
H:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= H:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-03-04 14:21 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="H:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"Skype"="H:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:11 21803304]
"swg"="H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-20 21:02 68856]
"ctfmon.exe"="H:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"Gadu-Gadu"="H:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]
"BitComet"="H:\Program Files\BitComet\BitComet.exe" [ ]
"BitTorrent DNA"="H:\Program Files\DNA\btdna.exe" [2008-02-20 23:34 287040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"NvCplDaemon"="H:\WINDOWS\system32\NvCpl.dll" [2007-05-10 23:03 8429568]
"nwiz"="nwiz.exe" [2007-05-10 23:03 1626112 H:\WINDOWS\system32\nwiz.exe]
"APVXDWIN"="H:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.exe" [2006-09-13 08:59 311296]
"Sunkist2k"="H:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2004-12-10 11:49 139264]
"RemoteControl"="H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]
"LanguageShortcut"="H:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
"NvMediaCenter"="H:\WINDOWS\system32\NvMcTray.dll" [2007-05-10 23:03 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 11:54 16116224 H:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 H:\WINDOWS\SkyTel.exe]
"WinampAgent"="H:\Program Files\Winamp\winampa.exe" [ ]
"SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

H:\Documents and Settings\jacu˜\Menu Start\Programy\Autostart\
OpenOfficeT7 2.3.1.lnk - H:\Program Files\OpenOfficeT7 2.3.1\program\quickstart.exe [2007-12-08 01:06:24 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2005-09-27 12:13 45056 H:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"H:\\Program Files\\Messenger\\msmsgs.exe"=
"H:\\Program Files\\Gadu-Gadu\\gg.exe"=
"H:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"H:\\WINDOWS\\system32\\mmc.exe"=
"H:\\WINDOWS\\system32\\dpvsetup.exe"=
"H:\\WINDOWS\\system32\\rundll32.exe"=
"H:\\Program Files\\Shareaza\\Shareaza.exe"=
"H:\\Program Files\\Skype\\Phone\\Skype.exe"=
"H:\\Program Files\\DNA\\btdna.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8651:TCP"= 8651:TCP:*:Disabled:BitComet 8651 TCP
"8651:UDP"= 8651:UDP:*:Disabled:BitComet 8651 UDP

R3 usbstor;Sterownik magazynu masowego USB;H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 13:00]
S3 ctlsb16;Sterownik Creative SB16/AWE32/AWE64 (WDM);H:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 20:19]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;I:\romo\EVEREST Ultimate Edition\kerneld.wnt []
S3 RTL8169;Realtek 8169 NT Driver;H:\WINDOWS\system32\DRIVERS\Rtlh86.sys [2007-04-30 06:42]
S3 SetupNTGLM7X;SetupNTGLM7X;G:\NTGLM7X.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-12 13:25:53
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\I:\romo\EVEREST Ultimate Edition\kerneld.wnt"
.
Completion time: 2008-03-12 13:26:13
ComboFix-quarantined-files.txt 2008-03-12 12:26:11
ComboFix2.txt 2008-03-12 12:04:21
ComboFix3.txt 2008-03-12 11:04:37
.
2008-03-11 22:35:20 --- E O F ---
Dziękuje że mi pomagasz. to mój log z combofix



Wszystkie czasy w strefie CET (Europa)

Skocz do: Wybierz forum PROGRAMOSY----------------PROGRAMYSPOLSZCZENIASystem WindowsSystem Linux / UnixHardware-- Modernizacje, zakup sprzętu komputerowego i RTVBezpieczeństwoSterownikiInternet & SieciGrafika & WebmasteringPoradnikiUżytkownicy o Programosy INNE----------------Pog@duchyGry-- Konsole i EmulacjaFilmyMuzykaGSM - Telefonia komórkowaKosz

Powered by phpBB.com &copy; 2001, 2002 phpBB Group Archiwum Programy & Spolszczenia Programosy

[Dzi@dek]

oraz Hijackthis.

Pisałem Ci - logi podajemy w tagach.

[kalinka]

Mam dość.Poproszę kogoś z serwisu. Dzięki za zainteresowanie.

[Dzi@dek]

Mam dość.

Jeśli nie rozumiesz zasad na forum - bardzo mi przykro.

Poproszę kogoś z serwisu

Twoja wola.
Pozdrawiam.