Logi HiJackThis:
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:16:41, on 2008-11-13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
D:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
D:\Program Files\Ares\Ares.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_1.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [ares] "D:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6AE21EDA-0A0A-494A-B566-72FDA2FE96CD}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{6AE21EDA-0A0A-494A-B566-72FDA2FE96CD}: NameServer = 194.204.159.1 217.98.63.164
O20 - Winlogon Notify: eftcqstx - C:\WINDOWS\SYSTEM32\eftcqstx.dll
O23 - Service: Apache - Unknown owner - C:\AppServ\Apache\Apache.exe (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - d:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - D:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - D:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)
--
End of file - 5391 bytes
comboFix:
- Kod: Zaznacz wszystko
ComboFix 08-11-12.01 - Norbert 2008-11-13 17:40:04.10 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1581 [GMT 1:00]
Uruchomiony z: F:\ComboFix.exe
* Utworzono nowy punkt przywracania
[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Konrad\Dane aplikacji\Facegame
c:\documents and settings\Konrad\Dane aplikacji\Facegame\Facegame.exe
c:\documents and settings\Konrad\Ustawienia lokalne\Temporary Internet Files\fbk.sts
c:\windows\system32\adoihmwt.ini
c:\windows\system32\adrfzi.dll
c:\windows\system32\asfpeifp.ini
c:\windows\system32\awtttqNg.dll
c:\windows\system32\biwyfayq.dll
c:\windows\system32\buffkw.dll
c:\windows\system32\cflameib.dll
c:\windows\system32\cvwmgjod.dll
c:\windows\system32\dbpdiljs.ini
c:\windows\system32\dgmuxiru.ini
c:\windows\system32\dnizmw.dll
c:\windows\system32\dpznxy.dll
c:\windows\system32\drtrabsv.dll
c:\windows\system32\dyieqk.dll
c:\windows\system32\euphsi.dll
c:\windows\system32\fqvsgo.dll
c:\windows\system32\gNqtttwa.ini
c:\windows\system32\gNqtttwa.ini2
c:\windows\system32\gtdwvvgs.dll
c:\windows\system32\hxntutmj.ini
c:\windows\system32\idvjsrdh.dll
c:\windows\system32\idyijkpw.ini
c:\windows\system32\iehxtxxq.ini
c:\windows\system32\imitwbou.dll
c:\windows\system32\jcbuqy.dll
c:\windows\system32\jmtutnxh.dll
c:\windows\system32\jpymumnk.dll
c:\windows\system32\jyixmbmy.dll
c:\windows\system32\lhclrubi.dll
c:\windows\system32\nhdlrnce.ini
c:\windows\system32\nowehifg.ini
c:\windows\system32\oiefgutn.ini
c:\windows\system32\osgwwu.dll
c:\windows\system32\phivikot.ini
c:\windows\system32\phjognig.dll
c:\windows\system32\poidgb.dll
c:\windows\system32\ptbagwaa.dll
c:\windows\system32\qdwiqrcl.dll
c:\windows\system32\qnhctk.dll
c:\windows\system32\rduigprv.ini
c:\windows\system32\sscqjnhj.dll
c:\windows\system32\tebctj.dll
c:\windows\system32\tkhcxteq.dll
c:\windows\system32\tuvwTmNF.dll
c:\windows\system32\uqlcmsmq.dll
c:\windows\system32\urixumgd.dll
c:\windows\system32\vbtaljxw.ini
c:\windows\system32\vehsykaa.dll
c:\windows\system32\wcgnhe.dll
c:\windows\system32\wgchjrrh.ini
c:\windows\system32\wnukxwpo.dll
c:\windows\system32\wzokcj.dll
c:\windows\system32\xcmqkpxd.dll
c:\windows\system32\xputosyn.ini
c:\windows\system32\xvwgyifw.dll
c:\windows\system32\xznygt.dll
c:\windows\system32\yahkulsm.dll
c:\windows\system32\ywxgtrsy.ini
c:\windows\system32\drivers\str.sys . . . . nie udało się usunąć
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ISODRIVE
-------\Legacy_SYNSEND
-------\Legacy_TCPSR
-------\Service_ISODrive
-------\Service_synsend
((((((((((((((((((((((((( Pliki utworzone od 2008-10-13 do 2008-11-13 )))))))))))))))))))))))))))))))
.
2008-11-12 11:50 . 2008-11-12 11:50 <DIR> d-------- c:\documents and settings\Norbert\Dane aplikacji\Media Player Classic
2008-11-12 11:49 . 2008-11-12 11:49 <DIR> d-------- c:\program files\K-Lite Codec Pack
2008-11-12 11:49 . 2007-11-29 23:30 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2008-11-12 11:49 . 2007-07-25 14:24 1,559,040 --a------ c:\windows\system32\xvidcore.dll
2008-11-12 11:49 . 2006-09-24 16:11 389,120 --a------ c:\windows\system32\lameACM.acm
2008-11-12 11:49 . 2004-01-25 17:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2008-11-12 11:49 . 2007-09-04 17:56 164,352 --a------ c:\windows\system32\unrar.dll
2008-11-12 11:49 . 2007-12-24 13:49 7,680 --a------ c:\windows\system32\ff_vfw.dll
2008-11-12 11:49 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2008-11-12 11:49 . 2007-10-03 16:03 414 --a------ c:\windows\system32\lame_acm.xml
2008-11-12 11:41 . 2008-11-12 13:15 75 --a------ c:\windows\VplayerINI.vpl
2008-11-12 11:40 . 2008-11-12 13:15 957 --a------ c:\windows\VPlayer.INI
2008-11-12 11:39 . 2008-11-12 11:39 <DIR> d-------- c:\program files\Vplayer
2008-11-12 11:34 . 2008-11-12 11:34 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\GRETECH
2008-11-12 11:33 . 2008-11-12 11:33 <DIR> d-------- c:\program files\GRETECH
2008-11-12 11:33 . 2008-11-12 11:33 <DIR> d-------- c:\documents and settings\Norbert\Dane aplikacji\GRETECH
2008-11-04 16:20 . 2008-11-12 11:55 69 --a------ c:\windows\NeroDigital.ini
2008-11-04 08:59 . 2008-11-04 08:59 <DIR> d-------- c:\program files\Common Files\xing shared
2008-11-01 19:48 . 1998-04-24 00:00 368,912 --a------ c:\windows\system32\vbar332.dll
2008-11-01 19:48 . 2004-07-14 17:26 152,848 --a------ c:\windows\system32\COMDLG32.OCX
2008-11-01 16:36 . 2008-11-01 16:36 112,016 --a------ c:\windows\system32\wvUlmnKE.dll
2008-11-01 15:36 . 2008-11-01 15:36 <DIR> d-------- c:\windows\system32\{app}
2008-11-01 00:00 . 2008-11-01 00:00 <DIR> d-------- c:\program files\MSXML 6.0
2008-10-31 21:07 . 2008-10-31 21:08 1,081,616 --------- c:\windows\system32\MSCOMCTL.OCX
2008-10-31 20:29 . 2008-10-31 20:38 <DIR> d-------- c:\program files\Common Files\EZB Systems
2008-10-31 20:08 . 2008-10-31 20:38 <DIR> d-------- c:\program files\UltraISO
2008-10-31 20:01 . 2008-10-31 20:01 <DIR> d-------- c:\program files\Circle
2008-10-31 20:01 . 2003-07-14 10:46 13,184 --a------ c:\windows\system32\drivers\hvcd.sys
2008-10-31 18:45 . 2008-10-31 18:45 <DIR> d-------- c:\documents and settings\Konrad\Dane aplikacji\InstallShield
2008-10-31 18:39 . 2008-10-31 18:39 <DIR> d-------- c:\program files\DAEMON Tools
2008-10-31 09:37 . 2005-09-01 12:03 127,488 --------- c:\windows\system32\drivers\imagesrv.sys
2008-10-31 09:37 . 2005-09-01 12:03 5,888 --------- c:\windows\system32\drivers\imagedrv.sys
2008-10-31 09:36 . 2008-10-31 09:36 <DIR> d-------- c:\program files\Common Files\Ahead
2008-10-31 09:36 . 2008-10-31 09:36 <DIR> d-------- c:\program files\Ahead
2008-10-31 09:36 . 2004-07-26 17:16 1,568,768 --------- c:\windows\system32\ImagX7.dll
2008-10-31 09:36 . 2004-07-26 17:16 476,320 --------- c:\windows\system32\ImagXpr7.dll
2008-10-31 09:36 . 2004-07-26 17:16 471,040 --------- c:\windows\system32\ImagXRA7.dll
2008-10-31 09:36 . 2004-07-09 09:43 364,544 --------- c:\windows\system32\TwnLib4.dll
2008-10-31 09:36 . 2004-07-26 17:16 262,144 --------- c:\windows\system32\ImagXR7.dll
2008-10-31 09:36 . 2006-01-12 16:40 200,704 --a------ c:\windows\system32\NeroCheck.exe
2008-10-31 09:36 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll
2008-10-30 23:19 . 2008-11-04 05:21 <DIR> d-------- C:\Downloads
2008-10-30 23:18 . 2008-10-30 23:24 <DIR> d-------- c:\program files\BitComet
2008-10-30 21:33 . 2008-10-31 18:38 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2008-10-30 21:31 . 2008-10-30 21:31 <DIR> d-------- c:\documents and settings\Konrad\Dane aplikacji\DAEMON Tools
2008-10-30 12:25 . 2008-10-30 12:25 <DIR> d-------- c:\windows\system32\pl-PL
2008-10-30 12:25 . 2008-10-30 12:25 <DIR> d-------- c:\program files\MSBuild
2008-10-30 12:23 . 2008-10-30 12:23 <DIR> d-------- c:\windows\system32\XPSViewer
2008-10-30 12:23 . 2008-10-30 12:23 <DIR> d-------- c:\program files\Reference Assemblies
2008-10-30 12:22 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-10-29 21:04 . 2008-10-29 21:04 <DIR> d-------- C:\perl
2008-10-29 21:04 . 2003-03-15 23:15 167,936 --a------ c:\windows\unvise32.exe
2008-10-29 21:01 . 2008-10-29 21:01 <DIR> d-------- c:\program files\PremiumSoft
2008-10-29 18:39 . 2008-10-29 19:00 37,375,715 --a------ C:\xampp-win32-1.6.7-installer.exe
2008-10-28 11:37 . 2008-10-28 11:37 <DIR> d-------- c:\program files\Real
2008-10-28 11:37 . 2008-11-04 08:59 <DIR> d-------- c:\program files\Common Files\Real
2008-10-28 11:37 . 2008-11-04 08:58 348,160 --a------ c:\windows\system32\msvcr71.dll
2008-10-21 18:36 . 2008-10-21 18:37 110 --a------ c:\windows\system32\cas.bat
2008-10-21 18:35 . 2008-08-13 19:03 264,192 --a------ c:\windows\system32\WoWEmuHacker5.exe
2008-10-21 18:35 . 2008-10-16 21:42 18,716 --ah----- c:\windows\system32\config.exe
2008-10-20 07:45 . 2008-10-20 13:24 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-10-18 13:17 . 2008-10-18 13:21 <DIR> d-------- c:\program files\DAP
2008-10-18 13:17 . 2008-11-13 17:49 <DIR> d-a------ c:\documents and settings\All Users\Dane aplikacji\TEMP
2008-10-18 13:17 . 2008-10-18 13:17 479,298 --a------ c:\windows\system32\wbocx.ocx
2008-10-18 13:17 . 2008-10-18 13:17 172,032 --a------ c:\windows\system32\AniGIF.ocx
2008-10-18 13:17 . 2008-10-18 13:17 50,688 --a------ c:\windows\system32\wbhelp2.dll
2008-10-16 13:27 . 2008-10-16 13:27 <DIR> d-------- c:\program files\Sports Interactive
2008-10-16 13:26 . 2008-11-04 08:58 499,712 --a------ c:\windows\system32\msvcp71.dll
2008-10-16 13:22 . 2008-10-16 13:22 <DIR> d-------- c:\program files\FM Modifier 2.2
2008-10-16 12:43 . 2008-10-16 12:43 <DIR> d-------- c:\documents and settings\Norbert\Dane aplikacji\Sports Interactive
2008-10-16 07:02 . 2008-06-14 19:01 273,024 --------- c:\windows\system32\drivers\bthport.sys
2008-10-16 07:02 . 2008-06-14 19:01 273,024 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-10-16 06:58 . 2008-08-14 14:46 2,181,632 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 06:58 . 2008-08-14 14:46 2,137,600 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 06:58 . 2008-08-14 14:46 2,059,008 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 06:58 . 2008-08-14 14:46 2,017,280 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 20:45 . 2008-10-15 20:45 552 --a------ c:\windows\system32\d3d8caps.dat
2008-10-15 14:51 . 2008-10-15 14:51 <DIR> d-------- c:\program files\Common Files\Adobe
2008-10-15 14:50 . 2008-10-15 14:50 <DIR> d-------- c:\windows\Cache
2008-10-14 22:03 . 2008-11-01 08:23 <DIR> d--h----- c:\windows\$hf_mig$
2008-10-14 14:58 . 2008-07-16 08:57 269,736 -ra------ c:\windows\system32\drivers\SbFw.sys
2008-10-14 14:57 . 2008-06-21 03:54 65,576 --a------ c:\windows\system32\drivers\SbFwIm.sys
2008-10-14 13:51 . 2008-10-14 13:51 <DIR> d-------- c:\program files\RegCleaner
2008-10-14 13:49 . 2008-10-14 13:49 <DIR> d-------- c:\program files\Trend Micro
2008-10-14 13:37 . 2008-10-14 13:37 <DIR> d-------- c:\windows\ERUNT
2008-10-14 13:35 . 2008-11-13 16:42 <DIR> d--h----- c:\documents and settings\Administrator\Ustawienia lokalne
2008-10-14 13:35 . 2008-10-11 11:39 <DIR> d-------- c:\documents and settings\Administrator\Ulubione
2008-10-14 13:35 . 2008-10-11 09:43 <DIR> d--h----- c:\documents and settings\Administrator\Szablony
2008-10-14 13:35 . 2008-10-11 11:39 <DIR> d-------- c:\documents and settings\Administrator\Pulpit
2008-10-14 13:35 . 2008-10-11 11:39 <DIR> d-------- c:\documents and settings\Administrator\Moje dokumenty
2008-10-14 13:35 . 2008-10-11 11:39 <DIR> dr------- c:\documents and settings\Administrator\Menu Start
2008-10-14 13:35 . 2008-10-11 11:39 <DIR> dr-h----- c:\documents and settings\Administrator\Dane aplikacji
2008-10-14 13:35 . 2008-07-16 19:59 <DIR> d-------- c:\documents and settings\Administrator
2008-10-14 07:45 . 2008-11-13 17:50 32,512 --a------ c:\windows\system32\drivers\ati3poxx.sys
2008-10-14 07:45 . 2008-10-14 13:17 100 --a------ c:\windows\adobe.bat
2008-10-13 21:09 . 2008-10-13 21:09 <DIR> d-------- c:\program files\OINAnalytics
2008-10-13 18:13 . 2008-07-16 20:02 <DIR> d-------- c:\documents and settings\Konrad\Dane aplikacji\Hamachi
2008-10-13 18:12 . 2008-10-13 18:13 <DIR> d-------- c:\program files\Hamachi
2008-10-13 18:12 . 2008-10-13 18:12 25,280 --a------ c:\windows\system32\drivers\hamachi.sys
2008-10-13 17:48 . 2008-10-13 19:37 <DIR> d-------- c:\documents and settings\Konrad\Dane aplikacji\Winamp
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-13 16:49 --------- d-----w c:\program files\AutoConnect
2008-10-31 19:46 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-31 18:25 15,600 ----a-w c:\windows\gdrv.sys
2008-10-31 17:45 360,448 ----a-w c:\windows\HideWin.exe
2008-10-31 17:45 --------- d-----w c:\program files\Realtek
2008-10-30 20:31 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-10-14 14:13 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ESET
2008-10-12 19:57 --------- d-----w c:\program files\Ray Adams
2008-10-12 19:57 --------- d-----w c:\documents and settings\Norbert\Dane aplikacji\atitray
2008-10-12 19:56 --------- d-----w c:\program files\Common Files\DirectX
2008-10-12 12:31 --------- d-----w c:\program files\Alcohol Soft
2008-10-12 10:04 --------- d-----w c:\documents and settings\Norbert\Dane aplikacji\Winamp
2008-10-12 10:02 --------- d-----w c:\program files\Winamp
2008-10-12 09:53 --------- d-----w c:\documents and settings\Norbert\Dane aplikacji\DivX
2008-10-12 09:21 --------- d-----w c:\documents and settings\Konrad\Dane aplikacji\DivX
2008-10-11 18:25 --------- d-----w c:\documents and settings\Konrad\Dane aplikacji\Gadu-Gadu
2008-10-11 18:01 --------- d-----w c:\program files\Common Files\AVSMedia
2008-10-11 18:01 --------- d-----w c:\program files\AVS4YOU
2008-10-11 18:01 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\AVS4YOU
2008-10-11 14:04 749,568 ----a-w c:\windows\iun6002.exe
2008-10-11 13:54 --------- d-----w c:\documents and settings\Norbert\Dane aplikacji\Gadu-Gadu
2008-10-11 10:26 --------- d-----w c:\program files\Gadu-Gadu
2008-10-11 09:11 --------- d-----w c:\documents and settings\Norbert\Dane aplikacji\ESET
2008-10-11 09:07 --------- d-----w c:\program files\Lavasoft
2008-10-11 09:01 23 ----a-w c:\windows\system32\drivers\adidsl.cfg
2008-10-11 09:01 --------- d-----w c:\program files\SAGEM
2008-10-11 09:01 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-11 08:54 --------- d-----w c:\documents and settings\Norbert\Dane aplikacji\InstallShield
2008-10-11 08:51 --------- d-----w c:\program files\Yahoo!
2008-10-11 08:51 --------- d-----w c:\program files\Intel
2008-10-11 08:47 --------- d-----w c:\program files\microsoft frontpage
2008-10-11 08:46 --------- d-----w c:\program files\Usługi online
2008-09-15 15:40 1,846,272 ----a-w c:\windows\system32\win32k.sys
2008-08-20 05:38 662,016 ----a-w c:\windows\system32\wininet.dll
2008-08-14 13:46 2,137,600 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:46 2,017,280 ----a-w c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="c:\program files\AutoConnect\AutoConnect.exe" [2006-12-03 322560]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"AtiTrayTools"="c:\program files\Ray Adams\ATI Tray Tools\atitray.exe" [2007-05-22 521128]
"ares"="d:\program files\Ares\Ares.exe" [2007-05-04 976384]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2008-10-10 2497336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2008-10-18 4568576]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 200704]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 26624]
c:\documents and settings\Konrad\Menu Start\Programy\Autostart\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-10-13 624416]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-10-11 974949]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3poxx.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"f:\\F1 Challenge 2008\\F1 2008\\PDK 2008\\PDK 08.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18140:TCP"= 18140:TCP:BitComet 18140 TCP
"18140:UDP"= 18140:UDP:BitComet 18140 UDP
R0 ati3poxx;ati3poxx;c:\windows\system32\Drivers\ati3poxx.sys [2008-11-13 32512]
R1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 18088]
R1 HekkoVirtualCD;Hekko Virtual CD Driver;c:\windows\system32\Drivers\hvcd.sys [2003-07-14 13184]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2008-07-16 269736]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 synsend;synsend;c:\windows\system32\drivers\synsenddrv.sys [ ]
R2 SbPF.Launcher;SbPF.Launcher;d:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-30 95528]
R2 SPF4;Sunbelt Personal Firewall 4;d:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-30 1361192]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
*Newly Created Service* - SYNSEND
.
- - - - USUNIĘTO PUSTE WPISY - - - -
BHO-{EFB983B5-FF7E-4153-AE9D-EBE8AF7DA06D} - c:\windows\system32\awtttqNg.dll
HKU-Default-Run-Facegame - c:\documents and settings\Konrad\Dane aplikacji\Facegame\Facegame.exe
.
------- Skan uzupełniający -------
.
FireFox -: Profile - c:\documents and settings\Norbert\Dane aplikacji\Mozilla\Firefox\Profiles\xjvgxqrw.default\
FF -: plugin - c:\program files\Adobe\Acrobat 6.0 CE\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
FF -: plugin - c:\program files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-13 17:49:51
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
c:\windows\system32\drivers\fvnpuedbhizu.sys 30976 bytes executable
c:\windows\system32\drivers\str.sys 33351 bytes
skanowanie pomyślnie ukończone
ukryte pliki: 2
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pjkxzjtsbmyeun]
"ImagePath"="\??\c:\windows\system32\drivers\fvnpuedbhizu.sys"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
PROCES: c:\windows\explorer.exe
-> c:\program files\Ray Adams\ATI Tray Tools\raphook.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wscntfy.exe
d:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
.
**************************************************************************
.
Czas ukończenia: 2008-11-13 17:52:10 - komputer został uruchomiony ponownie [Norbert]
ComboFix-quarantined-files.txt 2008-11-13 16:52:04
ComboFix2.txt 2008-11-13 15:42:23
Przed: 40 652 582 912 bajtów wolnych
Po: 40,551,780,352 bajtów wolnych
312 --- E O F --- 2008-11-01 07:24:17
Sdfix :
- Kod: Zaznacz wszystko
[b]SDFix: Version 1.206 [/b]
Run by Norbert on 2008-11-13 at 18:04
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-13 18:08:15
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pjkxzjtsbmyeun]
"Type"=dword:00000001
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\drivers\fvnpuedbhizu.sys"
"DisplayName"="pjkxzjtsbmyeun"
"RulesData"=hex:03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pjkxzjtsbmyeun\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:38,d0,07,ab,d6,44,57,43,81,b4,47,49,7b,fa,1e,35,d5,27,cc,a9,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:38,d0,07,ab,d6,44,57,43,81,b4,47,49,7b,fa,1e,35,d5,27,cc,a9,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"p0"="C:\Program Files\DAEMON Tools\"
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\system32\drivers\fvnpuedbhizu.sys 30976 bytes executable
C:\WINDOWS\system32\drivers\str.sys 33351 bytes
scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 2
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"
"F:\\F1 Challenge 2008\\F1 2008\\PDK 2008\\PDK 08.exe"="F:\\F1 Challenge 2008\\F1 2008\\PDK 2008\\PDK 08.exe:*:Enabled:F1 Challenge 99-02"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[b]Remaining Files [/b]:
[b]Files with Hidden Attributes [/b]:
Thu 16 Oct 2008 18,716 A..H. --- "C:\WINDOWS\system32\config.exe"
Fri 31 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\33e975277dcedf8eeac614aa9eebe054\BITD.tmp"
Sat 18 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\66bbe901ee61b85acb3f51f475c66bc4\BITD.tmp"
Wed 15 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8b79ee39c52e6f483392b649e7069792\BITE.tmp"
Fri 31 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a5bdfdcdce5622175d5398bf36b7cfcc\BITE.tmp"
Thu 13 Nov 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f2eef0e0d3751bdf787b52b9f6c9fa43\BITD.tmp"
[b]Finished![/b]
FixIEDef:
- Kod: Zaznacz wszystko
********************************************************************************
* *
* FixIEDef Log *
* Version 1.6.10.6194 *
* *
********************************************************************************
Created at 17:58:20 on Thursday, November 13, 2008
Time Zone :
Logged On User : Norbert
Operating System : Microsoft Windows XP Professional Dodatek Service Pack 2
OS Version : 5.1.2600
System Langauge : Polish
Keyboard Layout : Polish
Processor : X86 Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
System Drive : C:\
Windows Directory : C:\WINDOWS
System Directory : C:\WINDOWS\system32
System Drive Type : Fixed
System Drive Status : READY
System Drive Label :
System Drive Size : 50 GB
System Drive Free : 38.66 GB
Total Physical Memory: 2046 MB
Free Physical Memory : 1626 MB
Total Page File : 2046 MB
Free Page File : 3652 MB
Total Virtual Memory : 2048 MB
Free Virtual Memory : 1978 MB
Boot State : Normal boot
--------------------------------------------------------------------------------
!!! Files that have been deleted !!!
No malicious files found
--------------------------------------------------------------------------------
!!! Directories that have been removed !!!
No malicious directories to be removed
--------------------------------------------------------------------------------
!!! Registry entries that have been removed !!!
No malicious Registry entries found
================================================================================
All Done :)
ShadowPuterDude
Safe Surfing!!!
prosze o pomoc
