HijackThis (cyferki na początku są bo kopiowałem z wklej.org):
- Kod: Zaznacz wszystko
1. Logfile of Trend Micro HijackThis v2.0.2
2. Scan saved at 19:44:09, on 2008-06-17
3. Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
4. MSIE: Internet Explorer v7.00 (7.00.6000.16674)
5. Boot mode: Normal
6.
7. Running processes:
8. C:\WINDOWS\System32\smss.exe
9. C:\WINDOWS\system32\winlogon.exe
10. C:\WINDOWS\system32\services.exe
11. C:\WINDOWS\system32\lsass.exe
12. C:\WINDOWS\system32\svchost.exe
13. C:\WINDOWS\System32\svchost.exe
14. C:\WINDOWS\Explorer.EXE
15. C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
16. C:\Program Files\Alwil Software\Avast4\ashServ.exe
17. C:\WINDOWS\system32\RUNDLL32.EXE
18. C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
19. C:\WINDOWS\system32\qttask.exe
20. C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
21. C:\WINDOWS\system32\ctfmon.exe
22. C:\WINDOWS\system32\spoolsv.exe
23. G:\Gadu-Gadu\gg.exe
24. C:\WINDOWS\system32\nvsvc32.exe
25. C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
26. C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
27. C:\Program Files\Common Files\Teleca Shared\Generic.exe
28. C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
29. C:\Program Files\Mozilla Firefox\firefox.exe
30. G:\Program Files\Winamp\winamp.exe
31. G:\Program Files\Ares\Ares.exe
32. C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
33.
34. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rookgaard.pl/forum/index.php
35. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
36. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
37. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
38. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
39. R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
40. O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
41. O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
42. O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
43. O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
44. O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
45. O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
46. O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
47. O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
48. O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
49. O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
50. O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
51. O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
52. O4 - HKCU\..\Run: [Gadu-Gadu] "G:\Gadu-Gadu\gg.exe" /tray
53. O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
54. O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
55. O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
56. O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
57. O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
58. O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
59. O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
60. O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
61. O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
62. O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
63. O17 - HKLM\System\CCS\Services\Tcpip\..\{017BB83C-32B5-4038-93B5-CE78EBFA40A8}: NameServer = 217.30.129.149,217.30.137.200
64. O17 - HKLM\System\CS1\Services\Tcpip\..\{017BB83C-32B5-4038-93B5-CE78EBFA40A8}: NameServer = 217.30.129.149,217.30.137.200
65. O17 - HKLM\System\CS2\Services\Tcpip\..\{017BB83C-32B5-4038-93B5-CE78EBFA40A8}: NameServer = 217.30.129.149,217.30.137.200
66. O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - G:\Program Files\Ares\chatServer.exe
67. O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
68. O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
69. O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
70. O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
71. O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
72. O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
73.
74. --
75. End of file - 5417 bytes
I ComboFix:
- Kod: Zaznacz wszystko
1. ComboFix 08-06-16.5 - Krystian 2008-06-17 19:53:02.1 - NTFSx86
2. Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.217 [GMT 2:00]
3. Running from: C:\Documents and Settings\Krystian\Pulpit\ComboFix.exe
4. * Created a new restore point
5.
6. [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
7. .
8.
9. ((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 )))))))))))))))))))))))))))))))
10. .
11.
12. 2008-06-17 19:43 . 2008-06-17 19:43<DIR>d--------C:\Program Files\Trend Micro
13. 2008-06-14 12:36 . 2008-04-14 17:53273,024---------C:\WINDOWS\system32\drivers\bthport.sys
14. 2008-06-14 12:36 . 2008-04-14 17:53273,024-----c---C:\WINDOWS\system32\dllcache\bthport.sys
15. 2008-05-26 17:19 . 2008-05-31 19:41<DIR>d--------C:\Documents and Settings\Krystian\Dane aplikacji\Tibia
16. 2008-05-26 17:15 . 2008-05-26 17:17<DIR>d--------C:\Documents and Settings\Krystian\Dane aplikacji\Winamp
17. 2008-05-18 17:07 . 2008-05-18 17:0754,156--ah-----C:\WINDOWS\QTFont.qfn
18. 2008-05-18 17:07 . 2008-05-18 17:071,409--a------C:\WINDOWS\QTFont.for
19. 2008-05-18 15:21 . 2008-05-18 15:21<DIR>d--------C:\Program Files\Recode Media
20. 2008-05-18 15:21 . 2008-05-18 15:22<DIR>d--------C:\Documents and Settings\Krystian\Dane aplikacji\Media Player Classic
21. 2008-05-18 15:15 . 2004-08-04 01:44221,184--a------C:\WINDOWS\system32\wmpns.dll
22.
23. .
24. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
25. .
26. 2008-06-17 17:52---------d-----wC:\Documents and Settings\Krystian\Dane aplikacji\SiteAdvisor
27. 2008-06-16 19:03---------d-----wC:\Documents and Settings\Krystian\Dane aplikacji\Ahead
28. 2008-06-08 11:35---------d---a-wC:\Documents and Settings\All Users\Dane aplikacji\TEMP
29. 2008-06-06 12:22---------d-----wC:\Documents and Settings\Krystian\Dane aplikacji\OpenOffice.org2
30. 2008-06-01 18:58---------d-----wC:\Documents and Settings\Krystian\Dane aplikacji\uTorrent
31. 2008-05-26 11:49---------d-----wC:\Documents and Settings\All Users\Dane aplikacji\ESTsoft
32. 2008-05-26 11:47---------d--h--wC:\Program Files\InstallShield Installation Information
33. 2008-05-26 11:47---------d-----wC:\Documents and Settings\Krystian\Dane aplikacji\Eltima Software
34. 2008-05-08 17:35---------d-----wC:\Program Files\MSXML 4.0
35. 2008-05-08 12:28202,752----a-wC:\WINDOWS\system32\drivers\rmcast.sys
36. 2008-05-07 18:53---------d-----wC:\Documents and Settings\Krystian\Dane aplikacji\Teleca
37. 2008-05-07 18:49---------d-----wC:\Documents and Settings\Krystian\Dane aplikacji\Sony Ericsson
38. 2008-05-07 18:47---------d-----wC:\Program Files\Common Files\Teleca Shared
39. 2008-05-07 18:47---------d-----wC:\Program Files\Common Files\Sony Ericsson Shared
40. 2008-05-07 18:47---------d-----wC:\Documents and Settings\All Users\Dane aplikacji\Teleca
41. 2008-05-07 18:47---------d-----wC:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
42. 2008-05-07 18:46---------d-----wC:\Program Files\Sony Ericsson
43. 2008-05-07 18:45---------d-----wC:\Program Files\Common Files\InstallShield
44. 2008-05-07 05:161,291,264----a-wC:\WINDOWS\system32\quartz.dll
45. 2008-05-06 17:19---------d-----wC:\Documents and Settings\Krystian\Dane aplikacji\FastStone
46. 2008-05-06 16:02---------d-----wC:\Documents and Settings\Krystian\Dane aplikacji\GetRightToGo
47. 2008-05-05 11:55---------d-----wC:\Documents and Settings\All Users\Dane aplikacji\Pinnacle
48. 2008-04-28 13:27---------d-----wC:\Documents and Settings\Krystian\Dane aplikacji\gtk-2.0
49. 2008-04-23 07:20826,368----a-wC:\WINDOWS\system32\wininet.dll
50. 2008-04-22 12:00---------d-----wC:\Program Files\Common Files\Adobe
51. 2008-04-21 15:35---------d-----wC:\Program Files\Java
52. 2008-03-27 15:3198,304----a-wC:\WINDOWS\system32\qttask.exe
53. 2008-03-25 04:52621,344----a-wC:\WINDOWS\system32\mswstr10.dll
54. 2008-03-25 04:52178,976----a-wC:\WINDOWS\system32\msjint40.dll
55. 2008-03-20 08:091,845,504----a-wC:\WINDOWS\system32\win32k.sys
56. .
57.
58. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
59. .
60. .
61. *Note* empty entries & legit default entries are not shown
62. REGEDIT4
63.
64. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
65. "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360]
66. "Gadu-Gadu"="G:\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104]
67.
68. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
69. "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-08 12:57 7110656]
70. "nwiz"="nwiz.exe" [2005-07-08 12:57 1519616 C:\WINDOWS\system32\nwiz.exe]
71. "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-07-08 12:57 86016]
72. "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
73. "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
74. "QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2008-03-27 17:31 98304]
75. "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-12 18:39 79224]
76. "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
77. "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]
78.
79. [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
80. "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:44 15360]
81.
82. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
83. "msacm.iac2"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax
84. "msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
85. "vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
86. "vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
87. "vidc.yvu9"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
88. "vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
89. "vidc.yuy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
90. "vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
91. "msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
92. "msacm.ac3filter"= ac3filter.acm
93.
94. [HKEY_LOCAL_MACHINE\software\microsoft\security center]
95. "AntiVirusDisableNotify"=dword:00000001
96.
97. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
98. "%windir%\\system32\\sessmgr.exe"=
99. "C:\\Program Files\\uTorrent\\uTorrent.exe"=
100. "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
101. "G:\\Counter-Strike\\hl.exe"=
102. "G:\\Gadu-Gadu\\gg.exe"=
103. "G:\\Program Files\\Ares\\Ares.exe"=
104. "G:\\Program Files\\Tibia\\Tibia.exe"=
105.
106. R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-12 18:36]
107. R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
108.
109. *Newly Created Service* - CATCHME
110. .
111. **************************************************************************
112.
113. catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
114. Rootkit scan 2008-06-17 19:55:23
115. Windows 5.1.2600 Dodatek Service Pack 2 NTFS
116.
117. scanning hidden processes ...
118.
119. scanning hidden autostart entries ...
120.
121. scanning hidden files ...
122.
123. scan completed successfully
124. hidden files: 0
125.
126. **************************************************************************
127. .
128. Completion time: 2008-06-17 19:57:16
129. ComboFix-quarantined-files.txt 2008-06-17 17:56:47
130.
131. Pre-Run: 6,347,821,056 bajtów wolnych
132. Post-Run: 7,746,514,944 bajtów wolnych
133.
134. 112--- E O F ---2008-06-17 11:00:15
przeczysc sobie kompa standardowo, rejestr, dllcahe, temp i wsio
