Screen Menadżera zadań:
http://www.fotosik.pl/pokaz_obrazek/95811d1b0f817df7.html
Hj:
- Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 10:16:25, on 2007-11-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Last.fm\LastFMHelper.exe
D:\Programy\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
D:\Programy\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Programy\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
D:\Programy\Gadu-Gadu\gg.exe
D:\Programy\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
D:\Zabezpieczenia\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programy\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Programy\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: Download all links using BitComet - res://D:\Programy\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\Programy\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Programy\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7E7A927-DDD4-4904-8C61-7B2D0A7636C2}: NameServer = 217.30.129.149,217.30.137.200
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Programy\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
Combo:
- Kod: Zaznacz wszystko
"user" - 2007-11-09 10:18:03 Dodatek Service Pack 2
ComboFix 07-05.17.6.V - Running from: "D:\Zabezpieczenia\"
((((((((((((((((((((((((((((((( Files Created from 2007-10-09 to 2007-11-09 ))))))))))))))))))))))))))))))))))
2007-11-07 14:36 318,904 --a------ C:\Program Files\wmpfirefoxplugin.exe
2007-10-16 08:55 <DIR> d-------- C:\DOCUME~1\user\DANEAP~1\WinRAR
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-11-08 22:32:18 -------- d-----w C:\Program Files\eMule
2007-11-08 04:30:17 -------- d-----w C:\DOCUME~1\user\DANEAP~1\LimeWire
2007-11-07 14:19:40 -------- d-----w C:\Program Files\Last.fm
2007-10-28 08:14:25 50,748 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-10-28 08:14:25 358,702 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-10-18 17:05:25 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-08 12:13:49 10,515 ----a-w C:\WINDOWS\mozver.dat
2007-09-25 22:39:57 -------- d--h--r C:\DOCUME~1\user\DANEAP~1\SecuROM
2007-09-25 22:33:30 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-20 16:54:59 -------- d-----w C:\DOCUME~1\user\DANEAP~1\Skype
2007-09-15 17:14:04 1,968 ----a-w C:\WINDOWS\system32\tmp.reg
2007-09-09 22:25:27 -------- d-----w C:\Program Files\Torrent Master
2007-09-09 01:27:46 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-09-09 00:20:29 -------- d-----w C:\DOCUME~1\user\DANEAP~1\MegauploadToolbar
2007-09-06 10:09:49 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:00:07 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-09-05 22:22:24 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
2007-08-21 06:18:06 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=D:\Programy\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 00:17]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=D:\Programy\BitComet\tools\BitCometBHO.dll [2006-12-27 17:00]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 01:11]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-01-24 18:15 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"RTHDCPL"="RTHDCPL.EXE" []
"SkyTel"="SkyTel.EXE" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="D:\Programy\Gadu-Gadu\gg.exe" [2007-07-09 09:39]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://images.google.pl/images?q=tbn:Y8D3x7cO7QTNDM:http://stronki00.republika.pl/images/drzewo.jpg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0
Security Packages kerberos msv1_0 schannel wdigest
Notification Packages scecli
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"D:\Programy\Power DVD\Language\Language.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]
"C:\Program Files\Odkurzacz\odk_mcd.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"D:\Programy\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"D:\Programy\Power DVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
"RUNDLL32.EXE" TWEAKUI.CPL,TweakMeUp
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HTTPFilter HTTPFilter
LocalService Alerter WebClient LmHosts RemoteRegistry upnphost SSDPSRV
NetworkService DnsCache
DcomLaunch DcomLaunch TermService
rpcss RpcSs
imgsvc StiSvc
termsvcs TermService
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95b6eaaa-02f2-11dc-be69-001617872415}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
backup-20071025-074707-105
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
backup-20070915-191250-545
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
backup-20070915-175324-148
O2 - BHO: MSVPS System - {ACD85107-9CF9-4C9E-B0B7-39940A0017C0} - C:\WINDOWS\nsduo.dll (file missing)
backup-20070915-175324-940
O21 - SSODL: msmdev - {1AB6BD42-4B1E-4895-A45D-6B68B4A60276} - C:\WINDOWS\msmdev.dll (file missing)
backup-20070915-172304-126
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
backup-20070915-172303-850
O21 - SSODL: msmdev - {E263D4F4-D9E6-4F42-A5F2-4D9E3796DBAF} - C:\WINDOWS\msmdev.dll
backup-20070915-172256-371
O20 - Winlogon Notify: WBSrv - D:\PROGRAMY\WINDOW~1\wbsrv.dll
backup-20070915-172303-605
O21 - SSODL: msmhost - {C29204A8-DF64-4944-AB7D-737A9516116C} - C:\WINDOWS\msmhost.dll
backup-20070915-172256-986
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
backup-20070915-172256-903
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7E7A927-DDD4-4904-8C61-7B2D0A7636C2}: NameServer = 217.30.129.149,217.30.137.200
backup-20070909-022236-772
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
backup-20070909-022236-184
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
backup-20070909-022236-135
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
backup-20070909-022236-812
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
backup-20070709-213506-714
F2 - REG:system.ini: UserInit=C:\WINDOWS\svchost32.exe,C:\WINDOWS\SYSTEM32\Userinit.exe,userinit.exe
backup-20070709-174528-976
F2 - REG:system.ini: UserInit=C:\WINDOWS\svchost32.exe,C:\WINDOWS\system32\userinit.exe,
backup-20070518-141958-991
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
backup-20070518-141958-792
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
backup-20070518-141958-525
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
backup-20070518-141958-702
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
backup-20070518-141958-888
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - (no file)
backup-20070518-141958-493
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
backup-20070518-141958-713
R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
backup-20070518-141957-404
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-09 10:20:47
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
********************************************************************
Completion time: 2007-11-09 10:22:08
C:\ComboFix-quarantined-files.txt ... 2007-11-09 10:22
--- E O F ---
