Sprawdzenie loga[samo wyskakujące str.int.]

**Posty:** 3 · przez **fre92** 15 Mar 2009, 00:46

Pierwszy raz tutaj pisze, więc z góry przepraszam za nieścisłości, oczywiście czytałem jak umieszczać logi, ale nie do końca rozumiem, więc naprawdę- sorki

.
Miałem problemy.. z wirusami oczywiście. Generalnie samoistnie włączały mi się strony, komputer niemiłosiernie zamulał. Naczytałem się o logach... o antywirusach i o [najważniejsze] combofix'ie, uruchomiłem ten program [a właściwie cudo

]. Po splądrowaniu wirusów- nie ma po nich śladu.. chyba, dla pewności chciałbym, abyście zobaczyli log, wg mnie log xd nie wiem czy to jest to.. Po prostu "objawy" ustąpiły...

Kod: Zaznacz wszystko: ComboFix 09-03-13.02 - Ja 2009-03-14 22:53:53.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1013.636 [GMT 1:00] Uruchomiony z: c:\documents and settings\Ja\Pulpit\ComboFix.exe * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Ja\Dane aplikacji\twain\Twain.exe c:\documents and settings\Ja\Ustawienia lokalne\Temporary Internet Files\bestwiner.stt c:\documents and settings\Ja\Ustawienia lokalne\Temporary Internet Files\fbk.sts c:\program files\iCheck c:\program files\iCheck\Uninstall.exe c:\program files\IEToolbar c:\program files\IEToolbar\Share Accelerator\basis.xml c:\program files\IEToolbar\Share Accelerator\icons.bmp c:\program files\IEToolbar\Share Accelerator\icons.bmp_16.bmp c:\program files\IEToolbar\Share Accelerator\icons.bmp_24.bmp c:\program files\IEToolbar\Share Accelerator\info.txt c:\program files\IEToolbar\Share Accelerator\LOGO.BMP c:\program files\IEToolbar\Share Accelerator\ShareAcceleratorToolbar12_11_08.crc c:\program files\IEToolbar\Share Accelerator\ShareAcceleratorToolbar12_11_08.dll c:\program files\IEToolbar\Share Accelerator\tbhelper.dll c:\program files\IEToolbar\Share Accelerator\uninstall.exe c:\program files\IEToolbar\Share Accelerator\update.exe c:\program files\IEToolbar\Share Accelerator\version.txt c:\program files\IEToolbar\Share Accelerator\your_logo.png c:\program files\VnrPack c:\program files\VnrPack\trgts.gz c:\windows\system32\abdMlUtv.ini c:\windows\system32\abdMlUtv.ini2 c:\windows\system32\acacnskn.ini c:\windows\system32\asjgdqvo.dll c:\windows\system32\aunvgk.dll c:\windows\system32\bcwcba.dll c:\windows\system32\bocpbyjr.dll c:\windows\system32\codeblocks.exe c:\windows\system32\drivers\ntndis.sys c:\windows\system32\ijezwn.dll c:\windows\system32\mwwmap.dll c:\windows\system32\mxkjwcds.dll c:\windows\system32\nksncaca.dll c:\windows\system32\okefqknc.ini c:\windows\system32\pmnOhFvV.dll c:\windows\system32\reader_s.exe c:\windows\system32\sdcwjkxm.ini c:\windows\system32\sttnrmwv.dll c:\windows\system32\trpyhpqf.dll c:\windows\system32\vifhrxyq.ini c:\windows\system32\vtUlMdba.dll [COLOR=RED] . . . jest zainfekowany!![/COLOR] [COLOR=RED] . . . jest zainfekowany!![/COLOR] [COLOR=RED] . . . jest zainfekowany!![/COLOR] . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IPSECPOOLER -------\Legacy_PROTECT -------\Legacy_RESTORE -------\Service_IPSecPooler -------\Service_protect ((((((((((((((((((((((((( Pliki utworzone od 2009-02-14 do 2009-03-14 ))))))))))))))))))))))))))))))) . 2009-03-14 23:07 . 2009-03-14 23:07 <DIR> d-------- c:\windows\LastGood 2009-03-14 22:03 . 2009-03-14 22:03 <DIR> d-------- C:\Inetpub 2009-03-14 00:16 . 2009-03-14 00:16 3,462 --a------ c:\windows\system32\spupdsvc.inf 2009-03-14 00:14 . 2009-03-14 00:14 <DIR> d-------- c:\windows\system32\LogFiles 2009-03-14 00:14 . 2009-03-14 00:15 <DIR> d-------- c:\windows\system32\drivers\UMDF 2009-03-13 22:09 . 2009-03-14 23:08 8,611,872 --ahs---- c:\windows\system32\drivers\fidbox.dat 2009-03-13 22:09 . 2009-03-14 23:02 101,036 --ahs---- c:\windows\system32\drivers\fidbox.idx 2009-03-13 20:55 . 2009-03-13 20:55 84 --a------ c:\windows\system32\8.tmp 2009-03-13 20:51 . 2009-03-13 20:52 84 --a------ c:\windows\system32\6.tmp 2009-03-13 20:23 . 2009-03-13 20:23 <DIR> d-------- c:\program files\Alwil Software 2009-03-13 20:23 . 2003-03-18 20:14 499,712 --a------ c:\windows\system32\MSVCP71.dll 2009-03-13 19:36 . 2009-03-13 19:48 <DIR> d-------- c:\program files\SkanerOnline 2009-03-13 19:34 . 2009-03-13 19:34 84 --a------ c:\windows\system32\2.tmp 2009-03-13 18:43 . 2009-03-14 22:54 <DIR> d-------- c:\documents and settings\Ja\Dane aplikacji\Twain 2009-03-13 18:38 . 2009-03-13 18:38 <DIR> d-------- c:\program files\Jcore 2009-03-13 18:38 . 2009-03-13 18:38 501,760 --a------ c:\windows\system32\ipsecpooler.exe 2009-03-13 18:37 . 2009-03-13 18:37 84 --a------ c:\windows\system32\3.tmp 2009-03-13 17:38 . 2009-03-13 17:38 0 --a------ c:\windows\system32\13.tmp 2009-03-13 17:37 . 2009-03-13 17:37 182,912 --a------ c:\windows\system32\ipsecndis.sys 2009-03-13 17:37 . 2009-03-13 17:37 82,432 --a------ c:\windows\WCSMON.EXE 2009-03-13 17:36 . 2009-03-13 17:36 <DIR> d-------- c:\documents and settings\Ja\Dane aplikacji\nidle 2009-03-13 17:36 . 2009-03-13 17:36 128 --a------ c:\windows\system32\E.tmp 2009-03-13 17:06 . 2009-03-13 17:06 <DIR> d-------- c:\documents and settings\Ja\Dane aplikacji\DAEMON Tools Pro 2009-03-13 17:06 . 2009-03-13 17:06 <DIR> d-------- c:\documents and settings\Ja\Dane aplikacji\DAEMON Tools 2009-03-13 17:05 . 2009-03-13 17:05 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite 2009-03-13 17:02 . 2009-03-13 17:02 <DIR> d-------- c:\documents and settings\Ja\Dane aplikacji\DAEMON Tools Lite 2009-03-12 18:40 . 2009-03-12 18:43 <DIR> d-------- c:\program files\Kutchka 2009-03-12 18:40 . 2009-03-12 18:40 <DIR> d-------- c:\documents and settings\Ja\Dane aplikacji\Kutchka 2009-03-11 16:26 . 2004-02-17 00:00 434,252 --a------ c:\windows\system32\Msvcrtd.dll 2009-03-11 15:52 . 2009-03-11 16:34 <DIR> d-------- c:\program files\Deluxe Ski Jump 3 2009-03-10 23:15 . 2009-03-13 19:55 <DIR> d-------- c:\program files\ASAP Utilities 2009-03-10 23:12 . 2009-03-10 23:12 <DIR> d---s---- c:\documents and settings\Ja\UserData 2009-03-08 22:08 . 2009-03-13 18:37 <DIR> d-------- c:\documents and settings\Ja\Dane aplikacji\ipla 2009-03-08 22:08 . 2009-03-08 22:08 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ipla 2009-03-08 22:06 . 2009-03-08 22:06 1,700,352 --a------ c:\windows\system32\gdiplus.dll 2009-03-08 22:06 . 2009-03-08 22:06 1,060,864 --a------ c:\windows\system32\mfc71.dll 2009-03-08 22:06 . 2009-03-08 22:06 348,160 --a------ c:\windows\system32\Msvcr71.dll 2009-03-07 21:20 . 2009-03-07 21:20 <DIR> d-------- c:\program files\Combined Community Codec Pack 2009-03-07 21:20 . 2009-03-07 21:22 <DIR> d-------- c:\documents and settings\Ja\Dane aplikacji\BESTplayer 2009-03-07 16:12 . 2009-03-10 22:49 <DIR> d-------- c:\program files\Mustrum 2009-03-06 23:47 . 2009-03-07 00:04 <DIR> d-------- c:\documents and settings\Ja\Dane aplikacji\Kadu 2009-03-03 15:07 . 2009-03-03 15:26 <DIR> d-------- c:\windows\system32\CatRoot_bak 2009-03-03 15:05 . 2008-06-14 19:01 273,024 --------- c:\windows\system32\drivers\bthport.sys 2009-03-03 15:05 . 2008-06-14 19:01 273,024 -----c--- c:\windows\system32\dllcache\bthport.sys 2009-03-03 15:02 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2009-03-03 14:58 . 2009-03-11 14:19 <DIR> d--h----- c:\windows\$hf_mig$ 2009-03-02 22:04 . 2004-08-04 00:44 221,184 --a------ c:\windows\system32\wmpns.dll 2009-03-02 21:53 . 2009-03-11 16:32 <DIR> d-------- c:\program files\Ares 2009-03-02 18:20 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys 2009-03-02 18:10 . 2006-06-03 21:29 48,640 --a------ c:\windows\system32\hpzll4pi.dll 2009-03-02 18:08 . 1998-10-29 16:45 324,608 --a------ c:\windows\IsUninst.exe 2009-03-02 18:08 . 2006-03-03 21:03 282,680 --a------ c:\windows\system32\HPZidr12.dll 2009-03-02 18:08 . 2006-03-03 21:02 204,800 --a------ c:\windows\system32\HPZipr12.dll 2009-03-02 18:08 . 2006-03-03 21:02 94,208 --a------ c:\windows\system32\HPZipt12.dll 2009-03-02 18:08 . 2006-03-03 21:03 90,112 --a------ c:\windows\system32\HPZipm12.exe 2009-03-02 18:08 . 2006-03-03 21:03 86,016 --a------ c:\windows\system32\HPZinw12.exe 2009-03-02 18:08 . 2006-03-03 21:02 57,344 --a------ c:\windows\system32\HPZisn12.dll 2009-03-02 18:07 . 2009-03-02 18:08 <DIR> d-------- c:\program files\HP 2009-03-02 18:07 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys 2009-03-02 18:07 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys 2009-03-02 18:04 . 2008-08-14 14:46 2,181,632 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2009-03-02 18:04 . 2008-08-14 14:46 2,137,600 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-03-02 18:04 . 2008-08-14 14:46 2,059,008 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-03-02 18:04 . 2008-08-14 14:46 2,017,280 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2009-03-02 17:04 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2009-03-02 17:04 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys 2009-03-02 15:52 . 2009-03-02 15:52 0 --a------ c:\windows\nsreg.dat 2009-03-02 15:10 . 2009-03-02 15:10 <DIR> d-------- c:\windows\Sun 2009-03-02 15:10 . 2009-03-02 15:10 <DIR> d-------- c:\program files\Java 2009-03-02 15:10 . 2009-03-02 15:10 410,984 --a------ c:\windows\system32\deploytk.dll 2009-03-02 15:10 . 2009-03-02 15:10 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-03-02 15:05 . 2009-03-02 15:05 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2009-03-02 15:05 . 2009-03-02 15:05 <DIR> d-------- c:\program files\Adobe Media Player 2009-03-02 15:00 . 2009-03-07 19:50 <DIR> d-------- c:\program files\Google 2009-03-02 14:18 . 2009-03-02 14:22 <DIR> d-------- c:\documents and settings\Ja\Dane aplikacji\Nowe Gadu-Gadu 2009-03-02 14:17 . 2009-03-02 14:17 <DIR> d-------- c:\program files\Nowe Gadu-Gadu . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-13 16:38 182,912 ----a-w c:\windows\system32\drivers\ndis.sys 2009-03-12 17:41 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-12 17:40 --------- d-----w c:\program files\Common Files\InstallShield 2009-03-11 13:18 16,608 ----a-w c:\windows\gdrv.sys 2009-03-01 03:27 --------- d-----w c:\program files\Realtek 2009-03-01 03:27 --------- d-----w c:\documents and settings\Ja\Dane aplikacji\InstallShield 2009-03-01 03:23 --------- d-----w c:\program files\Intel 2009-03-01 03:22 --------- d-----w c:\program files\Browser Configuration Utility 2009-03-01 02:59 --------- d-----w c:\program files\microsoft frontpage 2009-03-01 02:57 --------- d-----w c:\program files\Usługi online 2009-02-09 14:19 1,846,528 ----a-w c:\windows\system32\win32k.sys 2009-01-21 16:11 473,600 ----a-w c:\windows\system32\SkanerOnline.dll . ------- Sigcheck ------- 2008-04-13 20:20 182656 558635d3af1c7546d26067d5d9b6959e c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\ndis.sys 2009-03-13 17:38 213376 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\dllcache\ndis.sys 2009-03-13 17:38 213376 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers\ndis.sys 2004-08-04 00:44 1051136 ee53861a5fd70ed4064559004c7f2050 c:\windows\explorer.exe 2004-08-04 00:44 1051648 9ebf9a14277c39fc26d20fc8d1a79785 c:\windows\system32\dllcache\explorer.exe 2008-04-14 18:21 32768 12baf5f183217aa017e7eb64452bc5e4 c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\ctfmon.exe 2004-08-04 00:44 32768 31f0446bffadea8fd120c2e4d9e6bd64 c:\windows\system32\ctfmon.exe 2004-08-04 00:44 32768 56ca4e946768d1152ddc9a122abc7742 c:\windows\system32\dllcache\ctfmon.exe 2008-04-14 18:21 75264 b91d927454a1b70ccd91d37ca1869e00 c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\spoolsv.exe 2004-08-04 00:44 75264 40a65d64bbfe99b5ee4c166be364ddc7 c:\windows\system32\spoolsv.exe 2004-08-04 00:44 75264 2963e4324f6687fb7792381db496eeb2 c:\windows\system32\dllcache\spoolsv.exe 2008-04-14 18:21 44032 44963700e5d9fcbb94472021fff6d08f c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\userinit.exe 2004-08-04 00:44 43008 eaf6dd24b0e2421c1d1f379cb10f008e c:\windows\system32\userinit.exe 2004-08-04 00:44 42496 10e2ae81b64b50b0fc92f94aed1db70b c:\windows\system32\dllcache\userinit.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nidle"="c:\documents and settings\Ja\Dane aplikacji\nidle\nidle.exe" [2009-03-13 77824] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-07 39408] "Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-27 9339496] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 32768] "ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1026048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GEST"="m‘|\ü" [X] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-02 148888] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 32768] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="c:\windows\explorer.exe," [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=bcwcba.dll ijezwn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2009-03-01 23856] S3 IPSECNDISBRIDGE;IP SEC PROTOCOL NDIS BRIDGE DRIVER;c:\windows\system32\ipsecndis.sys [2009-03-13 182912] . Zawartość folderu 'Zaplanowane zadania' 2009-03-13 c:\windows\Tasks\cgtdtkax.job - c:\windows\system32\wvUlIBRJ.dll [] . - - - - USUNIĘTO PUSTE WPISY - - - - BHO-{1e639132-d7df-4ff7-94fc-02148c83f810} - c:\windows\system32\ijezwn.dll BHO-{EA5A9722-11F3-44EC-AEB1-645FFDEA8F8B} - c:\windows\system32\vtUlMdba.dll Toolbar-{FA34EE7E-55EB-41DB-9718-1AE6EA1CF9A5} - c:\program files\IEToolbar\Share Accelerator\ShareAcceleratorToolbar12_11_08.dll WebBrowser-{FA34EE7E-55EB-41DB-9718-1AE6EA1CF9A5} - c:\program files\IEToolbar\Share Accelerator\ShareAcceleratorToolbar12_11_08.dll HKCU-Run-reader_s - c:\documents and settings\Ja\reader_s.exe HKCU-Run-IPLA! - c:\program files\ipla\ipla.exe HKCU-Run-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe HKLM-Run-reader_s - c:\windows\System32\reader_s.exe HKLM-Run-RTHDCPL - RTHDCPL.EXE . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.wp.pl/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: {EB740BC9-D275-4AE5-8154-C540E6187E17} = 194.204.159.1,194.204.152.34 DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab FF - ProfilePath - c:\documents and settings\Ja\Dane aplikacji\Mozilla\Firefox\Profiles\4qbg8a9r.default\ FF - prefs.js: browser.startup.homepage - www.wp.pl . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-14 23:08:51 Windows 5.1.2600 Dodatek Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\HPZipm12.exe c:\program files\Internet Explorer\IEXPLORE.EXE c:\program files\Internet Explorer\IEXPLORE.EXE c:\windows\system32\igfxsrvc.exe . ************************************************************************** . Czas ukończenia: 2009-03-14 23:10:00 - komputer został uruchomiony ponownie [Ja] ComboFix-quarantined-files.txt 2009-03-14 22:09:55 Przed: 14 835 695 616 bajtów wolnych Po: 15,298,146,304 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4 264 --- E O F --- 2009-03-12 13:17:09

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:17:36, on 2009-03-14 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Nowe Gadu-Gadu\gg.exe C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe C:\Documents and Settings\Ja\Pulpit\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\explorer.exe, O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [GEST] m‘|\ü O4 - HKCU\..\Run: [nidle] "C:\Documents and Settings\Ja\Dane aplikacji\nidle\nidle.exe" 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=27986 O17 - HKLM\System\CCS\Services\Tcpip\..\{EB740BC9-D275-4AE5-8154-C540E6187E17}: NameServer = 194.204.159.1,194.204.152.34 O20 - AppInit_DLLs: bcwcba.dll ijezwn.dll O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 4219 bytes

Dodano Dzisiaj, 23:49:
Aha, jeszcze mam prośbę, chyba przypadkiem coś zrobiłem z czyms, co odpowiada za dźwieki xd, nie działają mi.. nie wiem czy trzeba jakies sterowniki zainstalować czy co.... pliki audio nie chcą się otwierać, co z tym zrobić?

**Posty:** 18165 · przez **wojtas** 15 Mar 2009, 10:46

zmień nazwe tematu

**Posty:** 3 · przez **fre92** 15 Mar 2009, 13:58

Czy jest możliwe, że sterowniki/urządzenia/sprzęt wylądowały w kwarantannie? Bo nic nie mam w menedżerze urządzeń! Jesli tak, to gdzie szukac tych plików, jak je przywrócić??

**Posty:** 8001 · przez **Okocza** 15 Mar 2009, 14:03

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

**Posty:** 3 · przez **fre92** 15 Mar 2009, 15:05

Kod: Zaznacz wszystko: ComboFix 09-03-13.02 - Ja 2009-03-15 13:53:22.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1013.677 [GMT 1:00] Uruchomiony z: c:\documents and settings\Ja\Pulpit\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090314-0] *On-access scanning enabled* (Updated) . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Ja\reader_s.exe c:\documents and settings\Ja\Ustawienia lokalne\Temporary Internet Files\fbk.sts c:\windows\system32\config\systemprofile\reader_s.exe c:\windows\system32\drivers\ntndis.sys c:\windows\system32\reader_s.exe [COLOR=RED] . . . jest zainfekowany!![/COLOR] [COLOR=RED] . . . jest zainfekowany!![/COLOR] [COLOR=RED] . . . jest zainfekowany!![/COLOR] . ((((((((((((((((((((((((( Pliki utworzone od 2009-02-15 do 2009-03-15 ))))))))))))))))))))))))))))))) . 2009-03-15 13:45 . 2009-03-15 13:45 <DIR> d-------- c:\windows\ERUNT 2009-03-15 13:44 . 2009-03-15 13:49 <DIR> d-------- C:\SDFix 2009-03-15 13:44 . 2009-03-15 13:44 64,512 --a------ c:\windows\system32\makehm.exe 2009-03-15 13:41 . 2009-03-15 13:43 11,450,853 --a------ c:\windows\services.ex_ 2009-03-15 13:41 . 2009-03-15 13:41 64,512 --a------ c:\windows\system32\gcc.exe 2009-03-15 10:10 . 2009-03-15 13:43 128 --a------ c:\windows\adobe.bat 2009-03-15 10:10 . 2009-03-15 10:18 6 --a------ c:\windows\_id.dat 2009-03-15 01:15 . 2007-11-14 08:18 553 -r------- c:\windows\USetup.iss 2009-03-15 01:14 . 2009-03-15 01:14 339,968 --a------ c:\windows\HideWin.exe 2009-03-15 01:14 . 2005-05-03 11:43 90,112 -r------- c:\windows\Alcmtr.exe 2009-03-15 00:18 . 2009-03-15 00:18 <DIR> d-------- c:\program files\GIGABYTE 2009-03-15 00:17 . 2009-03-15 00:17 <DIR> d-------- c:\windows\Cache 2009-03-15 00:10 . 2008-02-13 07:31 16,876,544 -r------- c:\windows\RTHDCPL.exe 2009-03-15 00:10 . 2007-03-23 12:19 9,734,144 -r------- c:\windows\RTLCPL.exe 2009-03-15 00:10 . 2006-05-04 09:26 2,828,288 -r------- c:\windows\alcwzrd.exe 2009-03-15 00:10 . 2007-06-28 09:44 2,184,192 -r------- c:\windows\MicCal.exe 2009-03-15 00:10 . 2006-07-21 09:14 106,496 -r------- c:\windows\SoundMan.exe 2009-03-14 22:03 . 2009-03-14 22:03 <DIR> d-------- C:\Inetpub 2009-03-14 00:14 . 2009-03-14 00:14 <DIR> d-------- c:\windows\system32\LogFiles 2009-03-14 00:14 . 2009-03-14 00:15 <DIR> d-------- c:\windows\system32\drivers\UMDF 2009-03-13 22:09 . 2009-03-15 00:10 9,781,280 --ahs---- c:\windows\system32\drivers\fidbox.dat 2009-03-13 22:09 . 2009-03-15 00:10 115,700 --ahs---- c:\windows\system32\drivers\fidbox.idx 2009-03-13 20:23 . 2009-03-13 20:23 <DIR> d-------- c:\program files\Alwil Software 2009-03-13 20:23 . 2003-03-18 20:14 499,712 --a------ c:\windows\system32\MSVCP71.dll 2009-03-13 19:36 . 2009-03-13 19:48 <DIR> d-------- c:\program files\SkanerOnline 2009-03-13 18:43 . 2009-03-14 22:54 <DIR> d-------- c:\documents and settings\Ja\Dane aplikacji\Twain 2009-03-13 18:38 . 2009-03-13 18:38 <DIR> d-------- c:\program files\Jcore 2009-03-13 17:37 . 2009-03-13 17:37 82,432 --a------ c:\windows\WCSMON.EXE 2009-03-13 17:36 . 2009-03-13 17:36 <DIR> d-------- c:\documents and settings\Ja\Dane aplikacji\nidle 2009-03-13 17:06 . 2009-03-13 17:06 <DIR> d-------- c:\documents and settings\Ja\Dane aplikacji\DAEMON Tools Pro 2009-03-13 17:06 . 2009-03-13 17:06 <DIR> d-------- c:\documents and settings\Ja\Dane aplikacji\DAEMON Tools 2009-03-13 17:05 . 2009-03-13 17:05 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite 2009-03-13 17:02 . 2009-03-13 17:02 <DIR> d-------- c:\documents and settings\Ja\Dane aplikacji\DAEMON Tools Lite 2009-03-12 18:40 . 2009-03-12 18:43 <DIR> d-------- c:\program files\Kutchka 2009-03-12 18:40 . 2009-03-12 18:40 <DIR> d-------- c:\documents and settings\Ja\Dane aplikacji\Kutchka 2009-03-11 16:26 . 2004-02-17 00:00 434,252 --a------ c:\windows\system32\Msvcrtd.dll 2009-03-11 15:52 . 2009-03-11 16:34 <DIR> d-------- c:\program files\Deluxe Ski Jump 3 2009-03-10 23:15 . 2009-03-13 19:55 <DIR> d-------- c:\program files\ASAP Utilities 2009-03-10 23:12 . 2009-03-10 23:12 <DIR> d---s---- c:\documents and settings\Ja\UserData 2009-03-08 22:08 . 2009-03-13 18:37 <DIR> d-------- c:\documents and settings\Ja\Dane aplikacji\ipla 2009-03-08 22:08 . 2009-03-08 22:08 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ipla 2009-03-08 22:06 . 2009-03-08 22:06 1,700,352 --a------ c:\windows\system32\gdiplus.dll 2009-03-08 22:06 . 2009-03-08 22:06 1,060,864 --a------ c:\windows\system32\mfc71.dll 2009-03-08 22:06 . 2009-03-08 22:06 348,160 --a------ c:\windows\system32\Msvcr71.dll 2009-03-07 21:20 . 2009-03-07 21:20 <DIR> d-------- c:\program files\Combined Community Codec Pack 2009-03-07 21:20 . 2009-03-07 21:22 <DIR> d-------- c:\documents and settings\Ja\Dane aplikacji\BESTplayer 2009-03-07 16:12 . 2009-03-10 22:49 <DIR> d-------- c:\program files\Mustrum 2009-03-06 23:47 . 2009-03-07 00:04 <DIR> d-------- c:\documents and settings\Ja\Dane aplikacji\Kadu 2009-03-03 15:07 . 2009-03-03 15:26 <DIR> d-------- c:\windows\system32\CatRoot_bak 2009-03-03 15:05 . 2008-06-14 19:01 273,024 --------- c:\windows\system32\drivers\bthport.sys 2009-03-03 15:05 . 2008-06-14 19:01 273,024 -----c--- c:\windows\system32\dllcache\bthport.sys 2009-03-03 15:02 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2009-03-03 14:58 . 2009-03-15 13:41 <DIR> d--h----- c:\windows\$hf_mig$ 2009-03-02 22:04 . 2004-08-04 00:44 221,184 --a------ c:\windows\system32\wmpns.dll 2009-03-02 21:53 . 2009-03-11 16:32 <DIR> d-------- c:\program files\Ares 2009-03-02 18:20 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys 2009-03-02 18:10 . 2006-06-03 21:29 48,640 --a------ c:\windows\system32\hpzll4pi.dll 2009-03-02 18:08 . 1998-10-29 16:45 324,608 --a------ c:\windows\IsUninst.exe 2009-03-02 18:08 . 2006-03-03 21:03 282,680 --a------ c:\windows\system32\HPZidr12.dll 2009-03-02 18:08 . 2006-03-03 21:02 204,800 --a------ c:\windows\system32\HPZipr12.dll 2009-03-02 18:08 . 2006-03-03 21:02 94,208 --a------ c:\windows\system32\HPZipt12.dll 2009-03-02 18:08 . 2006-03-03 21:03 90,112 --a------ c:\windows\system32\HPZipm12.exe 2009-03-02 18:08 . 2006-03-03 21:03 86,016 --a------ c:\windows\system32\HPZinw12.exe 2009-03-02 18:08 . 2006-03-03 21:02 57,344 --a------ c:\windows\system32\HPZisn12.dll 2009-03-02 18:07 . 2009-03-02 18:08 <DIR> d-------- c:\program files\HP 2009-03-02 18:07 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys 2009-03-02 18:07 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys 2009-03-02 18:04 . 2008-08-14 14:46 2,181,632 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2009-03-02 18:04 . 2008-08-14 14:46 2,137,600 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-03-02 18:04 . 2008-08-14 14:46 2,059,008 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-03-02 18:04 . 2008-08-14 14:46 2,017,280 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2009-03-02 17:04 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2009-03-02 17:04 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys 2009-03-02 15:52 . 2009-03-02 15:52 0 --a------ c:\windows\nsreg.dat 2009-03-02 15:10 . 2009-03-02 15:10 <DIR> d-------- c:\windows\Sun 2009-03-02 15:10 . 2009-03-02 15:10 <DIR> d-------- c:\program files\Java 2009-03-02 15:10 . 2009-03-02 15:10 410,984 --a------ c:\windows\system32\deploytk.dll 2009-03-02 15:10 . 2009-03-02 15:10 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-03-02 15:05 . 2009-03-02 15:05 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2009-03-02 15:05 . 2009-03-02 15:05 <DIR> d-------- c:\program files\Adobe Media Player 2009-03-02 15:00 . 2009-03-07 19:50 <DIR> d-------- c:\program files\Google 2009-03-02 14:18 . 2009-03-02 14:22 <DIR> d-------- c:\documents and settings\Ja\Dane aplikacji\Nowe Gadu-Gadu 2009-03-02 14:17 . 2009-03-02 14:17 <DIR> d-------- c:\program files\Nowe Gadu-Gadu . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-14 23:22 16,608 ----a-w c:\windows\gdrv.sys 2009-03-13 16:38 182,912 ----a-w c:\windows\system32\drivers\ndis.sys 2009-03-12 17:41 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-12 17:40 --------- d-----w c:\program files\Common Files\InstallShield 2009-03-01 03:27 --------- d-----w c:\program files\Realtek 2009-03-01 03:27 --------- d-----w c:\documents and settings\Ja\Dane aplikacji\InstallShield 2009-03-01 03:23 --------- d-----w c:\program files\Intel 2009-03-01 02:59 --------- d-----w c:\program files\microsoft frontpage 2009-03-01 02:57 --------- d-----w c:\program files\Usługi online . ------- Sigcheck ------- 2008-04-13 20:20 182656 558635d3af1c7546d26067d5d9b6959e c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\ndis.sys 2009-03-13 17:38 213376 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\dllcache\ndis.sys 2009-03-13 17:38 213376 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers\ndis.sys 2004-08-04 00:44 1051136 ee53861a5fd70ed4064559004c7f2050 c:\windows\explorer.exe 2004-08-04 00:44 1051648 9ebf9a14277c39fc26d20fc8d1a79785 c:\windows\system32\dllcache\explorer.exe 2008-04-14 18:21 32768 12baf5f183217aa017e7eb64452bc5e4 c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\ctfmon.exe 2004-08-04 00:44 32768 31f0446bffadea8fd120c2e4d9e6bd64 c:\windows\system32\ctfmon.exe 2004-08-04 00:44 32768 56ca4e946768d1152ddc9a122abc7742 c:\windows\system32\dllcache\ctfmon.exe 2008-04-14 18:21 75264 b91d927454a1b70ccd91d37ca1869e00 c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\spoolsv.exe 2004-08-04 00:44 75264 40a65d64bbfe99b5ee4c166be364ddc7 c:\windows\system32\spoolsv.exe 2004-08-04 00:44 75264 2963e4324f6687fb7792381db496eeb2 c:\windows\system32\dllcache\spoolsv.exe 2008-04-14 18:21 44032 44963700e5d9fcbb94472021fff6d08f c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\userinit.exe 2004-08-04 00:44 43008 eaf6dd24b0e2421c1d1f379cb10f008e c:\windows\system32\userinit.exe 2004-08-04 00:44 42496 10e2ae81b64b50b0fc92f94aed1db70b c:\windows\system32\dllcache\userinit.exe . ((((((((((((((((((((((((((((( SnapShot@2009-03-14_23.09.21.96 ))))))))))))))))))))))))))))))))))))))))) . + 2002-03-11 17:45:04 1,726,264 ----a-w c:\windows\Cache\Adobe Reader 6.0.1\ENUBIG\instmsia.exe + 2002-03-11 18:06:30 1,841,976 ----a-w c:\windows\Cache\Adobe Reader 6.0.1\ENUBIG\instmsiw.exe + 2003-11-03 23:06:25 237,568 ----a-w c:\windows\Cache\Adobe Reader 6.0.1\ENUBIG\setup.exe - 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE + 2005-10-20 19:02:28 184,320 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE + 2008-08-07 14:27:04 184,320 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE + 2009-03-15 12:45:25 1,433,600 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat + 2009-03-15 12:45:25 172,032 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2008-08-07 14:27:04 184,320 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2009-03-15 12:45:23 1,433,600 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat + 2009-03-15 12:45:23 172,032 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat + 2000-08-31 07:00:00 49,152 ----a-w c:\windows\NIRCMD.exe + 2009-03-13 16:49:13 188,034 ----a-w c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1045.dat + 2009-03-13 16:49:13 188,034 ----a-w c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1045.dat.bak + 2009-02-05 21:11:35 1,256,296 ----a-w c:\windows\system32\aswBoot.exe + 2009-02-05 21:04:45 97,480 ----a-w c:\windows\system32\AvastSS.scr - 2009-03-14 22:03:48 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-03-15 13:01:04 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-03-14 22:03:48 32,768 ----a-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat + 2009-03-15 13:01:04 32,768 ----a-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat - 2009-03-14 22:03:48 65,536 ----a-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat + 2009-03-15 13:01:04 98,304 ----a-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat - 2006-10-18 19:03:58 118,272 -c--a-w c:\windows\system32\dllcache\logagent.exe + 2008-06-18 00:09:22 118,784 -c--a-w c:\windows\system32\dllcache\logagent.exe - 2006-10-18 20:47:16 414,208 -c--a-w c:\windows\system32\dllcache\msscp.dll + 2006-12-04 15:21:50 414,720 -c--a-w c:\windows\system32\dllcache\msscp.dll - 2004-08-03 23:44:08 1,281,024 -c--a-w c:\windows\system32\dllcache\ole32.dll + 2005-04-28 19:32:52 1,284,608 -c--a-w c:\windows\system32\dllcache\ole32.dll - 2002-02-27 14:12:38 69,120 -c--a-w c:\windows\system32\dllcache\olecli32.dll + 2005-04-28 19:32:52 75,264 -c--a-w c:\windows\system32\dllcache\olecli32.dll - 2002-02-27 14:12:38 34,304 -c--a-w c:\windows\system32\dllcache\olecnv32.dll + 2005-04-28 19:32:52 37,888 -c--a-w c:\windows\system32\dllcache\olecnv32.dll - 2004-08-03 23:44:10 395,776 -c--a-w c:\windows\system32\dllcache\rpcss.dll + 2005-04-28 19:32:52 395,776 -c--a-w c:\windows\system32\dllcache\rpcss.dll - 2006-10-18 20:47:18 222,208 -c--a-w c:\windows\system32\dllcache\WMASF.dll + 2007-10-25 08:28:30 222,720 -c--a-w c:\windows\system32\dllcache\wmasf.dll - 2006-10-18 20:47:20 937,984 -c--a-w c:\windows\system32\dllcache\WMNetMgr.dll + 2008-06-18 04:03:08 938,496 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll - 2006-10-18 20:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll + 2008-06-18 04:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll + 2009-02-05 21:05:11 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys + 2009-02-05 21:07:12 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys + 2009-02-05 21:08:19 93,296 ----a-w c:\windows\system32\drivers\aswmon.sys + 2009-02-05 21:08:10 94,032 ----a-w c:\windows\system32\drivers\aswmon2.sys + 2009-02-05 21:06:10 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys + 2009-02-05 21:07:23 114,768 ----a-w c:\windows\system32\drivers\aswSP.sys + 2009-02-05 21:06:20 51,376 ----a-w c:\windows\system32\drivers\aswTdi.sys + 2004-08-12 16:45:52 24,064 ------w c:\windows\system32\Hdaudprop.dll + 2004-08-12 16:45:42 5,120 ------w c:\windows\system32\Hdaudpropres.dll + 2004-08-12 16:45:52 79,360 ------w c:\windows\system32\Hdaudpropshortcut.exe - 2006-10-18 19:03:58 118,272 ----a-w c:\windows\system32\logagent.exe + 2008-06-18 00:09:22 118,784 ----a-w c:\windows\system32\logagent.exe - 2006-10-18 20:47:16 414,208 ----a-w c:\windows\system32\msscp.dll + 2006-12-04 15:21:50 414,720 ----a-w c:\windows\system32\msscp.dll - 2004-08-03 23:44:08 1,281,024 ----a-w c:\windows\system32\ole32.dll + 2005-04-28 19:32:52 1,284,608 ----a-w c:\windows\system32\ole32.dll - 2002-02-27 14:12:38 69,120 ----a-w c:\windows\system32\olecli32.dll + 2005-04-28 19:32:52 75,264 ----a-w c:\windows\system32\olecli32.dll - 2002-02-27 14:12:38 34,304 ----a-w c:\windows\system32\olecnv32.dll + 2005-04-28 19:32:52 37,888 ----a-w c:\windows\system32\olecnv32.dll - 2004-08-03 23:44:10 395,776 ----a-w c:\windows\system32\rpcss.dll + 2005-04-28 19:32:52 395,776 ----a-w c:\windows\system32\rpcss.dll - 2005-10-12 23:12:26 14,048 ------w c:\windows\system32\spmsg.dll + 2005-02-25 03:36:06 16,096 ------w c:\windows\system32\spmsg.dll - 2006-10-18 20:47:18 222,208 ----a-w c:\windows\system32\wmasf.dll + 2007-10-25 08:28:30 222,720 ----a-w c:\windows\system32\wmasf.dll - 2006-10-18 20:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll + 2008-06-18 04:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll - 2006-10-18 20:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll + 2008-06-18 04:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll + 2009-03-15 13:01:02 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4fc.dat . -- Migawka wyzerowana -- . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nidle"="c:\documents and settings\Ja\Dane aplikacji\nidle\nidle.exe" [2009-03-13 77824] "reader_s"="c:\documents and settings\Ja\reader_s.exe" [BU] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-07 39408] "Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-27 9339496] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 32768] "ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1026048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GEST"="m‘|\ü" [X] "reader_s"="c:\windows\System32\reader_s.exe" [BU] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-02 148888] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 32768] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="c:\windows\explorer.exe," [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=bcwcba.dll ijezwn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-15 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-15 20560] S3 IPSECNDISBRIDGE;IP SEC PROTOCOL NDIS BRIDGE DRIVER;\??\c:\windows\system32\ipsecndis.sys --> c:\windows\system32\ipsecndis.sys [?] . Zawartość folderu 'Zaplanowane zadania' 2009-03-13 c:\windows\Tasks\cgtdtkax.job - c:\windows\system32\wvUlIBRJ.dll [] . - - - - USUNIĘTO PUSTE WPISY - - - - HKU-Default-Run-services - c:\windows\services.exe HKU-Default-Run-reader_s - c:\windows\system32\config\systemprofile\reader_s.exe . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.wp.pl/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: {EB740BC9-D275-4AE5-8154-C540E6187E17} = 194.204.159.1,194.204.152.34 DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab FF - ProfilePath - c:\documents and settings\Ja\Dane aplikacji\Mozilla\Firefox\Profiles\4qbg8a9r.default\ FF - prefs.js: browser.startup.homepage - www.wp.pl . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-15 14:01:48 Windows 5.1.2600 Dodatek Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\igfxsrvc.exe . ************************************************************************** . Czas ukończenia: 2009-03-15 14:03:27 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-03-15 13:03:24 ComboFix2.txt 2009-03-14 22:10:02 Przed: 15 181 250 560 bajtów wolnych Po: 15,192,154,112 bajtów wolnych Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4 287 --- E O F --- 2009-03-15 09:12:17

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:04:46, on 2009-03-15 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Ja\Pulpit\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: UserInit=C:\WINDOWS\explorer.exe, O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [GEST] m‘|\ü O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [nidle] "C:\Documents and Settings\Ja\Dane aplikacji\nidle\nidle.exe" 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Ja\reader_s.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=27986 O17 - HKLM\System\CCS\Services\Tcpip\..\{EB740BC9-D275-4AE5-8154-C540E6187E17}: NameServer = 194.204.159.1,194.204.152.34 O20 - AppInit_DLLs: bcwcba.dll ijezwn.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 4915 bytes

Kod: Zaznacz wszystko: [b]SDFix: Version 1.240 [/b] Run by Ja on 2009-03-15 at 13:46 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: [b]Name [/b]: protect restore [b]Path [/b]: System32\drivers\protect.sys \??\C:\WINDOWS\system32\drivers\restore.sys protect - Deleted restore - Deleted Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: Trojan Files Found: C:\WINDOWS\SERVICES.EXE - Deleted C:\WINDOWS\system32\2.tmp - Deleted C:\WINDOWS\system32\3.tmp - Deleted C:\WINDOWS\system32\4.tmp - Deleted C:\WINDOWS\system32\5.tmp - Deleted C:\WINDOWS\system32\6.tmp - Deleted C:\WINDOWS\system32\7.tmp - Deleted C:\WINDOWS\system32\8.tmp - Deleted C:\WINDOWS\system32\9.tmp - Deleted C:\WINDOWS\system32\A.tmp - Deleted C:\WINDOWS\system32\B.tmp - Deleted C:\WINDOWS\system32\C.tmp - Deleted C:\WINDOWS\system32\D.tmp - Deleted C:\WINDOWS\system32\E.tmp - Deleted C:\WINDOWS\system32\F.tmp - Deleted C:\WINDOWS\system32\2.tmp - Deleted C:\WINDOWS\system32\10.tmp - Deleted C:\WINDOWS\system32\11.tmp - Deleted C:\WINDOWS\system32\13.tmp - Deleted C:\WINDOWS\system32\14.tmp - Deleted C:\WINDOWS\services.exe - Deleted C:\WINDOWS\system32\ipsecndis.sys - Deleted C:\WINDOWS\system32\ipsecpooler.exe - Deleted C:\WINDOWS\system32\drivers\protect.sys - Deleted Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-15 13:48:44 Windows 5.1.2600 Dodatek Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:fd,a4,c5,4d,89,30,43,02,74,08,70,24,e9,6a,74,fa,3b,0a,d5,03,65,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,f0,8f,b1,76,41,d0,cc,e0,e0,13,79,6a,64,f4,e2,02,66,.. "khjeh"=hex:84,ed,66,0c,3a,16,96,72,1a,fa,31,d5,88,3a,87,cd,19,45,22,0f,ce,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:81,18,55,a4,30,d7,c3,82,7b,35,88,75,8d,56,aa,51,2c,d5,7f,a8,76,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:fd,a4,c5,4d,89,30,43,02,74,08,70,24,e9,6a,74,fa,3b,0a,d5,03,65,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,f0,8f,b1,76,41,d0,cc,e0,e0,13,79,6a,64,f4,e2,02,66,.. "khjeh"=hex:84,ed,66,0c,3a,16,96,72,1a,fa,31,d5,88,3a,87,cd,19,45,22,0f,ce,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:81,18,55,a4,30,d7,c3,82,7b,35,88,75,8d,56,aa,51,2c,d5,7f,a8,76,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:fd,a4,c5,4d,89,30,43,02,74,08,70,24,e9,6a,74,fa,3b,0a,d5,03,65,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,f0,8f,b1,76,41,d0,cc,e0,e0,13,79,6a,64,f4,e2,02,66,.. "khjeh"=hex:84,ed,66,0c,3a,16,96,72,1a,fa,31,d5,88,3a,87,cd,19,45,22,0f,ce,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:81,18,55,a4,30,d7,c3,82,7b,35,88,75,8d,56,aa,51,2c,d5,7f,a8,76,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:fd,a4,c5,4d,89,30,43,02,74,08,70,24,e9,6a,74,fa,3b,0a,d5,03,65,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,f0,8f,b1,76,41,d0,cc,e0,e0,13,79,6a,64,f4,e2,02,66,.. "khjeh"=hex:84,ed,66,0c,3a,16,96,72,1a,fa,31,d5,88,3a,87,cd,19,45,22,0f,ce,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:81,18,55,a4,30,d7,c3,82,7b,35,88,75,8d,56,aa,51,2c,d5,7f,a8,76,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe:*:enabled:@shell32.dll,-1" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [b]Remaining Files [/b]: File Backups: - C:\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: Wed 4 Aug 2004 1,684,992 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe" Wed 4 Aug 2004 78,336 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe" Wed 4 Aug 2004 4,639 A.SH. --- "C:\Program Files\Windows Media Player\mplayer2.exe" Wed 4 Aug 2004 94,208 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe" Sat 14 Mar 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" [b]Finished![/b]

Dodano Dzisiaj, 14:35:
problem brak dźwięków już rozwiązałem

**Posty:** 18165 · przez **wojtas** 15 Mar 2009, 18:20

Wykonaj skan Dr. Web CureIt zapisz sciagajac go pod nazwą lol.com bo masz wirusa ktory infekuje pliki exe... potem daj nowy log z combofixa , hijacka , sdfixa oraz raport z Weba