flisek94 napisał(a):Gdzie mogę znaleźć ten log?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:13, on 2008-07-25
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\HakerzyNET AntiVirus\HakerzyNET_MAV.exe
C:\Program Files\AVerTV\QuickTV.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\irPC\irPC.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HakerzyNET AntiVirus\HakerzyNET_Menu.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: fdkowvbp - {72585F60-1D5F-4B66-8806-53E3973D64B5} - C:\WINDOWS\fdkowvbp.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.09\RivaTuner.exe" /S
O4 - HKLM\..\Run: [lphcngaj0egac] C:\WINDOWS\system32\lphcngaj0egac.exe
O4 - HKLM\..\Run: [SMrhcjgaj0egac] C:\Program Files\rhcjgaj0egac\rhcjgaj0egac.exe
O4 - HKLM\..\Run: [HakerzyNET MAV] C:\Program Files\HakerzyNET AntiVirus\HakerzyNET_MAV.exe
O4 - HKLM\..\Run: [58a815a5] rundll32.exe "C:\WINDOWS\system32\ketseone.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - S-1-5-18 Startup: irPC.lnk = C:\Program Files\irPC\irPC.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: irPC.lnk = C:\Program Files\irPC\irPC.exe (User 'Default user')
O4 - Startup: irPC.lnk = C:\Program Files\irPC\irPC.exe
O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVerTV\QuickTV.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15102/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: eqvwamkl - {B04E4AF3-3AEB-4842-8868-B1B11CBC7D8A} - C:\WINDOWS\eqvwamkl.dll (file missing)
O21 - SSODL: wnslvxtf - {DC712639-5EA9-4156-971B-1B529CA0B7B5} - C:\WINDOWS\wnslvxtf.dll (file missing)
O23 - Service: Harmonogram automatycznej usługi LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 8755 bytes
ComboFix 08-07-24.6 - Przemek 2008-07-25 22:42:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1178 [GMT 4.5:30]
Running from: F:\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Przemek\Dane aplikacji\rhcjgaj0egac
C:\Documents and Settings\Przemek\Pulpit\Error Cleaner.url
C:\Documents and Settings\Przemek\Pulpit\Privacy Protector.url
C:\Documents and Settings\Przemek\Pulpit\Spyware&Malware Protection.url
C:\Documents and Settings\Przemek\Ulubione\Error Cleaner.url
C:\Documents and Settings\Przemek\Ulubione\Privacy Protector.url
C:\Documents and Settings\Przemek\Ulubione\Spyware&Malware Protection.url
C:\Program Files\rhcjgaj0egac
C:\WINDOWS\eqvwamkl.dll
C:\WINDOWS\erfn.exe
C:\WINDOWS\fdkowvbp.dll
C:\WINDOWS\nfavxwdbmfe.dll
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\system32\avi.dll
C:\WINDOWS\system32\byhtdyvi.ini
C:\WINDOWS\system32\cpuinf32.dll
C:\WINDOWS\system32\DivXsm.exe
C:\WINDOWS\system32\ff_liba52.dll
C:\WINDOWS\system32\ff_libdts.dll
C:\WINDOWS\system32\ff_libfaad2.dll
C:\WINDOWS\system32\ff_libmad.dll
C:\WINDOWS\system32\ff_realaac.dll
C:\WINDOWS\system32\ff_samplerate.dll
C:\WINDOWS\system32\ff_tremor.dll
C:\WINDOWS\system32\ff_unrar.dll
C:\WINDOWS\system32\ff_wmv9.dll
C:\WINDOWS\system32\iconv.dll
C:\WINDOWS\system32\iifgGYQG.dll
C:\WINDOWS\system32\libavcodec.dll
C:\WINDOWS\system32\libmpeg2_ff.dll
C:\WINDOWS\system32\libmplayer.dll
C:\WINDOWS\system32\lphcngaj0egac.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mkunicode.dll
C:\WINDOWS\system32\mkx.dll
C:\WINDOWS\system32\mkzlib.dll
C:\WINDOWS\system32\mmfinfo.dll
C:\WINDOWS\system32\mp4.dll
C:\WINDOWS\system32\mplvpx.dll
C:\WINDOWS\system32\ogg.dll
C:\WINDOWS\system32\OggDS.dll
C:\WINDOWS\system32\ogm.dll
C:\WINDOWS\system32\TCJjlRqr.ini
C:\WINDOWS\system32\TCJjlRqr.ini2
C:\WINDOWS\system32\ts.dll
C:\WINDOWS\system32\vorbis.dll
C:\WINDOWS\system32\vorbisenc.dll
C:\WINDOWS\system32\WMV9VCM.dll
C:\WINDOWS\system32\xvidcore.dll
C:\WINDOWS\system32\xxyxWQGw.dll
C:\WINDOWS\wnslvxtf.dll
.
((((((((((((((((((((((((( Files Created from 2008-06-25 to 2008-07-25 )))))))))))))))))))))))))))))))
.
2008-07-25 22:47 . 2008-07-25 22:47 294 ---hs---- C:\WINDOWS\system32\byhtdyvi.ini
2008-07-25 22:42 . 2008-07-25 22:42 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS
2008-07-25 22:32 . 2008-07-25 22:32 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-25 22:32 . 2008-07-25 22:32 <DIR> d-------- C:\Documents and Settings\Przemek\Dane aplikacji\Lavasoft
2008-07-25 21:57 . 2008-07-25 22:24 <DIR> d-------- C:\Program Files\HakerzyNET AntiVirus
2008-07-25 21:45 . 2008-07-25 21:45 94,848 --a------ C:\WINDOWS\system32\ivydthyb.dll
2008-07-25 21:44 . 2008-07-25 21:44 323,584 --a------ C:\WINDOWS\system32\rqRljJCT.dll
2008-07-25 21:38 . 2008-07-25 13:41 86,016 --a------ C:\WINDOWS\grswptdl.exe
2008-07-25 21:36 . 2008-07-25 21:36 <DIR> d-------- C:\Program Files\RM Converter
2008-07-25 19:12 . 2008-07-25 19:13 <DIR> d-------- C:\Program Files\Any Video Converter
2008-07-25 19:12 . 2008-07-25 21:16 <DIR> d-------- C:\Documents and Settings\Przemek\Dane aplikacji\Any Video Converter
2008-07-24 15:40 . 2008-07-24 15:40 <DIR> d-------- C:\Downloads
2008-07-20 16:48 . 2008-07-20 16:48 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-18 22:45 . 2008-07-18 22:45 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-07-05 15:13 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd
2008-07-04 13:20 . 2008-04-14 00:15 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-04 13:20 . 2008-04-14 00:15 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-07-04 13:19 . 2008-07-04 13:19 <DIR> d-------- C:\Program Files\Sony
2008-07-02 14:46 . 2008-07-02 14:46 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-02 14:40 . 2008-07-25 13:49 <DIR> d-------- C:\Program Files\Nowe Gadu-Gadu
2008-06-30 22:05 . 2008-07-01 19:41 <DIR> d-------- C:\Documents and Settings\Przemek\Dane aplikacji\Nowe Gadu-Gadu
2008-06-27 13:01 . 2008-06-27 13:01 <DIR> d-------- C:\Program Files\Lavalys
2008-06-27 11:50 . 2008-06-27 11:50 <DIR> d-------- C:\Program Files\CCleaner
2008-06-25 12:59 . 2008-06-25 12:59 754 --a------ C:\WINDOWS\WORDPAD.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-25 18:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-25 18:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-25 16:46 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-07-25 15:52 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\teamspeak2
2008-07-25 15:51 --------- d-----w C:\Program Files\Steam
2008-07-24 09:07 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-07-08 12:50 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\Skype
2008-07-08 12:19 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\skypePM
2008-07-05 12:53 --------- d-----w C:\Program Files\Gadu-Gadu
2008-07-05 10:54 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\Creative
2008-07-05 10:43 --------- d-----w C:\Program Files\Creative
2008-07-05 07:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-03 09:00 --------- d-----w C:\Program Files\eMule
2008-07-02 11:25 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\uTorrent
2008-07-02 08:39 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-24 08:36 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\U3
2008-06-21 06:33 --------- d-----w C:\Program Files\IrfanView
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:50 --------- d-----w C:\Program Files\Futuremark
2008-06-19 09:55 --------- d-----w C:\Program Files\Motherboard Monitor 5
2008-06-19 09:03 --------- d-----w C:\Program Files\AVerTV
2008-06-18 11:05 --------- d-----w C:\Program Files\uTorrent
2008-06-18 07:50 --------- d-----w C:\Program Files\Real Alternative
2008-06-18 07:50 --------- d-----w C:\Program Files\Media Player Classic
2008-06-18 07:50 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\Media Player Classic
2008-06-18 07:45 --------- d-----w C:\Program Files\MarBit
2008-06-18 05:49 --------- d-----w C:\Program Files\AGEIA Technologies
2008-06-18 05:48 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-06-18 05:45 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-18 05:45 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\DAEMON Tools
2008-06-17 16:08 --------- d-----w C:\Program Files\Magic Video Converter
2008-06-17 15:47 81,920 ----a-w C:\Documents and Settings\Przemek\Dane aplikacji\ezpinst.exe
2008-06-17 15:47 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-06-17 15:47 47,360 ----a-w C:\Documents and Settings\Przemek\Dane aplikacji\pcouffin.sys
2008-06-17 15:47 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\Vso
2008-06-16 05:03 --------- d-----w C:\Program Files\TechniSat DVB
2008-06-16 05:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Technisat
2008-06-16 05:02 --------- d-----w C:\Program Files\MainConcept
2008-06-16 04:57 462,224 ----a-w C:\WINDOWS\system32\drivers\SkyNetBDA.sys
2008-06-16 04:57 418,832 ----a-w C:\WINDOWS\system32\drivers\SkyNET.sys
2008-06-16 04:40 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-06-16 04:38 --------- d-----w C:\Program Files\RivaTuner v2.09
2008-06-15 18:53 --------- d-----w C:\Program Files\irPC
2008-06-15 18:53 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\Elmak
2008-06-15 14:48 22,328 ----a-w C:\Documents and Settings\Przemek\Dane aplikacji\PnkBstrK.sys
2008-06-15 13:02 --------- d-----w C:\Program Files\Skype
2008-06-15 13:02 --------- d-----w C:\Program Files\Common Files\Skype
2008-06-15 13:02 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-06-15 10:22 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-06-15 08:22 --------- d-----w C:\Program Files\SAGEM
2008-06-15 07:51 --------- d-----w C:\Program Files\Intel
2008-06-15 07:49 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\InstallShield
2008-06-15 07:48 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-06-15 07:48 --------- d-----w C:\Program Files\Realtek
2008-06-15 07:47 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-06-15 07:42 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-15 07:41 --------- d-----w C:\Program Files\MSXML 6.0
2008-06-15 07:41 --------- d-----w C:\Program Files\MSXML 4.0
2008-06-15 07:40 --------- d-----w C:\Program Files\Usługi online
2008-06-15 07:38 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-15 07:09 --------- d-----w C:\Program Files\ToniArts
2008-06-15 06:55 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\Gadu-Gadu
2008-06-15 06:50 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Creative
2008-06-15 06:49 --------- d-----w C:\Program Files\Norton Internet Security
2008-06-15 06:46 --------- d-----w C:\Program Files\Winamp
2008-06-15 06:46 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\Winamp
2008-06-15 06:45 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-15 06:45 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-15 06:45 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-15 06:45 --------- d-----w C:\Program Files\Symantec
2008-06-15 06:38 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-15 06:38 --------- d-----w C:\Program Files\Ahead
2008-06-15 06:30 --------- d--h--w C:\Program Files\Creative Installation Information
2008-06-15 06:29 --------- d-----w C:\Program Files\Common Files\Creative
2008-06-15 06:21 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-15 06:17 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\Symantec
2008-06-15 06:16 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-15 06:14 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-15 06:11 --------- d-----w C:\Program Files\Common Files\TV
2008-06-15 06:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-14 17:36 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 09:44 31,280 ----a-w C:\WINDOWS\system32\drivers\SymIM.sys
2008-06-13 09:44 13,093 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2008-06-13 09:44 1,611 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2008-06-13 09:43 96,432 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2008-06-13 09:43 41,008 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2008-06-13 09:43 38,576 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2008-06-13 09:43 37,424 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2008-06-13 09:43 22,320 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2008-06-13 09:43 184,240 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2008-06-13 09:43 13,616 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{855CF1AA-011B-4357-B5FF-79E1097F5E18}]
2008-07-25 21:44 323584 --a------ C:\WINDOWS\system32\rqRljJCT.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:51 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 14:09 486856]
"Nowe Gadu-Gadu"="C:\Program Files\Nowe Gadu-Gadu\gg.exe" [2008-06-27 12:58 8798816]
"CTZDetec.exe"="C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe" [2007-12-18 14:20 401408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
"LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.EXE" [2002-08-15 14:56 886272]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 13:06 40048]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-25 01:23 714608]
"CTCheck"="C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 11:08 397312]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 22:55 2707456]
"58a815a5"="C:\WINDOWS\system32\ivydthyb.dll" [2008-07-25 21:45 94848]
"HakerzyNET MAV"="C:\Program Files\HakerzyNET AntiVirus\HakerzyNET_MAV.exe" [2008-07-25 21:57 829952]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 12:38 16380416 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 22:51 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
C:\Documents and Settings\Przemek\Menu Start\Programy\Autostart\
irPC.lnk - C:\Program Files\irPC\irPC.exe [2005-12-30 11:45:02 107520]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
QuickTV.lnk - C:\Program Files\AVerTV\QuickTV.exe [2005-08-30 20:04:30 405504]
Server4PC.lnk - C:\Program Files\TechniSat DVB\bin\Server4PC.exe [2008-06-16 09:33:01 338448]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i263_32.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"F:\\Gry\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"F:\\Gry\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 CX88XBAR;AVerMedia, AVerTV Crossbar (88x);C:\WINDOWS\system32\drivers\CX88XBAR.sys [2005-12-09 14:16]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 11:02]
R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-04-01 19:46]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2008-06-16 09:27]
S3 SkyNetBDA;TechniSat DVB-PC TV Star PCI (BDA);C:\WINDOWS\system32\DRIVERS\SkyNetBDA.sys [2008-06-16 09:27]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ce9fdb6-4100-11dd-bbd4-00d0d70ec3d1}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a89ae3ef-3abc-11dd-a5db-806d6172696f}]
\Shell\AutoRun\command - G:\Run.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e553dfb2-4cf8-11dd-bbf8-001d7d9f1ecc}]
\shell\open\command - %SystemRoot%\Explorer.exe /idlist,%I,%L
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-07-21 19:08:45 C:\WINDOWS\Tasks\Norton Internet Security - Uruchom pełne skanowanie systemu - Przemek.job"
O3 - Toolbar: fdkowvbp - {72585F60-1D5F-4B66-8806-53E3973D64B5} - C:\WINDOWS\fdkowvbp.dll (file missing)
O4 - HKLM\..\Run: [lphcngaj0egac] C:\WINDOWS\system32\lphcngaj0egac.exe
O4 - HKLM\..\Run: [SMrhcjgaj0egac] C:\Program Files\rhcjgaj0egac\rhcjgaj0egac.exe
O4 - HKLM\..\Run: [58a815a5] rundll32.exe "C:\WINDOWS\system32\ketseone.dll",b
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
O21 - SSODL: eqvwamkl - {B04E4AF3-3AEB-4842-8868-B1B11CBC7D8A} - C:\WINDOWS\eqvwamkl.dll (file missing)
O21 - SSODL: wnslvxtf - {DC712639-5EA9-4156-971B-1B529CA0B7B5} - C:\WINDOWS\wnslvxtf.dll (file missing)
File::
C:\WINDOWS\system32\byhtdyvi.ini
C:\WINDOWS\system32\ivydthyb.dll
C:\WINDOWS\system32\rqRljJCT.dll
C:\WINDOWS\grswptdl.exe
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ce9fdb6-4100-11dd-bbd4-00d0d70ec3d1}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a89ae3ef-3abc-11dd-a5db-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e553dfb2-4cf8-11dd-bbf8-001d7d9f1ecc}]
FILE::
C:\WINDOWS\system32\ivydthyb.dll
C:\WINDOWS\system32\rqRljJCT.dll
C:\WINDOWS\grswptdl.exe
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ce9fdb6-4100-11dd-bbd4-00d0d70ec3d1}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a89ae3ef-3abc-11dd-a5db-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e553dfb2-4cf8-11dd-bbf8-001d7d9f1ecc}]
********************************************************************************
* *
* FixIEDef Log *
* Version 1.5.2.6023 *
* *
********************************************************************************
Created at 21:30:33 on Friday, July 25, 2008
Time Zone :
Logged On User : Przemek
Operating System : Microsoft Windows XP Professional Dodatek Service Pack 3
OS Version : 5.1.2600
System Langauge : Polish
Keyboard Layout : Polish
Processor : X86 Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
System Drive : C:\
Windows Directory : C:\WINDOWS
System Directory : C:\WINDOWS\system32
Total Physical Memory : 2095532 KB
Free Physical Memory : 1611620 KB
Total Virtual Memory : 2097024 KB
Free Virtual Memory : 2013784 KB
Boot State : Normal boot
--------------------------------------------------------------------------------
!!! Files that have been deleted !!!
No malicious files found
--------------------------------------------------------------------------------
!!! Directories that have been removed !!!
No malicious directories to be removed
--------------------------------------------------------------------------------
!!! Registry entries that have been removed !!!
No malicious Registry entries found
================================================================================
All Done :)
ShadowPuterDude
Safe Surfing!!!
[b]SDFix: Version 1.208 [/b]
Run by Przemek on 2008-07-25 at 21:38
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\Documents and Settings\Przemek\Dane aplikacji\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com\settings.sol - Deleted
Folder C:\Documents and Settings\Przemek\Dane aplikacji\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com - Removed
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 21:42:26
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:56,6e,43,73,42,f6,8a,90,f2,62,0b,ef,e8,2c,48,ce,80,1f,2d,93,9b,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,c2,cb,14,8d,fa,15,f8,8d,de,21,b3,f6,e2,0f,bc,6d,74,..
"khjeh"=hex:71,a9,d2,bf,b6,f0,d4,e2,6f,2b,d3,bd,52,bf,8c,d2,b7,11,98,ea,df,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:f2,88,dd,07,16,d9,91,c1,00,83,3d,03,9a,f8,42,d2,f0,4c,f1,aa,45,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:56,6e,43,73,42,f6,8a,90,f2,62,0b,ef,e8,2c,48,ce,80,1f,2d,93,9b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,c2,cb,14,8d,fa,15,f8,8d,de,21,b3,f6,e2,0f,bc,6d,74,..
"khjeh"=hex:71,a9,d2,bf,b6,f0,d4,e2,6f,2b,d3,bd,52,bf,8c,d2,b7,11,98,ea,df,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:f2,88,dd,07,16,d9,91,c1,00,83,3d,03,9a,f8,42,d2,f0,4c,f1,aa,45,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"F:\\Gry\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"="F:\\Gry\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"F:\\Gry\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="F:\\Gry\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Wed 8 Aug 2007 400 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COH32LU.reg"
Wed 8 Aug 2007 403 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COHDLU.reg"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Przemek\Dane aplikacji\U3\temp\Launchpad Removal.exe"
Mon 9 Feb 1998 29,952 A..H. --- "C:\Documents and Settings\Przemek\Moje dokumenty\TVSAT2\TVSAT2\borlndmm.dll"
Mon 9 Feb 1998 996,872 A..H. --- "C:\Documents and Settings\Przemek\Moje dokumenty\TVSAT2\TVSAT2\cp3240mt.dll"
[b]Finished![/b]
flisek94 napisał(a):OK już, a tak poza tym wszystko ok?
flisek94 napisał(a):poza tym wszystko ok?
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 2 gości