Ostatnimi czasy bardzo zwolnił mi internet...
Gry sieciowe czy oglądanie TV jest kłopotliwe, nie wiem czym to jest spowodowane ale na pewno nie wirusami
Z góry dziękuje za jakąkolwiek pomoc...
Mam Neostradę 1,3
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:58:09, on 2008-10-26
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EXPERTool\TBPanel.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O17 - HKLM\System\CCS\Services\Tcpip\..\{F683BDC5-992F-403D-8879-23AF3C6CD117}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 6077 bytes
O4 - HKLM\..\Run: [GEST] =
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
arcziQ napisał(a):Ok Combofixa uruchomić "normalnie" czy w trybie awaryjnym ?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:27:45, on 2008-10-26
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EXPERTool\TBPanel.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O17 - HKLM\System\CCS\Services\Tcpip\..\{F683BDC5-992F-403D-8879-23AF3C6CD117}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 5964 bytes
ComboFix 08-10-24.02 - jeden 2008-10-26 15:22:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1572 [GMT 1:00]
Uruchomiony z: C:\Documents and Settings\jeden\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\nvsvc32.exe -------> A to czasami nie sterownik od Nvdii ??
.
((((((((((((((((((((((((( Pliki utworzone od 2008-09-26 do 2008-10-26 )))))))))))))))))))))))))))))))
.
2008-10-26 12:36 . 2008-10-26 12:36 <DIR> d-------- C:\Program Files\CCleaner
2008-10-25 18:46 . 2008-10-25 18:46 <DIR> d-------- C:\Program Files\VstPlugins
2008-10-25 18:46 . 2008-10-25 18:46 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2008-10-25 18:46 . 2006-06-20 09:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-10-25 18:45 . 2008-10-25 18:45 <DIR> d-------- C:\Program Files\Outsim
2008-10-25 18:45 . 2002-07-07 23:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-10-25 18:43 . 2008-10-25 18:46 <DIR> d-------- C:\Program Files\Image-Line
2008-10-25 13:05 . 2008-10-25 13:05 <DIR> d-------- C:\Buziol Games
2008-10-24 19:32 . 2008-10-24 19:32 <DIR> d-------- C:\Documents and Settings\jeden\Dane aplikacji\ESET
2008-10-24 19:31 . 2008-10-24 19:31 <DIR> d-------- C:\Program Files\ESET
2008-10-24 19:31 . 2008-10-24 19:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-10-22 20:37 . 2008-10-22 20:37 <DIR> d-------- C:\Program Files\K-Meleon
2008-10-22 20:37 . 2008-10-22 20:38 <DIR> d-------- C:\Documents and Settings\jeden\Dane aplikacji\K-Meleon
2008-10-22 16:47 . 2008-10-22 16:47 <DIR> d-------- C:\Program Files\Ashampoo
2008-10-22 16:47 . 2008-10-22 16:47 <DIR> d-------- C:\Documents and Settings\jeden\Dane aplikacji\Ashampoo
2008-10-22 16:47 . 2008-10-22 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo
2008-10-12 16:22 . 2008-10-13 16:27 <DIR> d-------- C:\Program Files\mIRC
2008-10-12 16:22 . 2008-10-13 16:28 <DIR> d-------- C:\Documents and Settings\jeden\Dane aplikacji\mIRC
2008-10-10 19:01 . 2008-10-10 19:01 <DIR> d-------- C:\dupa
2008-10-08 17:41 . 2008-10-08 17:41 319 --a------ C:\WINDOWS\game.ini
2008-10-05 09:45 . 2008-10-05 09:45 <DIR> d-------- C:\Program Files\Thomson
2008-10-05 09:44 . 2008-10-26 15:22 <DIR> d-------- C:\Program Files\Neostrada TP
2008-10-03 08:24 . 2008-10-03 08:24 <DIR> d-------- C:\Documents and Settings\jeden\Dane aplikacji\Leadertech
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-13 13:50 --------- d-----w C:\Program Files\Gadu-Gadu
2008-10-08 16:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-05 08:45 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-24 11:38 --------- d-----w C:\Program Files\Ares
2008-09-20 10:57 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-09-20 10:57 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-09-19 22:11 --------- d-----w C:\Program Files\BitComet
2008-09-18 14:13 --------- d-----w C:\Documents and Settings\jeden\Dane aplikacji\SiteAdvisor
2008-09-18 12:19 --------- d-----w C:\Program Files\Trend Micro
2008-09-16 13:57 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-16 13:57 --------- d--h--r C:\Documents and Settings\jeden\Dane aplikacji\SecuROM
2008-09-16 13:56 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-09-16 13:56 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-09-16 13:56 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-16 13:56 22,328 ----a-w C:\Documents and Settings\jeden\Dane aplikacji\PnkBstrK.sys
2008-09-16 13:56 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-09-16 13:44 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-09-16 13:42 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-09-16 13:42 --------- d-----w C:\Documents and Settings\jeden\Dane aplikacji\DAEMON Tools
2008-09-13 12:32 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-09-13 12:30 --------- d-----w C:\Documents and Settings\jeden\Dane aplikacji\Teleca
2008-09-13 12:27 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cm.sys
2008-09-13 12:27 5,744 ----a-w C:\WINDOWS\system32\drivers\k750wh.sys
2008-09-12 21:31 --------- d-----w C:\Documents and Settings\jeden\Dane aplikacji\Gadu-Gadu
2008-09-12 21:18 --------- d-----w C:\Program Files\Google
2008-09-12 13:24 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\SiteAdvisor
2008-09-12 13:24 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\McAfee
2008-09-11 18:45 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-11 06:43 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-09-11 06:41 --------- d-----w C:\Program Files\Opera
2008-09-11 06:03 --------- d-----w C:\Program Files\Java
2008-09-11 06:02 --------- d-----w C:\Program Files\Common Files\Java
2008-09-11 06:00 --------- d-----w C:\Program Files\Alwil Software
2008-09-11 05:47 --------- d-----w C:\Program Files\EXPERTool
2008-09-11 05:41 --------- d-----w C:\Program Files\Realtek
2008-09-11 05:41 --------- d-----w C:\Documents and Settings\jeden\Dane aplikacji\InstallShield
2008-09-11 05:40 16,608 ----a-w C:\WINDOWS\gdrv.sys
2008-09-11 05:38 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-09-11 05:35 --------- d-----w C:\Program Files\Intel
2008-09-10 13:02 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-10 13:00 --------- d-----w C:\Program Files\Usługi online
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"GAINWARD"="C:\Program Files\EXPERTool\TBPanel.exe" [2008-07-03 2177576]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"ares"="C:\Program Files\Ares\Ares.exe" [2008-08-21 888832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=" [X]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 24576]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 53248]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"E:\\Program Files\\EA Sports\\FIFA 09\\FIFA09.exe"=
"E:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15878:TCP"= 15878:TCP:BitComet 15878 TCP
"15878:UDP"= 15878:UDP:BitComet 15878 UDP
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fe7dea6-818f-11dd-9f87-000e50e250bd}]
\Shell\AutoRun\command - setup.exe
*Newly Created Service* - PROCEXP90
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\jeden\Dane aplikacji\Mozilla\Firefox\Profiles\f1dr8ais.default\
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 15:23:42
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2008-10-26 15:24:16
ComboFix-quarantined-files.txt 2008-10-26 14:24:13
Przed: 36 824 322 048 bajtów wolnych
Po: 36,831,985,664 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
154
arcziQ napisał(a):HijackThis (nic jeszcze nie usuwałem
FILE::
C:\WINDOWS\system32\rewire.dll
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fe7dea6-818f-11dd-9f87-000e50e250bd}]
C:\dupa
wklej do notatnika
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fe7dea6-818f-11dd-9f87-000e50e250bd}]
zapisz jako fix.reg
C:\dupa
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:25:21, on 2008-10-26
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EXPERTool\TBPanel.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O17 - HKLM\System\CCS\Services\Tcpip\..\{F683BDC5-992F-403D-8879-23AF3C6CD117}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 5077 bytes
ComboFix 08-10-24.02 - jeden 2008-10-26 18:10:15.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1584 [GMT 1:00]
Uruchomiony z: C:\Documents and Settings\jeden\Pulpit\ComboFix.exe
Użyto następujących komend :: C:\Documents and Settings\jeden\Pulpit\CFScript.txt
* Utworzono nowy punkt przywracania
* Resident AV is active
FILE ::
C:\WINDOWS\system32\rewire.dll
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\rewire.dll
.
((((((((((((((((((((((((( Pliki utworzone od 2008-09-26 do 2008-10-26 )))))))))))))))))))))))))))))))
.
2008-10-26 12:36 . 2008-10-26 12:36 <DIR> d-------- C:\Program Files\CCleaner
2008-10-25 18:46 . 2008-10-26 17:49 <DIR> d-------- C:\Program Files\VstPlugins
2008-10-25 18:45 . 2008-10-25 18:45 <DIR> d-------- C:\Program Files\Outsim
2008-10-25 18:45 . 2002-07-07 23:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-10-25 18:43 . 2008-10-26 17:49 <DIR> d-------- C:\Program Files\Image-Line
2008-10-25 13:05 . 2008-10-25 13:05 <DIR> d-------- C:\Buziol Games
2008-10-24 19:32 . 2008-10-24 19:32 <DIR> d-------- C:\Documents and Settings\jeden\Dane aplikacji\ESET
2008-10-24 19:31 . 2008-10-24 19:31 <DIR> d-------- C:\Program Files\ESET
2008-10-24 19:31 . 2008-10-24 19:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-10-22 20:37 . 2008-10-22 20:37 <DIR> d-------- C:\Program Files\K-Meleon
2008-10-22 20:37 . 2008-10-22 20:38 <DIR> d-------- C:\Documents and Settings\jeden\Dane aplikacji\K-Meleon
2008-10-22 16:47 . 2008-10-22 16:47 <DIR> d-------- C:\Program Files\Ashampoo
2008-10-22 16:47 . 2008-10-22 16:47 <DIR> d-------- C:\Documents and Settings\jeden\Dane aplikacji\Ashampoo
2008-10-22 16:47 . 2008-10-22 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo
2008-10-12 16:22 . 2008-10-13 16:27 <DIR> d-------- C:\Program Files\mIRC
2008-10-12 16:22 . 2008-10-13 16:28 <DIR> d-------- C:\Documents and Settings\jeden\Dane aplikacji\mIRC
2008-10-08 17:41 . 2008-10-08 17:41 319 --a------ C:\WINDOWS\game.ini
2008-10-05 09:45 . 2008-10-05 09:45 <DIR> d-------- C:\Program Files\Thomson
2008-10-05 09:44 . 2008-10-26 18:09 <DIR> d-------- C:\Program Files\Neostrada TP
2008-10-03 08:24 . 2008-10-03 08:24 <DIR> d-------- C:\Documents and Settings\jeden\Dane aplikacji\Leadertech
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 17:01 --------- d-----w C:\Program Files\BitComet
2008-10-13 13:50 --------- d-----w C:\Program Files\Gadu-Gadu
2008-10-08 16:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-05 08:45 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-24 11:38 --------- d-----w C:\Program Files\Ares
2008-09-20 10:57 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-09-20 10:57 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-09-18 14:13 --------- d-----w C:\Documents and Settings\jeden\Dane aplikacji\SiteAdvisor
2008-09-18 12:19 --------- d-----w C:\Program Files\Trend Micro
2008-09-16 13:57 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-16 13:57 --------- d--h--r C:\Documents and Settings\jeden\Dane aplikacji\SecuROM
2008-09-16 13:56 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-09-16 13:56 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-09-16 13:56 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-16 13:56 22,328 ----a-w C:\Documents and Settings\jeden\Dane aplikacji\PnkBstrK.sys
2008-09-16 13:56 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-09-16 13:44 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-09-16 13:42 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-09-16 13:42 --------- d-----w C:\Documents and Settings\jeden\Dane aplikacji\DAEMON Tools
2008-09-13 12:32 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-09-13 12:30 --------- d-----w C:\Documents and Settings\jeden\Dane aplikacji\Teleca
2008-09-13 12:27 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cm.sys
2008-09-13 12:27 5,744 ----a-w C:\WINDOWS\system32\drivers\k750wh.sys
2008-09-12 21:31 --------- d-----w C:\Documents and Settings\jeden\Dane aplikacji\Gadu-Gadu
2008-09-12 21:18 --------- d-----w C:\Program Files\Google
2008-09-12 13:24 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\SiteAdvisor
2008-09-12 13:24 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\McAfee
2008-09-11 18:45 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-11 06:43 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-09-11 06:41 --------- d-----w C:\Program Files\Opera
2008-09-11 06:03 --------- d-----w C:\Program Files\Java
2008-09-11 06:02 --------- d-----w C:\Program Files\Common Files\Java
2008-09-11 06:00 --------- d-----w C:\Program Files\Alwil Software
2008-09-11 05:47 --------- d-----w C:\Program Files\EXPERTool
2008-09-11 05:41 --------- d-----w C:\Program Files\Realtek
2008-09-11 05:41 --------- d-----w C:\Documents and Settings\jeden\Dane aplikacji\InstallShield
2008-09-11 05:40 16,608 ----a-w C:\WINDOWS\gdrv.sys
2008-09-11 05:38 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-09-11 05:35 --------- d-----w C:\Program Files\Intel
2008-09-10 13:02 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-10 13:00 --------- d-----w C:\Program Files\Usługi online
.
((((((((((((((((((((((((((((( snapshot@2008-10-26_15.23.59,55 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-26 07:45:43 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-26 15:49:04 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-10-26 07:45:43 67,078 ----a-w C:\WINDOWS\system32\perfc015.dat
+ 2008-10-26 15:49:04 67,078 ----a-w C:\WINDOWS\system32\perfc015.dat
- 2008-10-26 07:45:43 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-26 15:49:04 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-10-26 07:45:43 435,978 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2008-10-26 15:49:04 435,978 ----a-w C:\WINDOWS\system32\perfh015.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"GAINWARD"="C:\Program Files\EXPERTool\TBPanel.exe" [2008-07-03 2177576]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"ares"="C:\Program Files\Ares\Ares.exe" [2008-08-21 888832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 24576]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 53248]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"E:\\Program Files\\EA Sports\\FIFA 09\\FIFA09.exe"=
"E:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15878:TCP"= 15878:TCP:BitComet 15878 TCP
"15878:UDP"= 15878:UDP:BitComet 15878 UDP
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fe7dea6-818f-11dd-9f87-000e50e250bd}]
\Shell\AutoRun\command - setup.exe
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 18:11:10
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2008-10-26 18:11:41
ComboFix-quarantined-files.txt 2008-10-26 17:11:38
ComboFix2.txt 2008-10-26 14:24:17
Przed: 37 031 161 856 bajtów wolnych
Po: 37,020,622,848 bajtów wolnych
151
arcziQ napisał(a):PS. utworzyłem plik fix.reg na pulpicie i wprowadzilem informacje do rejestru... Czy mogę już bezpiecznie usunąć ten plik ??
Magik napisał(a):arcziQ napisał(a):PS. utworzyłem plik fix.reg na pulpicie i wprowadzilem informacje do rejestru... Czy mogę już bezpiecznie usunąć ten plik ??
tak
HJT czysty
nie wiem czy ten fix zrobiles przed czy po zrobieniu loga z combofix'a bo ten wpis nadal jest.
to wszystko z mej strony
O4 - HKLM\..\Run: [GEST] =
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
arcziQ napisał(a):Czy to nie czasami wpis od Gigabyte ?
arcziQ napisał(a):Usunięty wcześniej przez ComboFixa, czy ten wpis jest potrzebny ?
arcziQ napisał(a):Czy mogą być jakieś problemy ??
arcziQ napisał(a):Aktualizacje automatyczne,
arcziQ napisał(a):Zapora Systemu
arcziQ napisał(a):Centrum Zabezpieczeń
arcziQ napisał(a):Mam dwurdzeniowy procesor, po starcie systemu obciążenie wynosi 80-85 %,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:01:31, on 2008-11-09
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EXPERTool\TBPanel.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O17 - HKLM\System\CCS\Services\Tcpip\..\{F683BDC5-992F-403D-8879-23AF3C6CD117}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 5848 bytes
F-Secure 8.0.14332.0 2008.11.09 Suspicious:W32/Hidd.k!Gemini
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 3 gości