Aktualizacje na programosy.pl:
WinTools.net Professional • n-Track Studio • emSzmal • Slack • NetWorx Portable • NetWorx • K7 UltimateSecurity • K7 AntiVirus Premium • AB Commander
-
- Ogłoszenie:
log
22 posty(ów) • Strona 1 z 2 • 1, 2
log
przez agunia79 13 Kwi 2008, 22:15
Ostatnio edytowany przez agunia79 14 Kwi 2008, 19:25, edytowano w sumie 4 razy
przez Uszol 13 Kwi 2008, 22:17
zrób screena co wyskauje, albo wiecej inforamcji, bo jak ja wyłonczam kompa to mi 100 zł z stacji dyskietek wyskakuje i tez nigdy nie wiem czy brac hehe 
napiusz nazwy tych plików..bo moze to zwykły wirus
[ Dodano: Dzisiaj o 21:19 ]
o juz jest info, nie zauważyłem bo edytowałem posta..
napiusz nazwy tych plików..bo moze to zwykły wirus [ Dodano: Dzisiaj o 21:19 ]
o juz jest info, nie zauważyłem bo edytowałem posta..
nigdy nie mów nigdy...
-
Uszol - ~user
- Posty: 110
- Dołączenie: 23 Mar 2008, 10:07
- Miejscowość: ja to mam wiedziec?^^
- Pochwały: 1
przez wojtas 13 Kwi 2008, 22:20
Wykonaj to co jest podane w tym temacie
zastosuj:
smitfraudfix z opcji 2
(sciagasz -> uruchamiasz-> klikasz dowolny klawisz -> wpisujesz w programie 2 i enter potem czekasz chwile -> gdy wyskoczy pytanie w programie Do you want to clean the registry ? to wpisujesz literke Y i znowu enter i czekasz do wyskoczenia raportu (znak ze skan dobiegł konca)
Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje
Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka
zastosuj:
smitfraudfix z opcji 2
(sciagasz -> uruchamiasz-> klikasz dowolny klawisz -> wpisujesz w programie 2 i enter potem czekasz chwile -> gdy wyskoczy pytanie w programie Do you want to clean the registry ? to wpisujesz literke Y i znowu enter i czekasz do wyskoczenia raportu (znak ze skan dobiegł konca)
Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje
Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka
-
wojtas - *mod
- Posty: 18165
- Dołączenie: 13 Sty 2006, 16:00
- Miejscowość: Krzeszyce
- Pochwały: 1656
przez agunia79 13 Kwi 2008, 22:58
chyba nic z tego nie będzie,wyskakuje mi komunikat ze nie może odnależć określonej ścieżki,a potem że nie może otworzyć,nie wiem co dalej,boję się że zaraz coś nawciskam i w ogóle zepsuje.
[ Dodano: Dzisiaj o 20:58 ]
[ Dodano: Dzisiaj o 20:58 ]
przez wojtas 13 Kwi 2008, 22:59
to sciagnij combofixa na dyski i go odpal i czekaj na loga i go podaj na forum
-
wojtas - *mod
- Posty: 18165
- Dołączenie: 13 Sty 2006, 16:00
- Miejscowość: Krzeszyce
- Pochwały: 1656
-
przez agunia79 13 Kwi 2008, 23:07
mogę dać log z combofixa i z hijacka czy to może byc?
ComboFix 08-04-13.1 - user 2008-04-13 23:01:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.102 [GMT 2:00]
ComboFix 08-04-13.1 - user 2008-04-13 23:01:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.102 [GMT 2:00]
- Kod: Zaznacz wszystko
Running from: C:\Documents and Settings\user\Pulpit\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\WINDOWS\system32\_000003_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\_000011_.tmp.dll
C:\WINDOWS\system32\_000012_.tmp.dll
C:\WINDOWS\system32\_000014_.tmp.dll
C:\WINDOWS\system32\_000020_.tmp.dll
D:\Autorun.inf
F:\Autorun.inf
I:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.
2008-04-13 22:52 . 2008-04-13 22:52 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-13 22:48 . 2008-04-13 22:48 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-13 22:44 . 2008-01-18 12:31 <DIR> d--h-c--- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-04-13 22:44 . 2008-01-18 12:31 <DIR> d----c--- C:\Documents and Settings\Administrator\Ulubione
2008-04-13 22:44 . 2008-01-18 11:44 <DIR> d--h-c--- C:\Documents and Settings\Administrator\Szablony
2008-04-13 22:44 . 2008-01-18 12:31 <DIR> d----c--- C:\Documents and Settings\Administrator\Pulpit
2008-04-13 22:44 . 2008-01-18 12:31 <DIR> d----c--- C:\Documents and Settings\Administrator\Moje dokumenty
2008-04-13 22:44 . 2008-01-18 12:31 <DIR> dr---c--- C:\Documents and Settings\Administrator\Menu Start
2008-04-13 22:44 . 2008-01-18 12:31 <DIR> dr-h-c--- C:\Documents and Settings\Administrator\Dane aplikacji
2008-04-13 22:37 . 2008-04-13 22:37 <DIR> d----c--- C:\SDFix
2008-04-13 22:32 . 2008-04-13 22:32 996 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-13 22:31 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-13 22:31 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-13 22:31 . 2008-04-12 17:34 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-13 22:31 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-13 22:31 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-13 22:31 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-13 22:31 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-13 21:46 . 2008-04-13 21:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-13 13:04 . 2008-04-13 13:04 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-04-13 13:02 . 2008-04-13 13:28 <DIR> d----c--- C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier
2008-04-13 13:02 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-13 11:05 . 2007-10-25 18:57 8,483,328 --------- C:\WINDOWS\system32\SET22F.tmp
2008-04-13 10:52 . 2007-04-18 18:14 2,854,400 --a------ C:\WINDOWS\system32\SET143.tmp
2008-04-13 10:27 . 2007-07-09 15:11 584,192 --a------ C:\WINDOWS\system32\SET1D3.tmp
2008-04-13 10:27 . 2007-07-09 15:11 584,192 --a--c--- C:\WINDOWS\system32\dllcache\SET1D4.tmp
2008-04-13 00:36 . 2008-04-13 21:27 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-13 00:36 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-12 18:46 . 2008-04-12 18:46 <DIR> d----c--- C:\Documents and Settings\user\Dane aplikacji\Gadu-Gadu
2008-04-12 00:20 . 2008-04-12 01:16 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-12 00:20 . 2008-04-12 01:16 <DIR> d----c--- C:\Documents and Settings\user\Dane aplikacji\Lavasoft
2008-04-11 12:07 . 2008-04-11 12:07 50,180 --a------ C:\WINDOWS\ePLUS 3.1.1 Gadu-Gadu Uninstaller.exe
2008-04-10 23:04 . 2008-04-10 23:04 1,160 --a------ C:\WINDOWS\mozver.dat
2008-04-10 10:05 . 2007-04-20 10:40 100,992 --a------ C:\WINDOWS\system32\drivers\ewusbmdm.sys
2008-04-10 10:05 . 2007-04-20 10:40 24,448 --a------ C:\WINDOWS\system32\drivers\ewdcsc.sys
2008-04-10 00:55 . 2008-04-10 00:55 <DIR> d----c--- C:\Documents and Settings\LocalService\Menu Start
2008-04-10 00:15 . 2008-04-10 00:29 <DIR> d----c--- C:\Documents and Settings\user\Gadu-Gadu
2008-04-10 00:14 . 2008-04-13 21:42 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-04-09 01:04 . 2008-04-13 19:09 <DIR> d-a--c--- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-04-09 01:04 . 2008-04-09 01:04 <DIR> d----c--- C:\Documents and Settings\All Users\Dane aplikacji\PC Tools
2008-04-08 23:01 . 2008-04-08 23:01 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-08 22:55 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-08 22:55 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-08 22:54 . 2008-04-08 22:54 <DIR> d-------- C:\Program Files\Huawei technologies
2008-04-08 13:14 . 2008-04-13 14:13 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-08 13:12 . 2008-04-13 19:14 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-03-24 19:56 . 2008-03-24 19:56 <DIR> d----c--- C:\Documents and Settings\Agnieszka\Moje dokumenty
2008-03-24 18:50 . 2008-03-24 18:50 <DIR> d----c--- C:\Documents and Settings\user\Dane aplikacji\FastStone
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 20:52 --------- dc----w C:\Documents and Settings\user\Dane aplikacji\OpenOffice.ux.pl2
2008-04-10 08:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-20 13:30 --------- dc----w C:\Documents and Settings\user\Dane aplikacji\Winamp
2008-03-20 12:25 --------- d-----w C:\Program Files\Zoom Player
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-08 20:56 --------- d-----w C:\Program Files\Essentials Codec Pack
2008-03-08 20:50 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-04 11:29 --------- d-----w C:\Program Files\Winamp
2008-03-04 11:12 --------- dc----w C:\Documents and Settings\user\Dane aplikacji\Ahead
2008-02-24 14:44 --------- d-----w C:\Program Files\Object Desktop
2008-02-24 14:44 --------- d-----w C:\Program Files\Common Files\Stardock
2008-02-20 17:30 --------- d-----w C:\Program Files\Activision
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\SET71.tmp
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\SET3F.tmp
2008-02-20 05:38 148,992 ----a-w C:\WINDOWS\system32\SET40.tmp
2008-02-17 14:38 --------- dc----w C:\Documents and Settings\user\Dane aplikacji\GRETECH
2008-02-17 14:38 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\GRETECH
2008-02-17 14:36 --------- d-----w C:\Program Files\GRETECH
2008-02-17 14:34 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-02-17 14:33 --------- d-----w C:\Program Files\AVSMedia
2008-02-17 14:32 --------- d-----w C:\Program Files\MarBit
2008-02-16 22:35 3,080,704 ----a-w C:\WINDOWS\system32\SET14F.tmp
2008-02-16 19:36 --------- dc----w C:\Documents and Settings\user\Dane aplikacji\Nokia Multimedia Player
2008-02-16 17:30 --------- d-----w C:\Program Files\Total Video Converter
2008-02-16 14:10 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-02-16 09:05 662,016 ----a-w C:\WINDOWS\system32\SET147.tmp
2008-02-16 09:05 616,960 ----a-w C:\WINDOWS\system32\SET148.tmp
2008-02-16 09:05 474,112 ------w C:\WINDOWS\system32\SET149.tmp
2008-02-16 09:05 1,494,528 ----a-w C:\WINDOWS\system32\SET14A.tmp
2008-02-16 09:05 1,023,488 ----a-w C:\WINDOWS\system32\SET157.tmp
2008-02-15 23:03 369,152 ------w C:\WINDOWS\system32\SET159.tmp
2008-01-26 14:27 3,668,572 -c--a-w C:\pity2007ngsetup_gp.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-04-13 13:04 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-04-13 13:04 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 22:35 1961984]
"HuaWeiEVDO.exe"="C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe" [2007-05-29 14:43 917504]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 14:20 227328]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 17:16 37376]
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [2007-04-08 18:44 303104]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 16:58 1744896]
C:\Documents and Settings\user\Menu Start\Programy\Autostart\
OpenOffice.ux.pl 2.0.1.lnk - C:\Program Files\OpenOffice.ux.pl 2.0.1\program\quickstart.exe [2006-01-04 00:50:50 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
R3 NtApm;Sterownik interfejsu NT Apm/Legacy;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-10-26 18:48]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{780ddfa0-0679-11dd-aceb-00d0b75309dc}]
\Shell\AutoRun\command - H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9beed110-06d4-11dd-aced-00d0b75309dc}]
\Shell\AutoRun\command - H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{deec60d0-05ad-11dd-ace6-00d0b75309dc}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{deec60d2-05ad-11dd-ace6-00d0b75309dc}]
\Shell\AutoRun\command - H:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-24 16:58:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 23:04:22
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-13 23:05:32
ComboFix-quarantined-files.txt 2008-04-13 21:05:11
Pre-Run: 10,882,691,072 bajtów wolnych
Post-Run: 10,872,410,112 bajtów wolnych
.
2008-04-13 19:29:22 --- E O F ---
przez wojtas 13 Kwi 2008, 23:13
C:\Program Files\Essentials Codec Pack
znasz to??
agunia79 napisał(a):komputer wyskakuje mi info.ze znaleziono podejrzane obiekty
pokaz screena
naciskasz print screen na klawiaturze(obok scroll lock'a) otwierasz painta i ctrl+v. zapisujesz najlepiej pod rozszerzeniem png lub jpeg i wrzucasz na www.up.programosy.pl . bierzesz linki z opcji miniaturka na forum
-
wojtas - *mod
- Posty: 18165
- Dołączenie: 13 Sty 2006, 16:00
- Miejscowość: Krzeszyce
- Pochwały: 1656
-
przez agunia79 13 Kwi 2008, 23:26
a czy mogę pop rostu skasować Essentials Codec Pack? bo nie bardzo wiem co mam tam zrobić,mam tą zawartość która tam jest wysłać tam?
[ Dodano: Dzisiaj o 21:53 ]
dobra,nie zawracajcie sobie głowy,jak się podszkolę i będę miała problem to się odezwę.
[ Dodano: Dzisiaj o 11:31 ]
[ Dodano: Dzisiaj o 11:32 ]
czy to coś da?
[ Dodano: Dzisiaj o 11:37 ]
[ Dodano: Dzisiaj o 11:44 ]
mam pytanie,czy przy usuwaniu szkodników należy je wypuścić z kwarantanny,czy zostawić tak jak są?
[ Dodano: Dzisiaj o 13:13 ]
dziwne,tyle osób to ogląda a nikt nie odpisuje,nie wszyscy tu się tak znają doskonale na wszystkim jak wy.
[ Dodano: Dzisiaj o 21:53 ]
dobra,nie zawracajcie sobie głowy,jak się podszkolę i będę miała problem to się odezwę.
[ Dodano: Dzisiaj o 11:31 ]
- Kod: Zaznacz wszystko
"Silent Runners.vbs", revision 56, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]
"HuaWeiEVDO.exe" = ""C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe"" ["Huawei Technologies Co., Ltd."]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" ["Google Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"PCSuiteTrayApplication" = "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup" ["Nokia"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"WinampAgent" = ""C:\Program Files\Winamp\winampa.exe"" [null data]
"Media Codec Update Service" = "C:\Program Files\Essentials Codec Pack\update.exe -silent" [file not found]
"ISTray" = ""C:\Program Files\Spyware Doctor\pctsTray.exe"" ["PC Tools"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}\(Default) = "ZoneAlarm Spy Blocker BHO"
-> {HKLM...CLSID} = "ZoneAlarm Spy Blocker BHO"
\InProcServer32\(Default) = "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" ["ZoneAlarm"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
[ Dodano: Dzisiaj o 11:32 ]
czy to coś da?
[ Dodano: Dzisiaj o 11:37 ]
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36:34, on 2008-04-14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.ux.pl 2.0.1\program\soffice.exe
C:\Program Files\OpenOffice.ux.pl 2.0.1\program\soffice.BIN
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [HuaWeiEVDO.exe] "C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.ux.pl 2.0.1.lnk = C:\Program Files\OpenOffice.ux.pl 2.0.1\program\quickstart.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{086D4E35-2C8C-4524-944C-3A9F5FFF930D}: NameServer = 213.158.194.1 213.158.193.38
O17 - HKLM\System\CS1\Services\Tcpip\..\{086D4E35-2C8C-4524-944C-3A9F5FFF930D}: NameServer = 213.158.194.1 213.158.193.38
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 4607 bytes
[ Dodano: Dzisiaj o 11:44 ]
mam pytanie,czy przy usuwaniu szkodników należy je wypuścić z kwarantanny,czy zostawić tak jak są?
[ Dodano: Dzisiaj o 13:13 ]
dziwne,tyle osób to ogląda a nikt nie odpisuje,nie wszyscy tu się tak znają doskonale na wszystkim jak wy.
przez wojtas 14 Kwi 2008, 15:48
widze ze nie zrozumiałaś pytania... jesli nie znasz tego to odinstaluj w dodaj usun programy lub/i wywal folder
i daj nowy log z hijacka i combofixa po operacjach
C:\Program Files\Essentials Codec Pack
i daj nowy log z hijacka i combofixa po operacjach
-
wojtas - *mod
- Posty: 18165
- Dołączenie: 13 Sty 2006, 16:00
- Miejscowość: Krzeszyce
- Pochwały: 1656
-
przez agunia79 14 Kwi 2008, 15:52
ok 
[ Dodano: Dzisiaj o 13:54 ]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:53:27, on 2008-04-14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.ux.pl 2.0.1\program\soffice.exe
C:\Program Files\OpenOffice.ux.pl 2.0.1\program\soffice.BIN
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [HuaWeiEVDO.exe] "C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.ux.pl 2.0.1.lnk = C:\Program Files\OpenOffice.ux.pl 2.0.1\program\quickstart.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{086D4E35-2C8C-4524-944C-3A9F5FFF930D}: NameServer = 213.158.194.1 213.158.193.38
O17 - HKLM\System\CS1\Services\Tcpip\..\{086D4E35-2C8C-4524-944C-3A9F5FFF930D}: NameServer = 213.158.194.1 213.158.193.38
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 4181 bytes
[code]
[ Dodano: Dzisiaj o 13:54 ]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:53:27, on 2008-04-14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.ux.pl 2.0.1\program\soffice.exe
C:\Program Files\OpenOffice.ux.pl 2.0.1\program\soffice.BIN
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [HuaWeiEVDO.exe] "C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.ux.pl 2.0.1.lnk = C:\Program Files\OpenOffice.ux.pl 2.0.1\program\quickstart.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{086D4E35-2C8C-4524-944C-3A9F5FFF930D}: NameServer = 213.158.194.1 213.158.193.38
O17 - HKLM\System\CS1\Services\Tcpip\..\{086D4E35-2C8C-4524-944C-3A9F5FFF930D}: NameServer = 213.158.194.1 213.158.193.38
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 4181 bytes
[code]
przez Okocza 14 Kwi 2008, 15:54
wstaw log w tagi code lub quote
eMachines E730G - Core i5-430M, 2GiB RAM, ATI Mobility Radeon HD5470, WD 320GiB; Cort Z-44,DR 0.09-0.42, Peavey Backstage
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
-
Okocza - ~user
- Posty: 8001
- Dołączenie: 19 Mar 2006, 11:53
- Pochwały: 406
-
przez agunia79 14 Kwi 2008, 15:56
weszłam w start,programy,unistal ten szajs,i wyskoczył komunikat brak skrótu uninst.exe
[ Dodano: Dzisiaj o 14:00 ]
[code]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:53:27, on 2008-04-14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.ux.pl 2.0.1\program\soffice.exe
C:\Program Files\OpenOffice.ux.pl 2.0.1\program\soffice.BIN
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [HuaWeiEVDO.exe] "C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.ux.pl 2.0.1.lnk = C:\Program Files\OpenOffice.ux.pl 2.0.1\program\quickstart.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{086D4E35-2C8C-4524-944C-3A9F5FFF930D}: NameServer = 213.158.194.1 213.158.193.38
O17 - HKLM\System\CS1\Services\Tcpip\..\{086D4E35-2C8C-4524-944C-3A9F5FFF930D}: NameServer = 213.158.194.1 213.158.193.38
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 4181 bytes
[code][/code][code][/code]
[ Dodano: Dzisiaj o 14:00 ]
[code]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:53:27, on 2008-04-14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.ux.pl 2.0.1\program\soffice.exe
C:\Program Files\OpenOffice.ux.pl 2.0.1\program\soffice.BIN
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [HuaWeiEVDO.exe] "C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.ux.pl 2.0.1.lnk = C:\Program Files\OpenOffice.ux.pl 2.0.1\program\quickstart.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{086D4E35-2C8C-4524-944C-3A9F5FFF930D}: NameServer = 213.158.194.1 213.158.193.38
O17 - HKLM\System\CS1\Services\Tcpip\..\{086D4E35-2C8C-4524-944C-3A9F5FFF930D}: NameServer = 213.158.194.1 213.158.193.38
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 4181 bytes
[code][/code][code][/code]
przez Okocza 14 Kwi 2008, 16:00
wejdź w
- Kod: Zaznacz wszystko
C:\Program Files\Essentials Codec Pack
eMachines E730G - Core i5-430M, 2GiB RAM, ATI Mobility Radeon HD5470, WD 320GiB; Cort Z-44,DR 0.09-0.42, Peavey Backstage
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
-
Okocza - ~user
- Posty: 8001
- Dołączenie: 19 Mar 2006, 11:53
- Pochwały: 406
-
przez agunia79 14 Kwi 2008, 16:02
[quote]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:53:27, on 2008-04-14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.ux.pl 2.0.1\program\soffice.exe
C:\Program Files\OpenOffice.ux.pl 2.0.1\program\soffice.BIN
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [HuaWeiEVDO.exe] "C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.ux.pl 2.0.1.lnk = C:\Program Files\OpenOffice.ux.pl 2.0.1\program\quickstart.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{086D4E35-2C8C-4524-944C-3A9F5FFF930D}: NameServer = 213.158.194.1 213.158.193.38
O17 - HKLM\System\CS1\Services\Tcpip\..\{086D4E35-2C8C-4524-944C-3A9F5FFF930D}: NameServer = 213.158.194.1 213.158.193.38
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 4181 bytes
[ Dodano: Dzisiaj o 14:05 ]
przepraszam za utrudnienia
Scan saved at 15:53:27, on 2008-04-14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.ux.pl 2.0.1\program\soffice.exe
C:\Program Files\OpenOffice.ux.pl 2.0.1\program\soffice.BIN
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [HuaWeiEVDO.exe] "C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.ux.pl 2.0.1.lnk = C:\Program Files\OpenOffice.ux.pl 2.0.1\program\quickstart.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{086D4E35-2C8C-4524-944C-3A9F5FFF930D}: NameServer = 213.158.194.1 213.158.193.38
O17 - HKLM\System\CS1\Services\Tcpip\..\{086D4E35-2C8C-4524-944C-3A9F5FFF930D}: NameServer = 213.158.194.1 213.158.193.38
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 4181 bytes
- Kod: Zaznacz wszystko
- Kod: Zaznacz wszystko
[/quote]
[size=75][ [i][b][color=#B50158]Dodano:[/b] Dzisiaj o 14:03[/i] ][/size] [/color]
[code]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:53:27, on 2008-04-14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.ux.pl 2.0.1\program\soffice.exe
C:\Program Files\OpenOffice.ux.pl 2.0.1\program\soffice.BIN
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [HuaWeiEVDO.exe] "C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.ux.pl 2.0.1.lnk = C:\Program Files\OpenOffice.ux.pl 2.0.1\program\quickstart.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{086D4E35-2C8C-4524-944C-3A9F5FFF930D}: NameServer = 213.158.194.1 213.158.193.38
O17 - HKLM\System\CS1\Services\Tcpip\..\{086D4E35-2C8C-4524-944C-3A9F5FFF930D}: NameServer = 213.158.194.1 213.158.193.38
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 4181 bytes
[ Dodano: Dzisiaj o 14:05 ]
przepraszam za utrudnienia
przez Okocza 14 Kwi 2008, 16:06
wojtas napisał(a):daj nowy log z combofixa
eMachines E730G - Core i5-430M, 2GiB RAM, ATI Mobility Radeon HD5470, WD 320GiB; Cort Z-44,DR 0.09-0.42, Peavey Backstage
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
-
Okocza - ~user
- Posty: 8001
- Dołączenie: 19 Mar 2006, 11:53
- Pochwały: 406
-
przez Okocza 14 Kwi 2008, 16:58
wyłącz antywirusa i daj loga z combofixa
eMachines E730G - Core i5-430M, 2GiB RAM, ATI Mobility Radeon HD5470, WD 320GiB; Cort Z-44,DR 0.09-0.42, Peavey Backstage
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
-
Okocza - ~user
- Posty: 8001
- Dołączenie: 19 Mar 2006, 11:53
- Pochwały: 406
-
przez agunia79 14 Kwi 2008, 19:26
- Kod: Zaznacz wszystko
ComboFix 08-04-13.1 - user 2008-04-14 19:08:51.2 - NTFSx86
Running from: C:\Documents and Settings\user\Pulpit\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 )))))))))))))))))))))))))))))))
.
2008-04-14 13:06 . 2008-04-14 13:06 <DIR> d----c--- C:\Deckard
2008-04-14 00:08 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-14 00:08 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-14 00:08 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-14 00:08 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-14 00:07 . 2008-04-14 19:14 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-04-14 00:07 . 2008-04-14 00:07 <DIR> d-------- C:\Program Files\Google
2008-04-14 00:07 . 2008-04-14 00:07 <DIR> d----c--- C:\Documents and Settings\user\Dane aplikacji\PC Tools
2008-04-13 23:49 . 2008-04-13 23:49 <DIR> d---sc--- C:\Documents and Settings\user\UserData
2008-04-13 22:48 . 2008-04-13 22:48 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-13 22:44 . 2008-04-13 23:05 <DIR> d--h-c--- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-04-13 22:44 . 2008-01-18 12:31 <DIR> d----c--- C:\Documents and Settings\Administrator\Ulubione
2008-04-13 22:44 . 2008-01-18 11:44 <DIR> d--h-c--- C:\Documents and Settings\Administrator\Szablony
2008-04-13 22:44 . 2008-01-18 12:31 <DIR> d----c--- C:\Documents and Settings\Administrator\Pulpit
2008-04-13 22:44 . 2008-01-18 12:31 <DIR> d----c--- C:\Documents and Settings\Administrator\Moje dokumenty
2008-04-13 22:44 . 2008-01-18 12:31 <DIR> dr---c--- C:\Documents and Settings\Administrator\Menu Start
2008-04-13 22:44 . 2008-01-18 12:31 <DIR> dr-h-c--- C:\Documents and Settings\Administrator\Dane aplikacji
2008-04-13 22:37 . 2008-04-13 22:37 <DIR> d----c--- C:\SDFix
2008-04-13 22:32 . 2008-04-13 22:32 996 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-13 22:31 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-13 22:31 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-13 22:31 . 2008-04-12 17:34 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-13 22:31 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-13 22:31 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-13 22:31 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-13 22:31 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-13 21:46 . 2008-04-13 21:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-13 13:02 . 2008-04-13 13:28 <DIR> d----c--- C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier
2008-04-13 13:02 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-13 11:05 . 2007-10-25 18:57 8,483,328 --------- C:\WINDOWS\system32\SET22F.tmp
2008-04-13 10:52 . 2007-04-18 18:14 2,854,400 --a------ C:\WINDOWS\system32\SET143.tmp
2008-04-13 10:27 . 2007-07-09 15:11 584,192 --a------ C:\WINDOWS\system32\SET1D3.tmp
2008-04-13 10:27 . 2007-07-09 15:11 584,192 --a--c--- C:\WINDOWS\system32\dllcache\SET1D4.tmp
2008-04-13 00:36 . 2008-04-13 21:27 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-13 00:36 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-12 18:46 . 2008-04-12 18:46 <DIR> d----c--- C:\Documents and Settings\user\Dane aplikacji\Gadu-Gadu
2008-04-12 00:20 . 2008-04-12 01:16 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-12 00:20 . 2008-04-12 01:16 <DIR> d----c--- C:\Documents and Settings\user\Dane aplikacji\Lavasoft
2008-04-11 12:07 . 2008-04-11 12:07 50,180 --a------ C:\WINDOWS\ePLUS 3.1.1 Gadu-Gadu Uninstaller.exe
2008-04-10 23:04 . 2008-04-10 23:04 1,160 --a------ C:\WINDOWS\mozver.dat
2008-04-10 10:05 . 2007-04-20 10:40 100,992 --a------ C:\WINDOWS\system32\drivers\ewusbmdm.sys
2008-04-10 10:05 . 2007-04-20 10:40 24,448 --a------ C:\WINDOWS\system32\drivers\ewdcsc.sys
2008-04-10 00:55 . 2008-04-10 00:55 <DIR> d----c--- C:\Documents and Settings\LocalService\Menu Start
2008-04-10 00:15 . 2008-04-10 00:29 <DIR> d----c--- C:\Documents and Settings\user\Gadu-Gadu
2008-04-10 00:14 . 2008-04-13 21:42 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-04-09 01:04 . 2008-04-14 19:14 <DIR> d-a--c--- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-04-09 01:04 . 2008-04-09 01:04 <DIR> d----c--- C:\Documents and Settings\All Users\Dane aplikacji\PC Tools
2008-04-08 23:01 . 2008-04-08 23:01 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-08 22:55 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-08 22:55 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-08 22:54 . 2008-04-08 22:54 <DIR> d-------- C:\Program Files\Huawei technologies
2008-04-08 13:14 . 2008-04-13 14:13 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-08 13:12 . 2008-04-13 19:14 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-03-24 19:56 . 2008-03-24 19:56 <DIR> d----c--- C:\Documents and Settings\Agnieszka\Moje dokumenty
2008-03-24 18:50 . 2008-03-24 18:50 <DIR> d----c--- C:\Documents and Settings\user\Dane aplikacji\FastStone
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 17:01 --------- dc----w C:\Documents and Settings\user\Dane aplikacji\OpenOffice.ux.pl2
2008-04-14 12:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-20 13:30 --------- dc----w C:\Documents and Settings\user\Dane aplikacji\Winamp
2008-03-20 12:25 --------- d-----w C:\Program Files\Zoom Player
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-08 20:50 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-04 11:29 --------- d-----w C:\Program Files\Winamp
2008-03-04 11:12 --------- dc----w C:\Documents and Settings\user\Dane aplikacji\Ahead
2008-02-24 14:44 --------- d-----w C:\Program Files\Object Desktop
2008-02-24 14:44 --------- d-----w C:\Program Files\Common Files\Stardock
2008-02-20 17:30 --------- d-----w C:\Program Files\Activision
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\SET71.tmp
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\SET3F.tmp
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:38 148,992 ----a-w C:\WINDOWS\system32\SET40.tmp
2008-02-17 14:38 --------- dc----w C:\Documents and Settings\user\Dane aplikacji\GRETECH
2008-02-17 14:38 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\GRETECH
2008-02-17 14:36 --------- d-----w C:\Program Files\GRETECH
2008-02-17 14:34 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-02-17 14:33 --------- d-----w C:\Program Files\AVSMedia
2008-02-17 14:32 --------- d-----w C:\Program Files\MarBit
2008-02-16 22:35 3,080,704 ----a-w C:\WINDOWS\system32\SET14F.tmp
2008-02-16 19:36 --------- dc----w C:\Documents and Settings\user\Dane aplikacji\Nokia Multimedia Player
2008-02-16 17:30 --------- d-----w C:\Program Files\Total Video Converter
2008-02-16 14:10 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-02-16 09:05 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-16 09:05 662,016 ----a-w C:\WINDOWS\system32\SET147.tmp
2008-02-16 09:05 616,960 ----a-w C:\WINDOWS\system32\SET148.tmp
2008-02-16 09:05 474,112 ------w C:\WINDOWS\system32\SET149.tmp
2008-02-16 09:05 1,494,528 ----a-w C:\WINDOWS\system32\SET14A.tmp
2008-02-16 09:05 1,023,488 ----a-w C:\WINDOWS\system32\SET157.tmp
2008-02-15 23:03 369,152 ------w C:\WINDOWS\system32\SET159.tmp
2008-01-26 14:27 3,668,572 -c--a-w C:\pity2007ngsetup_gp.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-13_23.04.49,79 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-13 20:51:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 17:00:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2004-08-03 22:44:20 1,033,728 ------w C:\WINDOWS\explorer.exe
+ 2007-06-13 13:23:49 1,034,752 ------w C:\WINDOWS\explorer.exe
- 2004-08-03 22:43:54 58,880 ------w C:\WINDOWS\msagent\agentdpv.dll
+ 2007-03-09 13:48:14 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
- 2004-08-03 22:43:52 100,352 ------w C:\WINDOWS\system32\6to4svc.dll
+ 2006-08-16 11:59:43 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
- 2004-08-03 22:43:54 1,017,344 ------w C:\WINDOWS\system32\browseui.dll
+ 2008-02-16 09:05:10 1,023,488 ------w C:\WINDOWS\system32\browseui.dll
- 2004-08-03 22:43:54 229,888 ------w C:\WINDOWS\system32\catsrv.dll
+ 2005-07-26 04:42:32 225,792 ----a-w C:\WINDOWS\system32\catsrv.dll
- 2004-08-03 22:43:54 628,224 ------w C:\WINDOWS\system32\catsrvut.dll
+ 2005-07-26 04:42:33 625,152 ----a-w C:\WINDOWS\system32\catsrvut.dll
- 2004-08-03 22:43:54 501,248 ------w C:\WINDOWS\system32\clbcatq.dll
+ 2005-07-26 04:42:33 498,688 ----a-w C:\WINDOWS\system32\clbcatq.dll
- 2004-08-03 22:43:56 62,464 ------w C:\WINDOWS\system32\colbact.dll
+ 2005-07-26 04:42:33 60,416 ----a-w C:\WINDOWS\system32\colbact.dll
- 2004-08-03 22:43:56 1,251,840 ------w C:\WINDOWS\system32\comsvcs.dll
+ 2005-07-26 04:42:34 1,267,200 ----a-w C:\WINDOWS\system32\comsvcs.dll
- 2004-08-03 22:43:52 100,352 -c----w C:\WINDOWS\system32\dllcache\6to4svc.dll
+ 2006-08-16 11:59:43 100,352 -c--a-w C:\WINDOWS\system32\dllcache\6to4svc.dll
- 2004-08-03 22:43:54 58,880 -c----w C:\WINDOWS\system32\dllcache\agentdpv.dll
+ 2007-03-09 13:48:14 57,344 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
+ 2004-08-03 22:54:52 41,088 -c--a-w C:\WINDOWS\system32\dllcache\amdk6.sys
+ 2004-08-03 22:54:52 60,800 -c--a-w C:\WINDOWS\system32\dllcache\arp1394.sys
+ 2001-10-26 18:03:24 262,528 -c--a-w C:\WINDOWS\system32\dllcache\cinemst2.sys
+ 2004-08-03 22:54:52 40,704 -c--a-w C:\WINDOWS\system32\dllcache\crusoe.sys
+ 2004-08-03 21:08:20 36,224 -c--a-w C:\WINDOWS\system32\dllcache\hidclass.sys
+ 2004-08-03 21:08:18 24,960 -c--a-w C:\WINDOWS\system32\dllcache\hidparse.sys
+ 2004-08-03 22:37:16 40,320 -c--a-w C:\WINDOWS\system32\dllcache\intelppm.sys
+ 2004-08-03 22:54:52 61,824 -c--a-w C:\WINDOWS\system32\dllcache\nic1394.sys
+ 2001-10-26 18:03:24 12,032 -c--a-w C:\WINDOWS\system32\dllcache\nikedrv.sys
+ 2004-08-03 22:54:52 39,552 -c--a-w C:\WINDOWS\system32\dllcache\processr.sys
+ 2001-10-26 18:03:24 12,032 -c--a-w C:\WINDOWS\system32\dllcache\rio8drv.sys
+ 2001-10-26 18:03:24 12,032 -c--a-w C:\WINDOWS\system32\dllcache\riodrv.sys
- 2004-08-03 22:44:10 581,120 -c----w C:\WINDOWS\system32\dllcache\rpcrt4.dll
+ 2007-07-09 13:11:53 584,192 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
+ 2004-08-03 20:59:56 11,136 -c--a-w C:\WINDOWS\system32\dllcache\sffdisk.sys
+ 2004-08-03 22:54:52 25,472 -c--a-w C:\WINDOWS\system32\dllcache\sonydcam.sys
- 2004-08-03 21:07:46 223,616 -c----w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2006-08-16 09:37:30 225,664 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2001-10-26 18:03:24 21,376 -c--a-w C:\WINDOWS\system32\dllcache\tsbvcap.sys
+ 2001-10-26 18:03:24 23,808 -c--a-w C:\WINDOWS\system32\dllcache\usbcamd.sys
+ 2001-10-26 18:03:24 23,936 -c--a-w C:\WINDOWS\system32\dllcache\usbcamd2.sys
- 2006-06-26 17:45:40 148,480 ------w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:38:07 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2004-08-03 22:43:58 243,200 ------w C:\WINDOWS\system32\es.dll
+ 2005-07-26 04:42:34 243,200 ----a-w C:\WINDOWS\system32\es.dll
- 2004-08-03 22:44:02 95,744 ------w C:\WINDOWS\system32\iphlpapi.dll
+ 2006-05-19 13:26:53 95,744 ----a-w C:\WINDOWS\system32\iphlpapi.dll
- 2004-08-03 22:44:02 450,560 ------w C:\WINDOWS\system32\jscript.dll
+ 2007-12-18 14:42:55 450,560 ------w C:\WINDOWS\system32\jscript.dll
- 2004-08-03 22:44:02 294,400 ------w C:\WINDOWS\system32\kerberos.dll
+ 2005-06-15 17:51:00 295,936 ----a-w C:\WINDOWS\system32\kerberos.dll
- 2004-08-03 22:44:02 18,944 ------w C:\WINDOWS\system32\linkinfo.dll
+ 2005-09-01 02:28:38 19,968 ------w C:\WINDOWS\system32\linkinfo.dll
- 2004-08-03 22:44:06 3,003,392 ------w C:\WINDOWS\system32\mshtml.dll
+ 2008-02-16 22:35:14 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2005-05-03 11:58:36 2,890,240 ------w C:\WINDOWS\system32\msi.dll
+ 2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
- 2004-08-03 22:44:06 1,236,480 ------w C:\WINDOWS\system32\msxml3.dll
+ 2007-06-26 06:10:36 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
- 2004-08-03 22:44:06 66,560 ------w C:\WINDOWS\system32\mtxclu.dll
+ 2006-03-01 19:44:19 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll
- 2004-08-03 22:44:08 332,288 ------w C:\WINDOWS\system32\netapi32.dll
+ 2006-08-17 12:30:06 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
- 2004-08-03 22:44:08 198,144 ------w C:\WINDOWS\system32\netman.dll
+ 2005-08-22 18:36:16 197,632 ----a-w C:\WINDOWS\system32\netman.dll
- 2005-04-28 19:32:51 1,284,608 ------w C:\WINDOWS\system32\ole32.dll
+ 2005-07-26 04:42:36 1,284,608 ----a-w C:\WINDOWS\system32\ole32.dll
- 2005-04-28 19:32:51 75,264 ------w C:\WINDOWS\system32\olecli32.dll
+ 2005-07-26 04:42:36 75,264 ----a-w C:\WINDOWS\system32\olecli32.dll
- 2001-10-26 17:29:40 118,272 ------w C:\WINDOWS\system32\oledlg.dll
+ 2006-10-16 16:16:22 123,392 ----a-w C:\WINDOWS\system32\oledlg.dll
- 2008-04-13 08:22:25 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-13 22:09:27 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-13 08:22:25 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat
+ 2008-04-13 22:09:27 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat
- 2008-04-13 08:22:25 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-13 22:09:27 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-04-13 08:22:25 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2008-04-13 22:09:28 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat
- 2004-08-03 22:44:10 174,080 ------w C:\WINDOWS\system32\rasmans.dll
+ 2006-06-22 10:54:46 181,248 ----a-w C:\WINDOWS\system32\rasmans.dll
- 2004-08-03 22:44:10 431,616 ------w C:\WINDOWS\system32\riched20.dll
+ 2006-11-27 14:55:46 433,152 ------w C:\WINDOWS\system32\riched20.dll
- 2004-08-03 22:44:10 581,120 ------w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:11:53 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2005-04-28 19:32:51 395,776 ------w C:\WINDOWS\system32\rpcss.dll
+ 2005-07-26 04:42:36 397,824 ----a-w C:\WINDOWS\system32\rpcss.dll
- 2004-08-03 22:44:10 1,483,264 ------w C:\WINDOWS\system32\shdocvw.dll
+ 2008-02-16 09:05:15 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2004-08-03 22:44:10 8,412,672 ------w C:\WINDOWS\system32\shell32.dll
+ 2007-10-25 16:57:22 8,483,328 ----a-w C:\WINDOWS\system32\shell32.dll
- 2004-08-03 22:44:12 473,600 ------w C:\WINDOWS\system32\shlwapi.dll
+ 2008-02-16 09:05:15 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2004-08-03 22:44:12 135,168 ------w C:\WINDOWS\system32\shsvcs.dll
+ 2006-12-19 21:51:04 135,168 ----a-w C:\WINDOWS\system32\shsvcs.dll
- 2004-08-03 22:44:28 57,856 ------w C:\WINDOWS\system32\spoolsv.exe
+ 2005-06-10 23:53:32 57,856 ----a-w C:\WINDOWS\system32\spoolsv.exe
- 2004-08-03 22:44:14 714,240 ------w C:\WINDOWS\system32\sxs.dll
+ 2006-10-20 01:39:31 714,240 ----a-w C:\WINDOWS\system32\sxs.dll
- 2004-08-03 22:44:14 246,272 ------w C:\WINDOWS\system32\tapisrv.dll
+ 2005-07-08 16:29:17 249,344 ----a-w C:\WINDOWS\system32\tapisrv.dll
- 2004-08-03 22:44:14 118,784 ------w C:\WINDOWS\system32\umpnpmgr.dll
+ 2005-08-23 03:40:06 123,904 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
- 2004-08-03 22:44:14 602,112 ------w C:\WINDOWS\system32\urlmon.dll
+ 2008-02-16 09:05:15 616,960 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2005-03-02 18:18:38 578,560 ------w C:\WINDOWS\system32\user32.dll
+ 2007-03-08 15:38:47 579,072 ----a-w C:\WINDOWS\system32\user32.dll
- 2004-08-03 22:44:14 417,792 ------w C:\WINDOWS\system32\vbscript.dll
+ 2007-12-18 14:42:55 417,792 ------w C:\WINDOWS\system32\vbscript.dll
- 2004-08-03 22:44:14 67,584 ------w C:\WINDOWS\system32\webclnt.dll
+ 2006-01-04 03:36:30 68,096 ----a-w C:\WINDOWS\system32\webclnt.dll
- 2005-03-02 18:18:38 291,840 ------w C:\WINDOWS\system32\winsrv.dll
+ 2007-03-17 13:45:36 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
- 2006-10-16 10:41:05 122,368 ------w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-02-15 23:03:24 369,152 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 22:35 1961984]
"HuaWeiEVDO.exe"="C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe" [2007-05-29 14:43 917504]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-14 00:07 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 14:20 227328]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 11:55 1103240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 16:58 1744896]
C:\Documents and Settings\user\Menu Start\Programy\Autostart\
OpenOffice.ux.pl 2.0.1.lnk - C:\Program Files\OpenOffice.ux.pl 2.0.1\program\quickstart.exe [2006-01-04 00:50:50 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-12-20 17:16 37376 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
R3 NtApm;Sterownik interfejsu NT Apm/Legacy;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-10-26 18:48]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{780ddfa0-0679-11dd-aceb-00d0b75309dc}]
\Shell\AutoRun\command - H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9beed110-06d4-11dd-aced-00d0b75309dc}]
\Shell\AutoRun\command - H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{deec60d0-05ad-11dd-ace6-00d0b75309dc}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{deec60d2-05ad-11dd-ace6-00d0b75309dc}]
\Shell\AutoRun\command - H:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-24 16:58:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 19:16:01
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-14 19:20:11
ComboFix-quarantined-files.txt 2008-04-14 17:19:53
ComboFix2.txt 2008-04-13 21:05:33
Pre-Run: 11,380,133,888 bajtów wolnych
Post-Run: 11,376,422,912 bajtów wolnych
.
2008-04-13 22:46:27 --- E O F ---
[ Dodano: Dzisiaj o 17:27 ]
udalo sie hurrraprzez Okocza 14 Kwi 2008, 19:29
zmien nazwe tematu mowiącą o Twoim problemie
bo ta nic nie mówi...
eMachines E730G - Core i5-430M, 2GiB RAM, ATI Mobility Radeon HD5470, WD 320GiB; Cort Z-44,DR 0.09-0.42, Peavey Backstage
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
-
Okocza - ~user
- Posty: 8001
- Dołączenie: 19 Mar 2006, 11:53
- Pochwały: 406
-
22 posty(ów) • Strona 1 z 2 • 1, 2
Kto jest na forum
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 4 gości