prosba o sprawdzenie

[yoprzem]

zainstalowalem wlasnie nowe pakiety kodekow i przy jednym z nich byly komentarze ze narton wyszukuje jakies wirusy... a inne AV sobie z tym nie radza. i wlasnie wyskoczyl mi jakis krytyczny blad ktorego nigdy wczesniej nie widzialem wiec prosze o sprawdzenie tak na wszelki wypadek

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 14:17:10, on 2007-12-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
D:\instalki\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/SU1.5/ocx/15030/CTSUEng.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0212C20C-0A0E-484E-9405-9F4DAB6CE6FA}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{0212C20C-0A0E-484E-9405-9F4DAB6CE6FA}: NameServer = 194.204.159.1 217.98.63.164
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\Eset\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - Eset - C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe


[wojtas]

skasuj:

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)

daj loga z combofixa

[yoprzem]

ComboFix 07-12-21.4 - przem 2007-12-25 15:27:17.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.76 [GMT 1:00]
Running from: C:\Documents and Settings\przem\Pulpit\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Driveinfo.log

.
((((((((((((((((((((((((( Files Created from 2007-11-25 to 2007-12-25 )))))))))))))))))))))))))))))))
.

2007-12-25 14:10 . 2007-12-25 14:10 <DIR> d--hs---- C:\FOUND.006
2007-12-25 11:58 . 2007-11-18 19:56 159,744 --a------ C:\WINDOWS\system32\mmfinfo.dll
2007-12-25 11:58 . 2007-11-18 19:55 23,552 --a------ C:\WINDOWS\system32\mkunicode.dll
2007-12-25 11:49 . 2007-12-25 11:49 <DIR> d-------- C:\Program Files\XP Codec Pack
2007-12-24 22:52 . 2007-12-24 22:52 <DIR> d-------- C:\Program Files\BitComet
2007-12-24 01:17 . 2007-12-25 02:18 1,302 --a------ C:\WINDOWS\VPlayer.INI
2007-12-24 01:17 . 2007-12-25 02:18 173 --a------ C:\WINDOWS\VplayerINI.vpl
2007-12-20 21:15 . 2007-12-20 21:15 <DIR> d-------- C:\Program Files\RegCleaner
2007-12-18 23:28 . 2007-12-18 23:28 <DIR> d-------- C:\Program Files\Total Video Converter
2007-12-18 23:28 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2007-12-18 23:05 . 2007-12-18 23:05 <DIR> d-------- C:\Program Files\YouTube Video Downloader
2007-12-18 17:06 . 2007-12-18 17:06 <DIR> d-------- C:\Program Files\SAGEM
2007-12-18 16:29 . 2007-12-18 16:29 <DIR> d-------- C:\Documents and Settings\przem\Dane aplikacji\InstallShield
2007-12-18 16:25 . 2005-06-17 10:26 114,688 --a------ C:\WINDOWS\system32\WLANUTL.dll
2007-12-16 11:23 . 2007-12-18 23:58 1,744 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-16 11:07 . 1999-11-10 11:05 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2007-12-16 08:26 . 1999-12-13 09:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2007-12-16 08:26 . 1999-11-18 09:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2007-12-16 01:21 . 2007-12-16 01:21 <DIR> d-------- C:\Documents and Settings\przem\Dane aplikacji\Creative
2007-12-16 01:04 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd
2007-12-16 01:02 . 2000-05-22 01:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx
2007-12-16 01:02 . 2006-10-06 07:17 53,248 --------- C:\WINDOWS\Ctregrun.exe
2007-12-16 01:00 . 2007-12-16 01:00 417,792 --a------ C:\WINDOWS\system32\awrdscdc.ax
2007-12-16 00:59 . 2007-12-16 00:59 <DIR> d-------- C:\Program Files\Audible
2007-12-16 00:59 . 2001-08-17 22:43 24,576 --------- C:\WINDOWS\system32\msxml3a.dll
2007-12-16 00:54 . 2007-12-16 00:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Creative
2007-12-16 00:49 . 2007-12-16 00:49 <DIR> d--h----- C:\Program Files\Creative Installation Information
2007-12-16 00:49 . 2007-12-16 00:49 <DIR> d-------- C:\Program Files\Creative
2007-12-16 00:49 . 2007-12-16 00:49 <DIR> d-------- C:\Program Files\Common Files\Creative
2007-12-16 00:48 . 2006-10-04 15:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-12-16 00:48 . 2006-10-04 15:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-12-16 00:48 . 2006-10-04 15:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2007-12-16 00:45 . 2007-12-16 00:45 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-16 00:45 . 2007-12-16 00:45 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-15 01:16 . 2007-12-15 01:16 <DIR> d-------- C:\Documents and Settings\przem\.jpi_cache
2007-12-15 01:16 . 2007-12-15 01:16 <DIR> d-------- C:\Documents and Settings\przem\.java
2007-12-14 19:21 . 2007-12-14 19:21 <DIR> d-------- C:\Documents and Settings\przem\Dane aplikacji\Reallusion
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-11-27 12:15 . 2007-12-09 16:48 1,632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-11-25 18:07 . 2007-11-25 18:07 <DIR> d-------- C:\Documents and Settings\przem\Dane aplikacji\Apple Computer
2007-11-25 18:06 . 2007-11-25 18:06 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-11-25 18:05 . 2007-11-25 18:05 <DIR> d-------- C:\Program Files\QuickTime
2007-11-25 18:02 . 2007-11-25 18:02 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2007-11-25 18:01 . 2007-11-25 18:01 <DIR> d-------- C:\WINDOWS\Downloaded Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-27 18:24 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Eset
2007-11-19 11:13 --------- d-----w C:\Documents and Settings\przem\Dane aplikacji\Image Zone Express
2007-11-06 15:06 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-05 13:55 --------- d-----w C:\Program Files\Java
2007-11-05 13:55 --------- d-----w C:\Program Files\Common Files\Java
2007-11-05 13:41 --------- d-----w C:\Program Files\Sunbelt Software
2007-11-02 13:49 --------- d-----w C:\Documents and Settings\przem\Dane aplikacji\HP
2007-11-02 13:48 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HP
2007-11-02 13:46 --------- d-----w C:\Program Files\Common Files\HP
2007-11-02 13:42 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-02 13:41 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-11-02 13:32 --------- d-----w C:\Program Files\HP
2007-10-29 10:21 --------- d-----w C:\Documents and Settings\przem\Dane aplikacji\AdobeUM
2007-10-29 10:17 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-27 22:14 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Avg7
2007-10-27 16:04 --------- d-----w C:\Documents and Settings\przem\Dane aplikacji\Ahead
2007-10-27 16:02 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
2007-10-27 15:28 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2007-10-27 11:10 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-10-27 10:53 --------- d-----w C:\Program Files\Nero
2007-10-27 10:53 --------- d-----w C:\Program Files\Common Files\Ahead
2007-10-27 10:53 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2007-10-26 18:43 --------- d-----w C:\Program Files\AutoConnect
2007-10-26 17:32 --------- d-----w C:\Program Files\Lavasoft
2007-10-26 17:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2007-10-26 17:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-26 11:24 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-10-26 11:24 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-10-25 11:42 --------- d-----w C:\Documents and Settings\przem\Dane aplikacji\Tlen.pl
2007-10-25 11:19 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-25 11:12 --------- d-----w C:\Program Files\Tlen.pl
2007-10-25 10:54 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-25 10:52 558,142 ----a-w C:\WINDOWS\java\Packages\BNV779F3.ZIP
2007-10-25 10:52 155,995 ----a-w C:\WINDOWS\java\Packages\39ZBZZV3.ZIP
2007-10-25 10:47 --------- d-----w C:\Program Files\Usługi online
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2006-12-03 00:14]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2007-10-05 15:20]
"CTRegRun"="C:\WINDOWS\CTRegRun.EXE" [2006-10-06 07:17]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 11:03]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" [2007-09-21 09:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"CTCheck"="C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-10-25 12:51]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56]
"AdslTaskBar"="stmctrl.dll" [2006-06-02 12:01 C:\WINDOWS\system32\stmctrl.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-04 00:44 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 02:41 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-09-21 09:15]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-09-21 09:17]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-09-21 09:15]
R2 ekrn;Eset Service;"C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe" [2007-09-21 09:16]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 15:51]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2006-05-25 16:28]
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\Eset\ESET NOD32 Antivirus\EHttpSrv.exe" [2007-09-21 09:17]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b492cce0-83dd-11dc-a7b9-c296b4c2cf59}]
\Shell\Open(&0)\command - Recycled\ctfmon.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-25 15:40:41
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-25 15:44:47

czy jak wyczyściłem kompa ATFCleanerem to nie powinno mnie dziwić spowolnienie odpalania się stron www w przeglądarce?

[ Dodano: Dzisiaj o 16:04 ]

Kod: Zaznacz wszystko

ComboFix 07-12-21.4 - przem 2007-12-25 15:27:17.3 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.76 [GMT 1:00]
Running from: C:\Documents and Settings\przem\Pulpit\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Driveinfo.log

.
(((((((((((((((((((((((((   Files Created from 2007-11-25 to 2007-12-25  )))))))))))))))))))))))))))))))
.

2007-12-25 14:10 . 2007-12-25 14:10   <DIR>   d--hs----   C:\FOUND.006
2007-12-25 11:58 . 2007-11-18 19:56   159,744   --a------   C:\WINDOWS\system32\mmfinfo.dll
2007-12-25 11:58 . 2007-11-18 19:55   23,552   --a------   C:\WINDOWS\system32\mkunicode.dll
2007-12-25 11:49 . 2007-12-25 11:49   <DIR>   d--------   C:\Program Files\XP Codec Pack
2007-12-24 22:52 . 2007-12-24 22:52   <DIR>   d--------   C:\Program Files\BitComet
2007-12-24 01:17 . 2007-12-25 02:18   1,302   --a------   C:\WINDOWS\VPlayer.INI
2007-12-24 01:17 . 2007-12-25 02:18   173   --a------   C:\WINDOWS\VplayerINI.vpl
2007-12-20 21:15 . 2007-12-20 21:15   <DIR>   d--------   C:\Program Files\RegCleaner
2007-12-18 23:28 . 2007-12-18 23:28   <DIR>   d--------   C:\Program Files\Total Video Converter
2007-12-18 23:28 . 2000-05-22 22:58   608,448   --a------   C:\WINDOWS\system32\comctl32.ocx
2007-12-18 23:05 . 2007-12-18 23:05   <DIR>   d--------   C:\Program Files\YouTube Video Downloader
2007-12-18 17:06 . 2007-12-18 17:06   <DIR>   d--------   C:\Program Files\SAGEM
2007-12-18 16:29 . 2007-12-18 16:29   <DIR>   d--------   C:\Documents and Settings\przem\Dane aplikacji\InstallShield
2007-12-18 16:25 . 2005-06-17 10:26   114,688   --a------   C:\WINDOWS\system32\WLANUTL.dll
2007-12-16 11:23 . 2007-12-18 23:58   1,744   --a------   C:\WINDOWS\system32\d3d9caps.dat
2007-12-16 11:07 . 1999-11-10 11:05   86,016   --a------   C:\WINDOWS\unvise32qt.exe
2007-12-16 08:26 . 1999-12-13 09:01   44,032   ---------   C:\WINDOWS\system32\CTSVCCDA.EXE
2007-12-16 08:26 . 1999-11-18 09:00   25,088   ---------   C:\WINDOWS\system32\CTSVCCTL.EXE
2007-12-16 01:21 . 2007-12-16 01:21   <DIR>   d--------   C:\Documents and Settings\przem\Dane aplikacji\Creative
2007-12-16 01:04 . 2003-06-12 23:25   7,062   --a------   C:\WINDOWS\system32\audiopid.vxd
2007-12-16 01:02 . 2000-05-22 01:58   647,872   ---------   C:\WINDOWS\system32\Mscomct2.ocx
2007-12-16 01:02 . 2006-10-06 07:17   53,248   ---------   C:\WINDOWS\Ctregrun.exe
2007-12-16 01:00 . 2007-12-16 01:00   417,792   --a------   C:\WINDOWS\system32\awrdscdc.ax
2007-12-16 00:59 . 2007-12-16 00:59   <DIR>   d--------   C:\Program Files\Audible
2007-12-16 00:59 . 2001-08-17 22:43   24,576   ---------   C:\WINDOWS\system32\msxml3a.dll
2007-12-16 00:54 . 2007-12-16 00:54   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Creative
2007-12-16 00:49 . 2007-12-16 00:49   <DIR>   d--h-----   C:\Program Files\Creative Installation Information
2007-12-16 00:49 . 2007-12-16 00:49   <DIR>   d--------   C:\Program Files\Creative
2007-12-16 00:49 . 2007-12-16 00:49   <DIR>   d--------   C:\Program Files\Common Files\Creative
2007-12-16 00:48 . 2006-10-04 15:06   1,197,294   ---------   C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-12-16 00:48 . 2006-10-04 15:06   764,868   ---------   C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-12-16 00:48 . 2006-10-04 15:06   217,118   ---------   C:\WINDOWS\system32\dllcache\apphelp.sdb
2007-12-16 00:45 . 2007-12-16 00:45   <DIR>   d--------   C:\WINDOWS\system32\LogFiles
2007-12-16 00:45 . 2007-12-16 00:45   <DIR>   d--------   C:\WINDOWS\system32\drivers\UMDF
2007-12-15 01:16 . 2007-12-15 01:16   <DIR>   d--------   C:\Documents and Settings\przem\.jpi_cache
2007-12-15 01:16 . 2007-12-15 01:16   <DIR>   d--------   C:\Documents and Settings\przem\.java
2007-12-14 19:21 . 2007-12-14 19:21   <DIR>   d--------   C:\Documents and Settings\przem\Dane aplikacji\Reallusion
2007-12-11 10:57 . 2007-12-11 10:57   65,536   --a------   C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57   49,152   --a------   C:\WINDOWS\system32\QuickTime.qts
2007-11-27 12:15 . 2007-12-09 16:48   1,632   --a------   C:\WINDOWS\system32\d3d8caps.dat
2007-11-25 18:07 . 2007-11-25 18:07   <DIR>   d--------   C:\Documents and Settings\przem\Dane aplikacji\Apple Computer
2007-11-25 18:06 . 2007-11-25 18:06   <DIR>   d--h-----   C:\Program Files\InstallShield Installation Information
2007-11-25 18:05 . 2007-11-25 18:05   <DIR>   d--------   C:\Program Files\QuickTime
2007-11-25 18:02 . 2007-11-25 18:02   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2007-11-25 18:01 . 2007-11-25 18:01   <DIR>   d--------   C:\WINDOWS\Downloaded Installations

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-27 18:24   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Eset
2007-11-19 11:13   ---------   d-----w   C:\Documents and Settings\przem\Dane aplikacji\Image Zone Express
2007-11-06 15:06   ---------   d-----w   C:\Program Files\Microsoft ActiveSync
2007-11-05 13:55   ---------   d-----w   C:\Program Files\Java
2007-11-05 13:55   ---------   d-----w   C:\Program Files\Common Files\Java
2007-11-05 13:41   ---------   d-----w   C:\Program Files\Sunbelt Software
2007-11-02 13:49   ---------   d-----w   C:\Documents and Settings\przem\Dane aplikacji\HP
2007-11-02 13:48   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\HP
2007-11-02 13:46   ---------   d-----w   C:\Program Files\Common Files\HP
2007-11-02 13:42   ---------   d-----w   C:\Program Files\Hewlett-Packard
2007-11-02 13:41   ---------   d-----w   C:\Program Files\Common Files\Hewlett-Packard
2007-11-02 13:32   ---------   d-----w   C:\Program Files\HP
2007-10-29 10:21   ---------   d-----w   C:\Documents and Settings\przem\Dane aplikacji\AdobeUM
2007-10-29 10:17   ---------   d-----w   C:\Program Files\Common Files\Adobe
2007-10-27 22:14   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Avg7
2007-10-27 16:04   ---------   d-----w   C:\Documents and Settings\przem\Dane aplikacji\Ahead
2007-10-27 16:02   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
2007-10-27 15:28   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2007-10-27 11:10   ---------   d-----w   C:\Program Files\Common Files\LightScribe
2007-10-27 10:53   ---------   d-----w   C:\Program Files\Nero
2007-10-27 10:53   ---------   d-----w   C:\Program Files\Common Files\Ahead
2007-10-27 10:53   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Nero
2007-10-26 18:43   ---------   d-----w   C:\Program Files\AutoConnect
2007-10-26 17:32   ---------   d-----w   C:\Program Files\Lavasoft
2007-10-26 17:32   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2007-10-26 17:30   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2007-10-26 11:24   499,712   ----a-w   C:\WINDOWS\system32\msvcp71.dll
2007-10-26 11:24   348,160   ----a-w   C:\WINDOWS\system32\msvcr71.dll
2007-10-25 11:42   ---------   d-----w   C:\Documents and Settings\przem\Dane aplikacji\Tlen.pl
2007-10-25 11:19   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2007-10-25 11:12   ---------   d-----w   C:\Program Files\Tlen.pl
2007-10-25 10:54   ---------   d-----w   C:\Program Files\microsoft frontpage
2007-10-25 10:52   558,142   ----a-w   C:\WINDOWS\java\Packages\BNV779F3.ZIP
2007-10-25 10:52   155,995   ----a-w   C:\WINDOWS\java\Packages\39ZBZZV3.ZIP
2007-10-25 10:47   ---------   d-----w   C:\Program Files\Usługi online
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2006-12-03 00:14]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2007-10-05 15:20]
"CTRegRun"="C:\WINDOWS\CTRegRun.EXE" [2006-10-06 07:17]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 11:03]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" [2007-09-21 09:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"CTCheck"="C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-10-25 12:51]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56]
"AdslTaskBar"="stmctrl.dll" [2006-06-02 12:01 C:\WINDOWS\system32\stmctrl.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-04 00:44   15360   --a------   C:\WINDOWS\system32\ctfmon.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 02:41   49152   --a------   C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40   155648   --a------   C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-09-21 09:15]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-09-21 09:17]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-09-21 09:15]
R2 ekrn;Eset Service;"C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe" [2007-09-21 09:16]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 15:51]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2006-05-25 16:28]
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\Eset\ESET NOD32 Antivirus\EHttpSrv.exe" [2007-09-21 09:17]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b492cce0-83dd-11dc-a7b9-c296b4c2cf59}]
\Shell\Open(&0)\command - Recycled\ctfmon.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-25 15:40:41
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-25 15:44:47

czy jak wyczyściłem kompa ATFCleanerem to nie powinno mnie dziwić spowolnienie odpalania się stron www w przeglądarce?

[ Dodano: Dzisiaj o 16:15 ]
sorry za dwa razy to samo ale cos mi komp zlamil i tak jakos dziwnie wyszlo a nie moge juz tego poprawic

[wojtas]

Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\java\Packages\BNV779F3.ZIP
C:\WINDOWS\java\Packages\39ZBZZV3.ZIP

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b492cce0-83dd-11dc-a7b9-c296b4c2cf59}]

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . Potwierdz >>> zresetuje sie komputer

(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER). Rozpocznie się proces usuwania
Potem nowy log z hijacka oraz combofixa

[yoprzem]

COMBOFIX

Kod: Zaznacz wszystko

ComboFix 07-12-21.4 - przem 2007-12-25 16:40:14.4 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.78 [GMT 1:00]
Running from: C:\Documents and Settings\przem\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\przem\Pulpit\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\java\Packages\39ZBZZV3.ZIP
C:\WINDOWS\java\Packages\BNV779F3.ZIP
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\java\Packages\39ZBZZV3.ZIP
C:\WINDOWS\java\Packages\BNV779F3.ZIP

.
(((((((((((((((((((((((((   Files Created from 2007-11-25 to 2007-12-25  )))))))))))))))))))))))))))))))
.

2007-12-25 16:50 . 2007-12-25 16:50   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2007-12-25 16:50 . 2007-12-25 16:50   1,409   --a------   C:\WINDOWS\QTFont.for
2007-12-25 14:10 . 2007-12-25 14:10   <DIR>   d--hs----   C:\FOUND.006
2007-12-25 11:49 . 2007-12-25 11:49   <DIR>   d--------   C:\Program Files\XP Codec Pack
2007-12-24 22:52 . 2007-12-24 22:52   <DIR>   d--------   C:\Program Files\BitComet
2007-12-24 01:17 . 2007-12-25 02:18   1,302   --a------   C:\WINDOWS\VPlayer.INI
2007-12-24 01:17 . 2007-12-25 02:18   173   --a------   C:\WINDOWS\VplayerINI.vpl
2007-12-20 21:15 . 2007-12-20 21:15   <DIR>   d--------   C:\Program Files\RegCleaner
2007-12-18 23:28 . 2007-12-18 23:28   <DIR>   d--------   C:\Program Files\Total Video Converter
2007-12-18 23:28 . 2000-05-22 22:58   608,448   --a------   C:\WINDOWS\system32\comctl32.ocx
2007-12-18 23:05 . 2007-12-18 23:05   <DIR>   d--------   C:\Program Files\YouTube Video Downloader
2007-12-18 17:06 . 2007-12-18 17:06   <DIR>   d--------   C:\Program Files\SAGEM
2007-12-18 16:29 . 2007-12-18 16:29   <DIR>   d--------   C:\Documents and Settings\przem\Dane aplikacji\InstallShield
2007-12-18 16:25 . 2005-06-17 10:26   114,688   --a------   C:\WINDOWS\system32\WLANUTL.dll
2007-12-16 11:23 . 2007-12-18 23:58   1,744   --a------   C:\WINDOWS\system32\d3d9caps.dat
2007-12-16 11:07 . 1999-11-10 11:05   86,016   --a------   C:\WINDOWS\unvise32qt.exe
2007-12-16 08:26 . 1999-12-13 09:01   44,032   ---------   C:\WINDOWS\system32\CTSVCCDA.EXE
2007-12-16 08:26 . 1999-11-18 09:00   25,088   ---------   C:\WINDOWS\system32\CTSVCCTL.EXE
2007-12-16 01:21 . 2007-12-16 01:21   <DIR>   d--------   C:\Documents and Settings\przem\Dane aplikacji\Creative
2007-12-16 01:04 . 2003-06-12 23:25   7,062   --a------   C:\WINDOWS\system32\audiopid.vxd
2007-12-16 01:02 . 2000-05-22 01:58   647,872   ---------   C:\WINDOWS\system32\Mscomct2.ocx
2007-12-16 01:02 . 2006-10-06 07:17   53,248   ---------   C:\WINDOWS\Ctregrun.exe
2007-12-16 01:00 . 2007-12-16 01:00   417,792   --a------   C:\WINDOWS\system32\awrdscdc.ax
2007-12-16 00:59 . 2007-12-16 00:59   <DIR>   d--------   C:\Program Files\Audible
2007-12-16 00:59 . 2001-08-17 22:43   24,576   ---------   C:\WINDOWS\system32\msxml3a.dll
2007-12-16 00:54 . 2007-12-16 00:54   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Creative
2007-12-16 00:49 . 2007-12-16 00:49   <DIR>   d--h-----   C:\Program Files\Creative Installation Information
2007-12-16 00:49 . 2007-12-16 00:49   <DIR>   d--------   C:\Program Files\Creative
2007-12-16 00:49 . 2007-12-16 00:49   <DIR>   d--------   C:\Program Files\Common Files\Creative
2007-12-16 00:48 . 2006-10-04 15:06   1,197,294   ---------   C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-12-16 00:48 . 2006-10-04 15:06   764,868   ---------   C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-12-16 00:48 . 2006-10-04 15:06   217,118   ---------   C:\WINDOWS\system32\dllcache\apphelp.sdb
2007-12-16 00:45 . 2007-12-16 00:45   <DIR>   d--------   C:\WINDOWS\system32\LogFiles
2007-12-16 00:45 . 2007-12-16 00:45   <DIR>   d--------   C:\WINDOWS\system32\drivers\UMDF
2007-12-15 01:16 . 2007-12-15 01:16   <DIR>   d--------   C:\Documents and Settings\przem\.jpi_cache
2007-12-15 01:16 . 2007-12-15 01:16   <DIR>   d--------   C:\Documents and Settings\przem\.java
2007-12-14 19:21 . 2007-12-14 19:21   <DIR>   d--------   C:\Documents and Settings\przem\Dane aplikacji\Reallusion
2007-12-11 10:57 . 2007-12-11 10:57   65,536   --a------   C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57   49,152   --a------   C:\WINDOWS\system32\QuickTime.qts
2007-11-27 12:15 . 2007-12-09 16:48   1,632   --a------   C:\WINDOWS\system32\d3d8caps.dat
2007-11-25 18:07 . 2007-11-25 18:07   <DIR>   d--------   C:\Documents and Settings\przem\Dane aplikacji\Apple Computer
2007-11-25 18:06 . 2007-11-25 18:06   <DIR>   d--h-----   C:\Program Files\InstallShield Installation Information
2007-11-25 18:05 . 2007-11-25 18:05   <DIR>   d--------   C:\Program Files\QuickTime
2007-11-25 18:02 . 2007-11-25 18:02   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2007-11-25 18:01 . 2007-11-25 18:01   <DIR>   d--------   C:\WINDOWS\Downloaded Installations

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-27 18:24   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Eset
2007-11-19 11:13   ---------   d-----w   C:\Documents and Settings\przem\Dane aplikacji\Image Zone Express
2007-11-06 15:06   ---------   d-----w   C:\Program Files\Microsoft ActiveSync
2007-11-05 13:55   ---------   d-----w   C:\Program Files\Java
2007-11-05 13:55   ---------   d-----w   C:\Program Files\Common Files\Java
2007-11-05 13:41   ---------   d-----w   C:\Program Files\Sunbelt Software
2007-11-02 13:49   ---------   d-----w   C:\Documents and Settings\przem\Dane aplikacji\HP
2007-11-02 13:48   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\HP
2007-11-02 13:46   ---------   d-----w   C:\Program Files\Common Files\HP
2007-11-02 13:42   ---------   d-----w   C:\Program Files\Hewlett-Packard
2007-11-02 13:41   ---------   d-----w   C:\Program Files\Common Files\Hewlett-Packard
2007-11-02 13:32   ---------   d-----w   C:\Program Files\HP
2007-10-29 10:21   ---------   d-----w   C:\Documents and Settings\przem\Dane aplikacji\AdobeUM
2007-10-29 10:17   ---------   d-----w   C:\Program Files\Common Files\Adobe
2007-10-27 22:14   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Avg7
2007-10-27 16:04   ---------   d-----w   C:\Documents and Settings\przem\Dane aplikacji\Ahead
2007-10-27 16:02   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
2007-10-27 15:28   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2007-10-27 11:10   ---------   d-----w   C:\Program Files\Common Files\LightScribe
2007-10-27 10:53   ---------   d-----w   C:\Program Files\Nero
2007-10-27 10:53   ---------   d-----w   C:\Program Files\Common Files\Ahead
2007-10-27 10:53   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Nero
2007-10-26 18:43   ---------   d-----w   C:\Program Files\AutoConnect
2007-10-26 17:32   ---------   d-----w   C:\Program Files\Lavasoft
2007-10-26 17:32   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2007-10-26 17:30   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2007-10-26 11:24   499,712   ----a-w   C:\WINDOWS\system32\msvcp71.dll
2007-10-26 11:24   348,160   ----a-w   C:\WINDOWS\system32\msvcr71.dll
2007-10-25 11:42   ---------   d-----w   C:\Documents and Settings\przem\Dane aplikacji\Tlen.pl
2007-10-25 11:19   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2007-10-25 11:12   ---------   d-----w   C:\Program Files\Tlen.pl
2007-10-25 10:54   ---------   d-----w   C:\Program Files\microsoft frontpage
2007-10-25 10:47   ---------   d-----w   C:\Program Files\Usługi online
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2006-12-03 00:14]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2007-10-05 15:20]
"CTRegRun"="C:\WINDOWS\CTRegRun.EXE" [2006-10-06 07:17]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 11:03]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" [2007-09-21 09:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"CTCheck"="C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-10-25 12:51]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56]
"AdslTaskBar"="stmctrl.dll" [2006-06-02 12:01 C:\WINDOWS\system32\stmctrl.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-04 00:44   15360   --a------   C:\WINDOWS\system32\ctfmon.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 02:41   49152   --a------   C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40   155648   --a------   C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-09-21 09:15]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-09-21 09:17]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-09-21 09:15]
R2 ekrn;Eset Service;"C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe" [2007-09-21 09:16]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 15:51]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2006-05-25 16:28]
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\Eset\ESET NOD32 Antivirus\EHttpSrv.exe" [2007-09-21 09:17]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-25 16:50:24
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-25 16:52:54 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-25 15:44


HIJACK

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 16:56:54, on 2007-12-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\instalki\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/SU1.5/ocx/15030/CTSUEng.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0212C20C-0A0E-484E-9405-9F4DAB6CE6FA}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{0212C20C-0A0E-484E-9405-9F4DAB6CE6FA}: NameServer = 194.204.159.1 217.98.63.164
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\Eset\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - Eset - C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe



[wojtas]

czysto

[Kapucino]

zy jak wyczyściłem kompa ATFCleanerem to nie powinno mnie dziwić spowolnienie odpalania się stron www w przeglądarce?

Raczej normalne, wyczyscil temporary internet files, po jakims czasie znowu powinno chodzić lepiej jak z powrotem załaduje te pliki na dysk.

[yoprzem]

ok dzieki za sprawdzenie... i jeszcze jedno pytanie: wiem ze nie mozna wklejać logów kolegów wujków babć itd. ale co jeśli mój kolega ma taki syf w kompie że jedyną rzeczą którą jest w stanie odpalić jest pan google? potem nie jest w stanie wejsc w żadną inną stronę

czy mogę umieścić jego loga?

[wojtas]

czy mogę umieścić jego loga?

tak