Od niedawna mam spore kłopoty z komputerem- aplikacje wczytują się bardzo długo(szczególnie przeglądarki
), co jakiś czas wyskakują popupy w IE(bez treści, tzn wyświetla, że taka strona nie istnieje) i często użycie procesora wynosi 100%.Niżej daje logi z ComboFixa i Hijacka.
Combofix:
- Kod: Zaznacz wszystko
ComboFix 09-03-06.02 - Gierek 2009-03-07 21:25:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1022.454 [GMT 1:00]
Uruchomiony z: i:\documents and settings\Gierek\Desktop\ComboFix.exe
AV: Norton Internet Security 2006 *On-access scanning disabled* (Updated)
FW: Norton Internet Security 2006 *disabled*
FW: Norton Internet Worm Protection *disabled*
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
i:\windows\IE4 Error Log.txt
i:\windows\system32\arzlnb.dll
i:\windows\system32\AutoRun.inf
i:\windows\system32\bdmnaefb.dll
i:\windows\system32\feigvcul.ini
i:\windows\system32\gokkioli.dll
i:\windows\system32\iloikkog.ini
i:\windows\system32\kduryvpx.ini
i:\windows\system32\KjQWayay.ini
i:\windows\system32\KjQWayay.ini2
i:\windows\system32\lucvgief.dll
i:\windows\system32\ngbvxb.dll
i:\windows\system32\nnnllLBu.dll
i:\windows\system32\piloxmbm.dll
i:\windows\system32\xpvyrudk.dll
i:\windows\system32\yayaWQjK.dll
.
((((((((((((((((((((((((( Pliki utworzone od 2009-02-07 do 2009-03-07 )))))))))))))))))))))))))))))))
.
2009-03-07 21:33 . <DIR> i:\temp\sv6lj.tmp
2009-03-07 21:33 . 2009-03-07 21:33 53,248 --a------ i:\temp\catchme.dll
2009-03-07 21:32 . 2009-03-07 21:32 <DIR> d-------- i:\temp\WPDNSE
2009-03-07 21:22 . 2009-03-07 21:22 48 --a------ i:\windows\wininit.ini
2009-03-07 10:47 . 2009-03-07 10:47 <DIR> d-------- i:\temp\Rar$DR03.266
2009-03-07 10:11 . 2009-03-07 10:11 <DIR> d-------- I:\Downloads
2009-03-06 11:48 . 2009-03-06 11:48 <DIR> d-------- i:\documents and settings\Gierek\Application Data\AxTools
2009-03-06 11:46 . 2009-03-06 21:42 <DIR> d-------- i:\program files\Common Files\AxTools Shared
2009-03-06 11:46 . 2009-03-06 11:48 <DIR> d-------- i:\program files\AxTools CodeSMART 2007 for VB6
2009-03-06 11:38 . 2009-03-06 16:25 <DIR> d-------- i:\documents and settings\Gierek\AphelionOnline
2009-03-06 11:38 . 2008-06-28 00:43 430,080 --a------ i:\windows\system32\cmcs21.ocx
2009-03-06 11:38 . 2008-06-28 00:43 53,248 --a------ i:\windows\system32\zlib.dll
2009-03-05 21:15 . 2009-03-05 21:15 35,840 --a------ i:\windows\system32\ComDlg32.oca
2009-03-05 21:01 . 2009-03-05 21:01 <DIR> d-------- i:\program files\Visual Sound Recorder
2009-03-05 21:01 . 2003-07-01 17:07 1,724,416 --a------ i:\windows\system32\NCTAudioFile2.dll
2009-03-05 21:01 . 2003-07-01 17:20 421,888 --a------ i:\windows\system32\NCTAudioTransform2.dll
2009-03-05 21:01 . 2004-10-01 11:07 389,120 --a------ i:\windows\system32\actskn43.ocx
2009-03-05 21:01 . 2003-07-01 17:23 335,872 --a------ i:\windows\system32\NCTAudioVisualization2.dll
2009-03-05 21:01 . 2003-07-01 17:17 315,392 --a------ i:\windows\system32\NCTAudioPlayer2.dll
2009-03-05 21:01 . 2003-07-01 17:19 307,200 --a------ i:\windows\system32\NCTAudioRecord2.dll
2009-03-05 21:01 . 2004-05-20 12:58 270,336 --a------ i:\windows\system32\NCTAudioDisplay2.dll
2009-03-05 21:01 . 2002-03-18 15:18 221,184 --a------ i:\windows\system32\lame_enc.dll
2009-03-05 21:01 . 1999-10-30 01:00 167,936 --a------ i:\windows\system32\ccrpftv6.ocx
2009-03-05 21:01 . 2003-11-17 12:49 154,624 --a------ i:\windows\system32\fmod.dll
2009-03-05 21:01 . 2003-06-26 18:38 94,208 --a------ i:\windows\system32\id3v23x.dll
2009-03-05 20:58 . 2009-03-05 20:58 136,192 --a------ i:\windows\system32\msvidctl.oca
2009-03-05 20:58 . 2009-03-05 20:58 62,464 --a------ i:\windows\system32\mswebdvd.oca
2009-03-05 20:57 . 2009-03-05 20:57 16,896 --a------ i:\windows\system32\MICRecorderAX.oca
2009-03-05 20:56 . 2009-03-05 20:56 <DIR> d-------- i:\program files\MIC Recorder ActiveX
2009-03-05 15:32 . 2009-03-06 23:26 <DIR> d-------- i:\documents and settings\Gierek\Application Data\gtk-2.0
2009-03-05 15:32 . 2009-03-05 15:32 <DIR> d-------- i:\documents and settings\Gierek\.thumbnails
2009-03-05 15:31 . 2009-03-05 15:31 <DIR> d-------- i:\temp\fontconfig
2009-03-05 15:31 . 2009-03-05 15:31 <DIR> d-------- i:\program files\GIMP-2.0
2009-03-05 15:31 . 2009-03-07 21:09 <DIR> d-------- i:\documents and settings\Gierek\.gimp-2.6
2009-03-05 15:31 . 2009-03-05 15:31 <DIR> d-------- i:\documents and settings\Gierek\.gegl-0.0
2009-03-05 15:08 . 2009-03-05 15:27 <DIR> d-------- i:\program files\PhotoScape
2009-03-05 15:06 . 2009-03-07 21:33 <DIR> d-------- i:\temp\IXP000.TMP
2009-03-05 15:06 . 2009-03-05 15:06 <DIR> d-------- i:\documents and settings\Gierek\Application Data\Thinstall
2009-03-05 13:26 . 2009-03-06 11:49 265,728 --a------ i:\windows\system32\MSCOMCTL.oca
2009-03-05 13:26 . 2009-03-06 11:48 64,000 --a------ i:\windows\system32\Richtx32.oca
2009-03-05 13:26 . 2009-03-06 11:48 43,008 --a------ i:\windows\system32\tabctl32.oca
2009-03-05 13:26 . 2009-03-05 13:26 22,016 --a------ i:\windows\system32\MSWINSCK.oca
2009-03-04 21:59 . 2009-03-04 21:59 <DIR> d-------- i:\program files\SopCast
2009-03-04 20:03 . 2009-03-04 20:03 <DIR> d-------- i:\documents and settings\Gierek\Application Data\HP
2009-03-04 20:02 . 2009-03-04 20:02 <DIR> d-------- i:\documents and settings\All Users\Application Data\WEBREG
2009-03-04 19:58 . 2009-03-04 19:58 <DIR> d-------- i:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-03-04 19:58 . 2007-03-28 14:01 117,760 --a------ i:\windows\system32\hpzll5ha.dll
2009-03-04 19:54 . 2009-03-04 19:54 <DIR> d-------- i:\documents and settings\Gierek\Application Data\HPAppData
2009-03-04 19:54 . 2009-03-04 19:54 <DIR> d-------- i:\documents and settings\All Users\Application Data\HPSSUPPLY
2009-03-04 19:53 . 2009-03-04 19:53 <DIR> d-------- i:\program files\Common Files\HP
2009-03-04 19:53 . 2009-03-04 19:53 <DIR> d-------- i:\documents and settings\All Users\Application Data\HP Product Assistant
2009-03-04 19:53 . 2009-03-04 19:53 <DIR> d-------- i:\documents and settings\All Users\Application Data\HP
2009-03-04 19:52 . 2009-03-04 19:54 <DIR> d-------- i:\program files\HP
2009-03-04 19:52 . 2009-03-04 19:52 <DIR> d-------- i:\program files\Hewlett-Packard
2009-03-04 19:52 . 2009-03-04 19:52 <DIR> d-------- i:\program files\Common Files\Hewlett-Packard
2009-03-04 19:52 . 2007-03-18 07:11 675,840 --a------ i:\windows\system32\hpowiax3.dll
2009-03-04 19:52 . 2007-03-18 07:11 569,344 --a------ i:\windows\system32\hpotscl3.dll
2009-03-04 19:52 . 2007-03-08 20:20 364,544 --a------ i:\windows\system32\hppldcoi.dll
2009-03-04 19:52 . 2007-03-08 20:20 309,760 --a------ i:\windows\system32\difxapi.dll
2009-03-04 19:52 . 2007-03-18 07:11 303,104 --a------ i:\windows\system32\hpovst10.dll
2009-03-04 19:52 . 2007-03-31 06:07 267,864 --a------ i:\windows\system32\hpzids01.dll
2009-03-04 19:52 . 2007-03-08 20:20 49,920 --a------ i:\windows\system32\drivers\HPZid412.sys
2009-03-04 19:52 . 2004-08-03 23:01 25,856 --a------ i:\windows\system32\drivers\usbprint.sys
2009-03-04 19:52 . 2004-08-03 23:01 25,856 --a--c--- i:\windows\system32\dllcache\usbprint.sys
2009-03-04 19:52 . 2007-03-08 20:20 21,568 --a------ i:\windows\system32\drivers\HPZius12.sys
2009-03-04 19:52 . 2007-03-08 20:20 16,496 --a------ i:\windows\system32\drivers\HPZipr12.sys
2009-03-04 19:51 . 2009-03-04 19:59 141,048 --a------ i:\windows\hpoins14.dat
2009-03-04 19:51 . 2007-09-20 16:56 2,000 --------- i:\windows\hpomdl14.dat
2009-03-04 19:50 . 2009-03-07 21:33 <DIR> d-------- i:\temp\7zS85.tmp
2009-03-04 07:05 . 2009-03-04 07:06 <DIR> d-------- i:\temp\plugtmp-15
2009-03-01 19:18 . 2009-03-01 20:16 <DIR> d-------- i:\temp\plugtmp-14
2009-03-01 11:31 . 2009-03-01 11:50 <DIR> d-------- i:\temp\ge1460
2009-03-01 11:22 . 2009-03-07 18:49 <DIR> d-------- i:\documents and settings\All Users\Application Data\Google Updater
2009-02-23 06:40 . 2009-03-07 21:33 <DIR> d-------- i:\temp\plugtmp-13
2009-02-22 09:09 . 2009-03-07 21:33 <DIR> d-------- i:\temp\plugtmp-12
2009-02-21 14:51 . 2009-02-21 14:59 <DIR> d-------- i:\temp\plugtmp-11
2009-02-16 06:46 . 2009-02-16 06:47 <DIR> d-------- i:\temp\plugtmp-10
2009-02-13 17:39 . 2009-02-13 17:46 <DIR> d-------- i:\temp\ge1948
2009-02-11 20:51 . 2009-02-12 15:44 <DIR> d-------- i:\documents and settings\Gierek\Application Data\Nowe Gadu-Gadu
2009-02-11 20:50 . 2009-02-11 20:50 <DIR> d-------- i:\program files\Nowe Gadu-Gadu
2009-02-10 20:01 . 2009-02-10 20:01 <DIR> d-------- i:\temp\Adobe
2009-02-08 21:37 . 2009-03-07 21:33 <DIR> d-------- i:\temp\plugtmp-9
2009-02-07 19:23 . 2009-02-07 19:23 <DIR> d-------- i:\program files\Onet
2009-02-07 19:23 . 2009-02-07 19:23 <DIR> d-------- i:\program files\Common Files\Onet.pl
2009-02-07 19:23 . 2009-02-07 19:50 <DIR> d-------- i:\documents and settings\Gierek\Application Data\Kamerzysta
2009-02-07 19:23 . 2009-02-07 19:23 <DIR> d-------- i:\documents and settings\Gierek\Application Data\AutoUpdate
2009-02-07 09:04 . 2009-03-07 21:32 <DIR> d-------- i:\program files\Steam
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 20:33 --------- d-----w i:\program files\FlashGet
2009-03-07 20:33 --------- d-----w i:\program files\Common Files\Symantec Shared
2009-03-07 20:33 --------- d-----w i:\documents and settings\Gierek\Application Data\StarOffice8
2009-03-07 20:33 --------- d-----w i:\documents and settings\Gierek\Application Data\Hamachi
2009-03-07 09:34 --------- d-----w i:\program files\Gadu-Gadu
2009-03-06 17:21 --------- d-----w i:\program files\Norton Internet Security
2009-03-06 16:59 --------- d-----w i:\program files\Symantec
2009-03-01 10:23 --------- d-----w i:\program files\Google
2009-02-18 17:51 --------- d-----w i:\program files\Football Superstars
2009-01-31 16:11 --------- d-----w i:\documents and settings\Gierek\Application Data\Corel
2009-01-31 13:20 --------- d-----w i:\program files\AIDA32 - Enterprise System Information
2009-01-31 13:10 --------- d-----w i:\program files\Lavalys
2009-01-30 15:34 --------- d-----w i:\program files\NETPLUS
2009-01-30 15:15 25,280 ----a-w i:\windows\system32\drivers\hamachi.sys
2009-01-30 15:15 --------- d-----w i:\program files\Hamachi
2009-01-29 11:55 --------- d-----w i:\documents and settings\Gierek\Application Data\Apple Computer
2009-01-28 22:10 --------- d-----w i:\program files\PartyGaming
2009-01-27 23:50 --------- d-----w i:\program files\Budzik
2009-01-07 16:14 --------- d-----w i:\program files\QuickTime
2009-01-07 16:14 --------- d-----w i:\program files\iTunes
2009-01-07 16:14 --------- d-----w i:\program files\iPod
2009-01-07 16:14 --------- d-----w i:\program files\Common Files\Apple
2009-01-07 16:14 --------- d-----w i:\program files\Bonjour
2009-01-07 16:14 --------- d-----w i:\documents and settings\All Users\Application Data\Apple Computer
2009-01-07 16:14 --------- d-----w i:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-07 16:13 --------- d-----w i:\program files\Apple Software Update
2009-01-07 16:13 --------- d-----w i:\documents and settings\All Users\Application Data\Apple
.
------- Sigcheck -------
2005-05-25 20:07 359936 63fdfea54eb53de2d863ee454937ce1e i:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 i:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2006-08-24 13:00 359040 9f4b36614a0fc234525ba224957de55c i:\windows\$NtUninstallKB893066$\tcpip.sys
2005-05-25 20:04 359808 88763a98a4c26c409741b4aa162720c9 i:\windows\$NtUninstallKB917953$\tcpip.sys
2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 i:\windows\system32\dllcache\tcpip.sys
2006-04-20 12:51 359808 b4e29943b4b04bd5e7381546848e6669 i:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="i:\windows\system32\ctfmon.exe" [2006-08-24 15360]
"Gadu-Gadu"="i:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"WMPNSCFG"="i:\program files\Windows Media Player\WMPNSCFG.exe" [2006-12-01 204288]
"MSMSGS"="i:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Steam"="i:\program files\steam\steam.exe" [2009-02-07 1410296]
"Nowe Gadu-Gadu"="i:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-06 9302632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="i:\windows\system32\NvCpl.dll" [2006-08-24 7618560]
"ehTray"="i:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ccApp"="i:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-08-24 52848]
"XboxStat"="i:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"Flashget"="i:\program files\FlashGet\flashget.exe" [2007-09-25 2007088]
"CloneCDTray"="i:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"QuickTime Task"="i:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="i:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"TkBellExe"="i:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-27 180269]
"HP Software Update"="i:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"nwiz"="nwiz.exe" [2006-08-24 i:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-08-24 i:\windows\system32\nvmctray.dll]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 i:\windows\system32\HdAShCut.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="i:\windows\system32\CTFMON.EXE" [2006-08-24 15360]
i:\documents and settings\Gierek\Start Menu\Programs\Startup\
Budzik.lnk - i:\program files\Budzik\budzik.exe [2004-08-29 24576]
hamachi.lnk - i:\program files\Hamachi\hamachi.exe [2009-01-30 625952]
StarOffice 8.lnk - i:\program files\Sun\StarOffice 8\program\quickstart.exe [2006-01-25 122880]
i:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - i:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=arzlnb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"i:\\Program Files\\FlashGet\\flashget.exe"=
"i:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"i:\\Program Files\\iTunes\\iTunes.exe"=
"h:\\totalcmd\\TOTALCMD.EXE"=
"i:\\Program Files\\Football Superstars\\FSPatchR.exe"=
"i:\\Program Files\\Football Superstars\\FSClientr.exe"=
"i:\\Program Files\\Steam\\steamapps\\gierek_g\\team fortress 2\\hl2.exe"=
"i:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"i:\\Program Files\\Steam\\Steam.exe"=
"i:\\Program Files\\Gadu-Gadu\\gg.exe"=
"i:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"i:\\Program Files\\SopCast\\SopCast.exe"=
"i:\\Program Files\\Microsoft Visual Studio\\VB98\\VB6.EXE"=
R0 xfilt;VIA SATA IDE Hot-plug Driver;i:\windows\system32\drivers\xfilt.sys [2006-08-24 11264]
R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;i:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2009-03-06 100032]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;i:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-06 101936]
S2 gupdate1c9860bf614da36;Google Update Service (gupdate1c9860bf614da36);i:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
--- Inne Usługi/Sterowniki w Pamięci ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Zawartość folderu 'Zaplanowane zadania'
2009-02-26 i:\windows\Tasks\AppleSoftwareUpdate.job
- i:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-03-07 i:\windows\Tasks\Google Software Updater.job
- i:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-01 11:22]
2009-03-07 i:\windows\Tasks\GoogleUpdateTaskMachine.job
- i:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 15:30]
2009-03-06 i:\windows\Tasks\Norton AntiVirus - Uruchom pełne skanowanie systemu - Gierek.job
- i:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2007-05-28 12:00]
2009-03-04 i:\windows\Tasks\WebReg Deskjet F4100 series.job
- i:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 21:27]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
BHO-{98d9f956-5caf-4a4a-b0c4-e8dd8d971c11} - i:\windows\system32\arzlnb.dll
BHO-{B3BED5FC-AC74-443D-B2C0-9541B574A8A0} - i:\windows\system32\yayaWQjK.dll
HKLM-Run-Onet.pl AutoUpdate - i:\program files\Common Files\Onet.pl\NewAutoUpdate.exe
HKU-Default-RunOnce-Second run install - i:\install\2ndrun.bat
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.onet.pl
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - i:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - i:\program files\FlashGet\jc_link.htm
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - i:\program files\PartyGaming\PartyCasino\RunApp.exe
FF - ProfilePath - i:\documents and settings\Gierek\Application Data\Mozilla\Firefox\Profiles\3gidc7lo.default\
FF - plugin: i:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: i:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: i:\program files\Java\jre1.5.0_08\bin\NPJava11.dll
FF - plugin: i:\program files\Java\jre1.5.0_08\bin\NPJava12.dll
FF - plugin: i:\program files\Java\jre1.5.0_08\bin\NPJava13.dll
FF - plugin: i:\program files\Java\jre1.5.0_08\bin\NPJava14.dll
FF - plugin: i:\program files\Java\jre1.5.0_08\bin\NPJava32.dll
FF - plugin: i:\program files\Java\jre1.5.0_08\bin\NPJPI150_08.dll
FF - plugin: i:\program files\Java\jre1.5.0_08\bin\NPOJI610.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-07 21:33:48
Windows 5.1.2600 Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
i:\program files\Common Files\Symantec Shared\ccSetMgr.exe
i:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
i:\program files\Common Files\Symantec Shared\ccProxy.exe
i:\program files\Common Files\Symantec Shared\SNDSrvc.exe
i:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
i:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
i:\windows\system32\rundll32.exe
i:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
i:\program files\Bonjour\mDNSResponder.exe
i:\windows\ehome\ehrecvr.exe
i:\windows\ehome\ehSched.exe
i:\program files\CDBurnerXP\NMSAccessU.exe
i:\windows\system32\nvsvc32.exe
i:\windows\ehome\mcrdsvc.exe
i:\program files\Windows Media Player\wmpnetwk.exe
i:\program files\iPod\bin\iPodService.exe
i:\windows\ehome\ehmsas.exe
i:\windows\system32\dllhost.exe
i:\program files\HP\Digital Imaging\bin\hpqste08.exe
i:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
i:\progra~1\Symantec\LIVEUP~1\LuComServer_3_0.EXE
.
**************************************************************************
.
Czas ukończenia: 2009-03-07 21:36:03 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-03-07 20:36:00
Przed: 174 920 527 872 bytes free
Po: 175,510,990,848 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
h:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
305
Hijack:
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:48:25, on 2009-03-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
I:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
I:\Program Files\Common Files\Symantec Shared\ccProxy.exe
I:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
I:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
I:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Google\Update\GoogleUpdate.exe
I:\WINDOWS\system32\RunDLL32.exe
I:\WINDOWS\ehome\ehtray.exe
I:\Program Files\Common Files\Symantec Shared\ccApp.exe
I:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
I:\Program Files\iTunes\iTunesHelper.exe
I:\Program Files\Common Files\Real\Update_OB\realsched.exe
I:\Program Files\HP\HP Software Update\HPWuSchd2.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Gadu-Gadu\gg.exe
I:\Program Files\Windows Media Player\WMPNSCFG.exe
I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\Program Files\Bonjour\mDNSResponder.exe
I:\WINDOWS\eHome\ehRecvr.exe
I:\WINDOWS\eHome\ehSched.exe
I:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\CDBurnerXP\NMSAccessU.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\WINDOWS\eHome\ehmsas.exe
I:\WINDOWS\system32\dllhost.exe
I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
I:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
I:\WINDOWS\system32\wuauclt.exe
I:\WINDOWS\explorer.exe
I:\WINDOWS\system32\notepad.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\WINDOWS\system32\wuauclt.exe
I:\WINDOWS\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\update\update.exe
I:\Program Files\Messenger\msmsgs.exe
I:\Documents and Settings\Gierek\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - I:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - I:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - I:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - I:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - I:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - I:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - I:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - I:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ehTray] I:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ccApp] "I:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [XboxStat] "i:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [Flashget] I:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [CloneCDTray] "I:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] I:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "I:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] I:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "i:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "I:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Budzik.lnk = I:\Program Files\Budzik\budzik.exe
O4 - Startup: hamachi.lnk = I:\Program Files\Hamachi\hamachi.exe
O4 - Startup: StarOffice 8.lnk = I:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download All with FlashGet - I:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - I:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - I:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - I:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - I:\Program Files\PartyGaming\PartyCasino\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - I:\Program Files\PartyGaming\PartyCasino\RunApp.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - I:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - I:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - I:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - I:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.vobis.pl/
O20 - AppInit_DLLs: arzlnb.dll
O23 - Service: Apple Mobile Device - Apple Inc. - I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - I:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - I:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Update Service (gupdate1c9860bf614da36) (gupdate1c9860bf614da36) - Google Inc. - I:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - I:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - I:\PROGRA~1\Symantec\LIVEUP~1\LuComServer_3_0.EXE
O23 - Service: Usluga Auto-Protect programu Norton AntiVirus (navapsvc) - Symantec Corporation - I:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NMSAccessU - Unknown owner - I:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Usługa Norton Protection Center (NSCService) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - I:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - I:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 10870 bytes
