Antywirus(Panda) i błędy- log


(Evdion) #1

Witam, zaczne od tego ze uzywałem "wujka google" oraz opcji szukaj na forum, ale nic. Moj problem polega na tym iż ostatnio cos zaczeło mi sie dziac z antywirusem (Panda Antyvirus Pro 2009, orginalna) a mianowicie wyskakiwał dziwny błąd o nazwie TSV lub podobne teraz juz nie pamiętam bo to było nic i znikło, reinstal pomagał wczesniej ale nie tym razem. Jakies 2-3 dni temu wyskoczył mi ten błąd pomyslałem sobie ze przeinstaluje antywirusa potem, dzis włączam komputer i seria roznych błędow w tym ten, i kompter kilka razy sie resetował po czmy zaczoł działac ale tez nie dokonca normalnie panda sie wyłączyła. Po usunieciu pandy wszystko było ok ale jak ja zainstalowałem to znowu to samo. Jak klikam na pande pojawia sie taki błąd (niestety to jedyny ktory uchwyciłem :? ) oto on: http://img131.imageshack.us/img131/6933/pandax.jpg zapomniałem wczesniej napisac ze ten błąd "TSV" wyłączał mi funkcje Antywirusa w Pandzie. Proszę o pomoc bo to mnie przerosło a na tyle sie nie znam zeby to samemu naprawic, z góry dziekuje za wszelką pomoc.


(Azazel33) #2

Wrzuc loga z HijackThis.


(Evdion) #3

W tym problem że jak klikam na ikonke HijackThis to nic sie nie dzieje


(@Blade@) #4

Spróbuj przeskanować http://dobreprogramy.pl/index.php?dz=2& ... ware+1.36/ - usuń wszystko co znajdzie i daj log


(Evdion) #5

To jest log z Malwarebytes Anti-Malware po skanowaniu.

Malwarebytes' Anti-Malware 1.36

Wersja bazy definicji: 2001

Windows 5.1.2600 Dodatek Service Pack 3


2009-04-18 19:40:58

mbam-log-2009-04-18 (19-40-58).txt


Typ skanowania: Szybkie skanowanie

Przeskanowane obiekty: 76739

Upłynęło: 3 minute(s), 42 second(s)


Zainfekowane procesy w pamięci: 2

Zainfekowane moduły pamięci: 1

Zainfekowane klucze rejestru: 91

Zainfekowane wartości rejestru: 2

Zainfekowane pliki rejestru: 7

Zainfekowane foldery: 0

Zainfekowane pliki: 6


Zainfekowane procesy w pamięci:

C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.

C:\Documents and Settings\xx\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.


Zainfekowane moduły pamięci:

C:\WINDOWS\system32\amstreamt.dll (Trojan.Vundo) -> Delete on reboot.


Zainfekowane klucze rejestru:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGNT.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGUARD.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.


Zainfekowane wartości rejestru:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.


Zainfekowane pliki rejestru:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digiwet.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.84 85.255.112.175 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.84 85.255.112.175 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.84 85.255.112.175 -> Quarantined and deleted successfully.


Zainfekowane foldery:

(Nie wykryto groźnych plików)


Zainfekowane pliki:

C:\Documents and Settings\xx\reader_s.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\reader_s.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\amstreamt.dll (Trojan.Vundo) -> Delete on reboot.

C:\Documents and Settings\xx\Ustawienia lokalne\Temp\pdfupd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\digiwet.dll (Trojan.Agent) -> Quarantined and deleted successfully.

-- Dodane 18.04.2009 (So) 19:50 -- Program pomógł dzieki niemu zadziałał HijackThis oto log z Hijack'a

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:48:23, on 2009-04-18

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe

C:\WINDOWS\V0220Mon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Opera\opera.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

X:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.counter-strike.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha1.dll

O3 - Toolbar: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe

O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe

O4 - HKCU\..\Run: [Steam] "x:\program files\steam\steam.exe" -silent

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Download all links using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm

O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL

O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - C:\WINDOWS\system32\EZTOOL~1.DLL

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\SYSTEM32\comglt32a.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Logowanie do sieci Netlogon LM Service (Netlogon LM Service) - Unknown owner - C:\WINDOWS\system32\actskin4o.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe


--

End of file - 11786 bytes

(@Blade@) #6

Użyj jeszcze raz Malwarebytes Anti-Malware, tylko wykonaj pełne skanowanie


(niezDarek) #7

usuń HijackThis'em wpisy:


(Evdion) #8

Pousuwałem to ale jak dzis zainstalowałem pande i chciałem ją uruchomic to wyskoczył ten sam błąd http://img131.imageshack.us/img131/6933/pandax.jpg


(Agatonster) #9

Evdion ,

Proszę zapoznać się z tematem Ważny komunikat dotyczący tytułowania tematów i poprawić tytuł na konkretny, mówiący o problemie. W celu dokonania zaleconej korekty - proszę użyć przycisku Edytuj przy poście otwierającym ten temat.

W związku ze zmianą, jaka obowiązuje przy wklejaniu logów na forum - przeczytaj i zastosuj się do Tematu

Zignorowanie zalecenia będzie skutkowało usunięciem tematu do Kosza.


(system) #10

Daj log z Combofix :slight_smile:


(@Blade@) #11

Wykonałeś to? Jeśli tak pokaż log


(Evdion) #12

To jest jak przeskanuje płyte z panda a jak przeskanuje normalnie czyli bez płyty to nic :-/ jeszcze wrzuce potem loga z combofix

Malwarebytes' Anti-Malware 1.36

Wersja bazy definicji: 2001

Windows 5.1.2600 Dodatek Service Pack 3


2009-04-18 22:55:12

mbam-log-2009-04-18 (22-55-12).txt


Typ skanowania: Pełne skanowanie (E:\|)

Przeskanowane obiekty: 71443

Upłynęło: 1 minute(s), 51 second(s)


Zainfekowane procesy w pamięci: 0

Zainfekowane moduły pamięci: 0

Zainfekowane klucze rejestru: 91

Zainfekowane wartości rejestru: 0

Zainfekowane pliki rejestru: 3

Zainfekowane foldery: 0

Zainfekowane pliki: 0


Zainfekowane procesy w pamięci:

(Nie wykryto groźnych plików)


Zainfekowane moduły pamięci:

(Nie wykryto groźnych plików)


Zainfekowane klucze rejestru:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGNT.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGUARD.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.


Zainfekowane wartości rejestru:

(Nie wykryto groźnych plików)


Zainfekowane pliki rejestru:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.


Zainfekowane foldery:

(Nie wykryto groźnych plików)


Zainfekowane pliki:

(Nie wykryto groźnych plików)

I log z combofix

ComboFix 09-04-19.05 - xx 2009-04-19 21:38.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2047.1564 [GMT 2:00]

Uruchomiony z: c:\documents and settings\xx\Pulpit\HJ\ComboFix.exe

.


((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.


c:\windows\system32\actskin4f.exe

c:\windows\system32\actskin4o.exe

c:\windows\system32\digiwet.dll

.

---- Poprzednie uruchomienie -------

.

c:\windows\IE4 Error Log.txt


.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.


-------\Legacy_NETLOGON_LM_SERVICE

-------\Service_AudioSrvstisvc

-------\Service_Netlogon LM Service



((((((((((((((((((((((((( Pliki utworzone od 2009-03-19 do 2009-04-19 )))))))))))))))))))))))))))))))

.


2009-04-18 17:34 . 2009-04-18 17:34	--------	d-----w	c:\documents and settings\xx\Dane aplikacji\Malwarebytes

2009-04-18 17:34 . 2009-04-06 13:32	15504	----a-w	c:\windows\system32\drivers\mbam.sys

2009-04-18 17:34 . 2009-04-06 13:32	38496	----a-w	c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-18 17:34 . 2009-04-18 17:34	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Malwarebytes

2009-04-18 12:15 . 2008-04-14 17:21	116736	-c--a-w	c:\windows\system32\dllcache\xrxwiadr.dll

2009-04-18 12:15 . 2001-10-26 15:29	23040	-c--a-w	c:\windows\system32\dllcache\xrxwbtmp.dll

2009-04-18 12:15 . 2008-04-14 17:21	18944	-c--a-w	c:\windows\system32\dllcache\xrxscnui.dll

2009-04-18 12:15 . 2001-10-26 15:30	27648	-c--a-w	c:\windows\system32\dllcache\xrxftplt.exe

2009-04-18 12:15 . 2001-10-26 15:30	4608	-c--a-w	c:\windows\system32\dllcache\xrxflnch.exe

2009-04-18 12:15 . 2001-08-18 04:37	99865	-c--a-w	c:\windows\system32\dllcache\xlog.exe

2009-04-18 12:15 . 2001-08-17 18:11	16970	-c--a-w	c:\windows\system32\dllcache\xem336n5.sys

2009-04-18 12:15 . 2004-08-03 20:29	19455	-c--a-w	c:\windows\system32\dllcache\wvchntxx.sys

2009-04-18 12:15 . 2004-08-03 20:29	12063	-c--a-w	c:\windows\system32\dllcache\wsiintxx.sys

2009-04-18 12:15 . 2008-04-14 17:21	8192	-c--a-w	c:\windows\system32\dllcache\wshirda.dll

2009-04-18 12:13 . 2001-08-17 18:13	19016	-c--a-w	c:\windows\system32\dllcache\w926nd.sys

2009-04-18 12:12 . 2001-08-17 19:28	794654	-c--a-w	c:\windows\system32\dllcache\usr1801.sys

2009-04-18 12:11 . 2001-08-17 19:48	11520	-c--a-w	c:\windows\system32\dllcache\twotrack.sys

2009-04-18 12:10 . 2001-08-17 18:51	138528	-c--a-w	c:\windows\system32\dllcache\tgiulnt5.sys

2009-04-18 12:09 . 2001-08-17 19:50	103936	-c--a-w	c:\windows\system32\dllcache\sx.sys

2009-04-18 12:08 . 2001-08-17 19:56	7552	-c--a-w	c:\windows\system32\dllcache\sonypvu1.sys

2009-04-18 12:07 . 2001-10-26 15:29	28160	-c--a-w	c:\windows\system32\dllcache\sm91w.dll

2009-04-18 12:06 . 2001-10-26 15:29	386560	-c--a-w	c:\windows\system32\dllcache\sgiul50.dll

2009-04-18 12:05 . 2001-08-17 18:50	61504	-c--a-w	c:\windows\system32\dllcache\s3sav3dm.sys

2009-04-18 12:04 . 2001-08-17 19:51	19584	-c--a-w	c:\windows\system32\dllcache\rasirda.sys

2009-04-18 12:03 . 2001-10-26 15:29	35328	-c--a-w	c:\windows\system32\dllcache\psisload.dll

2009-04-18 12:02 . 2001-08-17 18:11	35328	-c--a-w	c:\windows\system32\dllcache\pcntpci5.sys

2009-04-18 12:01 . 2001-10-26 14:55	54570	-c--a-w	c:\windows\system32\dllcache\otcsercb.sys

2009-04-18 12:00 . 2001-10-26 15:29	60480	-c--a-w	c:\windows\system32\dllcache\neo20xx.dll

2009-04-18 11:59 . 2001-08-17 19:48	12416	-c--a-w	c:\windows\system32\dllcache\msriffwv.sys

2009-04-18 11:58 . 2001-08-17 19:52	7424	-c--a-w	c:\windows\system32\dllcache\mammoth.sys

2009-04-18 11:57 . 2001-08-17 19:49	26624	-c--a-w	c:\windows\system32\dllcache\irstusb.sys

2009-04-18 11:57 . 2001-08-17 19:51	18688	-c--a-w	c:\windows\system32\dllcache\irsir.sys

2009-04-18 11:57 . 2008-04-14 17:20	28672	-c--a-w	c:\windows\system32\dllcache\irmon.dll

2009-04-18 11:57 . 2008-04-14 17:21	152064	-c--a-w	c:\windows\system32\dllcache\irftp.exe

2009-04-18 11:57 . 2001-08-17 19:49	23552	-c--a-w	c:\windows\system32\dllcache\irmk7.sys

2009-04-18 11:57 . 2008-04-13 18:54	88192	-c--a-w	c:\windows\system32\dllcache\irda.sys

2009-04-18 11:57 . 2001-08-17 18:12	45632	-c--a-w	c:\windows\system32\dllcache\ip5515.sys

2009-04-18 11:57 . 2001-10-26 15:29	90200	-c--a-w	c:\windows\system32\dllcache\io8ports.dll

2009-04-18 11:57 . 2001-08-17 19:50	38784	-c--a-w	c:\windows\system32\dllcache\io8.sys

2009-04-18 11:57 . 2008-04-14 16:16	5504	-c--a-w	c:\windows\system32\dllcache\intelide.sys

2009-04-18 11:57 . 2001-10-26 14:46	13312	-c--a-w	c:\windows\system32\dllcache\inport.sys

2009-04-18 11:57 . 2001-08-17 19:52	16000	-c--a-w	c:\windows\system32\dllcache\ini910u.sys

2009-04-18 11:55 . 2001-08-17 19:28	488383	-c--a-w	c:\windows\system32\dllcache\hsf_v124.sys

2009-04-18 11:54 . 2001-08-17 19:52	5760	-c--a-w	c:\windows\system32\dllcache\hpt4qic.sys

2009-04-18 11:53 . 2001-10-26 15:01	17536	-c--a-w	c:\windows\system32\dllcache\gpr400.sys

2009-04-18 11:52 . 2001-08-17 18:10	22090	-c--a-w	c:\windows\system32\dllcache\fem556n5.sys

2009-04-18 11:51 . 2001-10-26 15:29	53760	-c--a-w	c:\windows\system32\dllcache\eqndiag.exe

2009-04-18 11:50 . 2001-08-17 18:20	334208	-c--a-w	c:\windows\system32\dllcache\ds1wdm.sys

2009-04-18 11:49 . 2001-10-26 15:29	65622	-c--a-w	c:\windows\system32\dllcache\digiasyn.dll

2009-04-18 11:48 . 2001-08-17 18:19	6912	-c--a-w	c:\windows\system32\dllcache\ctlfacem.sys

2009-04-18 11:47 . 2001-10-26 14:53	13952	-c--a-w	c:\windows\system32\dllcache\bulltlp3.sys

2009-04-18 11:46 . 2001-10-26 15:29	37376	-c--a-w	c:\windows\system32\dllcache\atievxx.exe

2009-04-17 19:39 . 2009-04-18 10:01	213120	-c----w	c:\windows\system32\dllcache\ndis.sys

2009-04-17 19:35 . 2009-04-18 17:43	32	--s-a-w	c:\windows\system32\3568508606.dat

2009-04-12 09:18 . 2009-01-09 19:19	1089883	-c----w	c:\windows\system32\dllcache\ntprint.cat

2009-04-11 12:05 . 2009-04-11 12:05	--------	d-sh--w	c:\documents and settings\LocalService\IETldCache

2009-04-11 10:23 . 2009-04-11 10:23	--------	d-sh--w	c:\documents and settings\xx\PrivacIE

2009-04-11 10:19 . 2009-04-11 10:19	--------	d-sh--w	c:\documents and settings\xx\IETldCache

2009-04-11 10:02 . 2009-04-11 10:02	--------	d-----w	c:\windows\ie8updates

2009-04-11 09:59 . 2009-04-11 10:01	--------	dc-h--w	c:\windows\ie8

2009-04-11 09:54 . 2009-02-28 04:55	105984	-c----w	c:\windows\system32\dllcache\iecompat.dll

2009-04-11 08:21 . 2006-06-29 11:07	14048	------w	c:\windows\system32\spmsg2.dll

2009-04-11 08:13 . 2009-04-11 08:21	--------	d-----w	c:\windows\system32\XPSViewer

2009-04-11 08:11 . 2008-07-06 12:06	89088	-c----w	c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-04-11 08:11 . 2008-07-06 12:06	575488	-c----w	c:\windows\system32\dllcache\xpsshhdr.dll

2009-04-11 08:11 . 2008-07-06 12:06	575488	------w	c:\windows\system32\xpsshhdr.dll

2009-04-11 08:11 . 2008-07-06 12:06	117760	------w	c:\windows\system32\prntvpt.dll

2009-04-11 08:11 . 2008-07-06 10:50	597504	-c----w	c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-04-11 08:11 . 2008-07-06 12:06	1676288	-c----w	c:\windows\system32\dllcache\xpssvcs.dll

2009-04-11 08:11 . 2008-07-06 12:06	1676288	------w	c:\windows\system32\xpssvcs.dll

2009-04-11 08:11 . 2009-04-11 10:17	--------	d-----w	c:\windows\SxsCaPendDel

2009-04-10 13:25 . 2009-04-10 13:25	--------	d-----w	c:\documents and settings\xx\Dane aplikacji\InstallShield Installation Information

2009-03-30 18:56 . 2009-04-14 08:18	43520	----a-w	c:\windows\system32\CmdLineExt03.dll


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-19 18:45 . 2007-02-12 20:23	--------	d-----w	c:\documents and settings\xx\Dane aplikacji\foobar2000

2009-04-19 09:27 . 2006-03-02 12:00	89874	----a-w	c:\windows\system32\perfc015.dat

2009-04-19 09:27 . 2006-03-02 12:00	503306	----a-w	c:\windows\system32\perfh015.dat

2009-04-19 09:23 . 2009-02-14 13:05	--------	d-----w	c:\program files\Panda Security

2009-04-19 08:17 . 2009-04-19 08:17	--------	d-----w	c:\program files\Common Files\Panda Security

2009-04-18 17:34 . 2009-04-18 17:34	--------	d-----w	c:\program files\Malwarebytes' Anti-Malware

2009-04-18 10:01 . 2006-03-02 12:00	213120	----a-w	c:\windows\system32\drivers\ndis.sys

2009-04-13 09:53 . 2008-06-07 13:40	--------	d-----w	c:\documents and settings\xx\Dane aplikacji\U3

2009-04-11 14:41 . 2007-01-16 08:38	--------	d-----w	c:\documents and settings\xx\Dane aplikacji\Lavasoft

2009-04-11 10:27 . 2007-01-15 18:44	111304	----a-w	c:\documents and settings\xx\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-04-11 08:13 . 2008-05-20 19:15	--------	d-----w	c:\program files\MSBuild

2009-04-11 08:12 . 2009-04-11 08:12	--------	d-----w	c:\program files\Reference Assemblies

2009-04-11 07:46 . 2009-04-11 07:46	--------	d-----w	c:\program files\Windows Live Safety Center

2009-04-10 14:03 . 2007-01-15 18:49	--------	d--h--w	c:\program files\InstallShield Installation Information

2009-04-06 21:35 . 2007-01-23 20:58	--------	d-----w	c:\documents and settings\xx\Dane aplikacji\Skype

2009-04-06 20:58 . 2008-05-31 20:41	--------	d-----w	c:\documents and settings\xx\Dane aplikacji\skypePM

2009-04-04 17:54 . 2008-09-18 12:12	--------	d-----w	c:\documents and settings\xx\Dane aplikacji\mIRC

2009-04-03 12:29 . 2007-01-15 16:05	--------	d-----w	c:\program files\Java

2009-04-02 18:45 . 2007-01-17 18:18	--------	d---a-w	c:\documents and settings\All Users\Dane aplikacji\TEMP

2009-03-30 15:46 . 2007-10-02 19:43	--------	d-----w	c:\program files\Opera

2009-03-20 23:49 . 2008-06-12 12:17	49602	----a-w	C:\MP4debug.log

2009-03-19 14:51 . 2009-03-19 14:51	433844	----a-w	C:\BE kopia.jpg

2009-03-19 14:19 . 2009-03-19 14:19	105396	----a-w	C:\2008_step_up_2_the_street_021.jpg

2009-03-14 13:50 . 2009-03-14 13:50	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\VideoMach

2009-03-09 20:06 . 2008-03-15 15:19	--------	d-----w	c:\program files\Valve

2009-03-09 03:19 . 2008-12-17 12:10	410984	----a-w	c:\windows\system32\deploytk.dll

2009-03-08 02:34 . 2006-03-02 12:00	914944	----a-w	c:\windows\system32\wininet.dll

2009-03-08 02:34 . 2006-03-02 12:00	43008	----a-w	c:\windows\system32\licmgr10.dll

2009-03-08 02:33 . 2006-03-02 12:00	18944	----a-w	c:\windows\system32\corpol.dll

2009-03-08 02:33 . 2006-03-02 12:00	420352	----a-w	c:\windows\system32\vbscript.dll

2009-03-08 02:32 . 2006-03-02 12:00	72704	----a-w	c:\windows\system32\admparse.dll

2009-03-08 02:32 . 2006-03-02 12:00	71680	----a-w	c:\windows\system32\iesetup.dll

2009-03-08 02:31 . 2006-03-02 12:00	34816	----a-w	c:\windows\system32\imgutil.dll

2009-03-08 02:31 . 2006-03-02 12:00	48128	----a-w	c:\windows\system32\mshtmler.dll

2009-03-08 02:31 . 2006-03-02 12:00	45568	----a-w	c:\windows\system32\mshta.exe

2009-03-08 02:22 . 2006-03-02 12:00	156160	----a-w	c:\windows\system32\msls31.dll

2009-03-07 16:50 . 2008-05-24 22:25	--------	d-----w	c:\program files\DivX

2009-03-06 14:22 . 2006-03-02 12:00	285696	----a-w	c:\windows\system32\pdh.dll

2009-03-01 21:00 . 2009-03-01 21:00	--------	d-----w	c:\program files\QuickTime

2009-02-28 18:02 . 2007-01-15 16:14	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\nView_Profiles

2009-02-23 22:11 . 2009-02-21 10:23	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy

2009-02-21 14:50 . 2007-01-15 19:10	--------	d-----w	c:\program files\Gadu-Gadu

2009-02-21 11:12 . 2008-02-23 18:22	--------	d-----w	c:\documents and settings\xx\Dane aplikacji\teamspeak2

2009-02-09 14:07 . 2006-03-02 12:00	1847040	----a-w	c:\windows\system32\win32k.sys

2009-02-09 11:26 . 2004-08-04 00:39	2025472	----a-w	c:\windows\system32\ntkrnlpa.exe

2009-02-09 11:26 . 2006-03-02 12:00	2146816	----a-w	c:\windows\system32\ntoskrnl.exe

2009-02-09 11:25 . 2006-03-02 12:00	111104	----a-w	c:\windows\system32\services.exe

2009-02-09 10:53 . 2006-03-02 12:00	731136	----a-w	c:\windows\system32\lsasrv.dll

2009-02-09 10:53 . 2006-03-02 12:00	686592	----a-w	c:\windows\system32\advapi32.dll

2009-02-09 10:53 . 2006-03-02 12:00	401408	----a-w	c:\windows\system32\rpcss.dll

2009-02-09 10:53 . 2006-03-02 12:00	722944	----a-w	c:\windows\system32\ntdll.dll

2009-02-06 10:39 . 2006-03-02 12:00	35328	----a-w	c:\windows\system32\sc.exe

2009-02-05 09:54 . 2007-01-15 18:59	453152	----a-w	c:\windows\system32\NVUNINST.EXE

2009-02-03 19:58 . 2006-03-02 12:00	56832	----a-w	c:\windows\system32\secur32.dll

2008-05-20 16:59 . 2008-05-20 16:59	22328	----a-w	c:\documents and settings\xx\Dane aplikacji\PnkBstrK.sys

2008-05-20 16:07 . 2008-05-20 16:07	444462	----a-w	c:\program files\BDAXP.cab

2007-10-04 16:41 . 2007-10-04 16:41	127	----a-w	c:\documents and settings\xx\Ustawienia lokalne\Dane aplikacji\fusioncache.dat

2008-08-31 00:03 . 2008-08-31 00:03	32768	--sha-w	c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008083120080901\index.dat

.


------- Sigcheck -------


[7] 2006-03-02 12:00	182912	558635D3AF1C7546D26067D5D9B6959E	c:\windows\$NtServicePackUninstall$\ndis.sys

[7] 2008-04-13 19:20	182656	1DF7F42665C94B825322FAE71721130D	c:\windows\ServicePackFiles\i386\ndis.sys

[-] 2009-04-18 10:01	213120	0EB23F8C2DADF7DB524C52FCF3522FC9	c:\windows\system32\dllcache\ndis.sys

[-] 2009-04-18 10:01	213120	0EB23F8C2DADF7DB524C52FCF3522FC9	c:\windows\system32\drivers\ndis.sys

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Steam"="x:\program files\steam\steam.exe" [2009-04-18 1410296]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576]

"V0220Mon.exe"="c:\windows\V0220Mon.exe" [2006-05-16 28672]

"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]

"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]

"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-09 1657376]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-05-18 16207872]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-05-17 77824]

"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2006-05-04 2808832]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]


c:\documents and settings\All Users\Menu Start\Programy\Autostart\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2service.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArcaCheck.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arcavir.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashDisp.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashEnhcd.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashServ.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashUpd.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswUpdSv.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avcls.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz4.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz_se.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdinit.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caav.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caavguiscan.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\casecuritycenter.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccupdate.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfp.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfpupdat.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmdagent.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRWEB32.EXE]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FAMEH32.EXE]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPAVServer.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fpscan.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPWin.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav32.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsgk32st.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSMA32.EXE]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxservice.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxup.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navigator.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSTUB.EXE]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nvcc.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpost.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\preupd.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pskdr.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SfFnUp.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32arkit.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vba32ldr.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zanda.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zapro.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zlh.exe]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zoneband.dll]

"Debugger"=ntsd -d


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute	REG_MULTI_SZ autocheck autochk *\[u]0[/u]


[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Gadu-Gadu\\gg.exe"=

"c:\\Program Files\\Opera\\Opera.exe"=

"c:\\Documents and Settings\\xx\\Pulpit\\OTS\\YurOts 0.3 (Versao 8.0)0\\Yurots 0.3 Versao 0.8.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=

"d:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=

"d:\\pliki\\TC\\totalcmd\\TOTALCMD.EXE"=

"x:\\cs\\Valve\\hlds.exe"=

"x:\\cs\\Valve\\hl.exe"=

"x:\\cs\\Valve\\hltv.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"x:\\pliki\\CZG\\totalcmd\\TOTALCMD.EXE"=

"x:\\ESF DODADKI\\ESF Install Pack (ESForces.pl)\\hl.exe"=

"x:\\Program Files\\Steam\\steamapps\\common\\red orchestra\\System\\RedOrchestra.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"x:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=

"x:\\Program Files\\Steam\\steamapps\\rafalbana\\counter-strike\\hl.exe"=


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"15984:TCP"= 15984:TCP:BitComet 15984 TCP

"15984:UDP"= 15984:UDP:BitComet 15984 UDP

"21380:TCP"= 21380:TCP:BitComet 21380 TCP

"21380:UDP"= 21380:UDP:BitComet 21380 UDP

"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)

"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)

"8461:TCP"= 8461:TCP:GoD High Port

"8462:TCP"= 8462:TCP:GoD Low Port


R1 ShldDrv;Panda File Shield Driver; [x]

R2 PavProc;Panda Process Protection Driver; [x]

R3 d25fk5d1;d25fk5d1; [x]

R3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\system32\DRIVERS\tj2knd5.sys [2002-10-14 17616]

R3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\system32\DRIVERS\tj2kunic.sys [2002-10-14 69680]

R3 V0220Dev;Live! Cam Video IM;c:\windows\system32\DRIVERS\V0220Dev.sys [2006-05-24 145472]

R3 V0220Vfx;V0220Vfx;c:\windows\system32\DRIVERS\V0220Vfx.sys [2006-03-24 6272]

S0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\System32\drivers\sfsync03.sys [2005-12-06 35328]



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4154165e-3497-11dd-8a6a-0015a36ccdb7}]

\Shell\AutoRun\command - I:\LaunchU3.exe -a


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82042cfc-983f-11dd-8b20-0015a36ccdb7}]

\Shell\AutoRun\command - H:\autorun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5084F01D-458E-45EB-A6FD-692D4C9D2789}]

c:\windows\system32\msiexec.exe /qn /fpu {5084F01D-458E-45EB-A6FD-692D4C9D2789}

.

- - - - USUNIĘTO PUSTE WPISY - - - -


HKCU-Run-AQQ - c:\progra~1\WapSter\WAPSTE~1\AQQ.exe

HKLM-Run-BearShare - c:\program files\BearShare\BearShare.exe

Notify-avldr - (no file)



.

------- Skan uzupełniający -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.counter-strike.pl/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Download all links using BitComet - d:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: Download all videos using BitComet - d:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: Download link using &BitComet - d:\program files\BitComet\BitComet.exe/AddLink.htm

IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - c:\progra~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game08.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\documents and settings\xx\Dane aplikacji\Mozilla\Firefox\Profiles\n3qv1mo3.default\

FF - prefs.js: browser.startup.homepage - www.interia.pl

FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll

FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll

FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

.


**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-19 21:42

Windows 5.1.2600 Dodatek Service Pack 3 NTFS


skanowanie ukrytych procesów ...  


skanowanie ukrytych wpisów autostartu ... 


skanowanie ukrytych plików ...  


skanowanie pomyślnie ukończone

ukryte pliki: 0


**************************************************************************


[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AudioSrvstisvc]

"ImagePath"="c:\windows\system32\actskin4f.exe srv"

--


[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netlogon LM Service]

"ImagePath"="c:\windows\system32\actskin4o.exe srv"


[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\d25fk5d1]

"ImagePath"="\??\c:\docume~1\xx\USTAWI~1\Temp\70ZV50"

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------


[HKEY_USERS\S-1-5-21-2025429265-343818398-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)


[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,58,b9,ed,6f,58,

   b8,ec,3b,2e,e8,e1,00,eb,16,2b,de,03,72,bd,f4,9f,6f,60,ed,e2,63,26,f1,3f,c8,\


[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,f5,98,f8,e3,41,

   c4,e0,f7,46,47,15,b0,92,4b,c7,ef,1c,6e,78,58,0a,cf,39,31,6a,9c,d6,61,af,45,\


[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,28,fa,c8,20,b8,

   98,b9,0a,7a,45,05,fd,91,e8,6f,31,b6,da,6a,01,c9,e0,57,76,ff,7c,85,e0,43,d4,\


[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,e3,26,58,d9,63,

   dc,8e,fe,6b,65,49,6a,7e,99,74,f7,93,a4,e1,37,10,c4,8a,61,86,8c,21,01,be,91,\


[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,7b,5b,03,ba,5d,

   b9,32,77,e9,02,6c,fa,fb,1d,47,57,ab,e5,a0,29,d1,1c,d4,37,f5,1d,4d,73,a8,13,\


[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,78,73,3a,02,9d,

   4f,f6,89,50,93,e5,ab,ec,6a,4e,ab,50,f8,b5,e6,55,31,f0,a5,df,20,58,62,78,6b,\


[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,e6,14,eb,f5,63,

   c8,fa,bf,97,20,4e,9a,c7,f1,35,ee,d0,6e,02,a6,2b,13,03,6a,fb,a7,78,e6,12,2f,\


[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,32,8e,1f,b4,e8,

   40,90,17,aa,52,c6,00,84,3c,26,64,5f,1e,28,f2,fb,df,3f,ad,01,3a,48,fc,e8,04,\


[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,cc,de,7d,72,7f,

   10,77,4d,b2,46,9a,e2,1b,fe,1b,94,c8,23,b1,26,de,3a,e4,0d,f6,0f,4e,58,98,5b,\


[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,9d,0e,ad,24,72,

   82,f6,cb,37,a4,aa,c3,a6,15,56,0a,b7,53,6c,57,e8,2a,7c,b2,3d,ce,ea,26,2d,45,\


[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,a6,0c,3c,7d,00,

   e5,a1,1e,f8,31,0f,a9,5f,a0,ec,fb,fc,2b,65,06,48,b5,cf,89,2a,b7,cc,b5,b9,7f,\


[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,8b,89,f2,15,43,

   f9,47,76,05,73,21,dd,54,d8,4a,c5,df,cd,ca,a7,81,5e,55,12,6c,43,2d,1e,aa,22,\

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------


- - - - - - - > 'explorer.exe'(6444)

c:\windows\system32\nview.dll

c:\windows\system32\NVWRSPL.DLL

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll

c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_pol.nlr

c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\msiexec.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\UAService7.exe

c:\windows\system32\rundll32.exe

c:\program files\Common Files\Teleca Shared\CapabilityManager.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Czas ukończenia: 2009-04-19 21:48 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2009-04-19 19:48


Przed: 7 292 497 920 bajtów wolnych

Po: 7 194 632 192 bajtów wolnych


477	--- E O F ---	2009-04-18 08:40

(Luphis) #13

Jeżeli masz oryginalną Pandę, to zgłoś się z problemem do pomocy technicznej, na pewno pomogą.


(dethloe123) #14

Prawodopodobnie masz Viruta, ale przeskanuj komputer tym skanerem http://www.kaspersky.pl/virusscanner.html/ i daj log.

-- Dodane 23.04.2009 (Cz) 20:38 --

Najczęstsze objawy infekcji

:arrow: Przestają działać programy. Zainfekowane mogą być także pliki systemowe. Przy próbie uruchomienia programu może pojawić się błąd Aplikacja nie została właściwie zainicjowana i nie pomaga reinstalacja. Dysk twardy pracuje chociaż nic nie robimy na komputerze, dzieje się tak ponieważ pliki są w tym momencie infekowane. Można zaobserwować niepożądany ruch sieciowy i inne. W logu HijackThis zobaczymy na przykład takie wpisy:

O4 - HKLM..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe

Ten właśnie wpis usunął ci Malwarebytes' :!: