Bardzo wolny internet


(Darek Dar) #1

Witam prosze o sprawdzenie loga poniewarz kasperski znalaz na dysku 9 wirusów i 18 infekcji. Program który jest zainstalowany nie usuwa lecz one ponownie wracaja. Mam 6megowe łącze a strony się bardzo wolno włączaja i skayp sie strasznie zacina. Prosze o pomoc bo sam nie dam rady tego usunąć. Z góry bardzo dziękuję.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:45:54, on 2008-05-07

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

C:\Program Files\Acer\Acer Arcade\PCMService.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Windows\PixArt\Pac207\Monitor.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Users\Julia\Program Files\DNA\btdna.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\igfxsrvc.exe

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\system32\conime.exe

C:\Users\Julia\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.intl.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://pl.intl.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL (file missing)

O1 - Hosts: ::1 localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe

O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe

O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM..\Run: [setPanel] C:\Acer\APanel\APanel.cmd

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe

O4 - HKLM..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM..\Run: [Onet.pl AutoUpdate] "C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe" /updateexetsr

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM..\Run: [zzz_ImInstaller_IncrediMail] C:\Users\Julia\AppData\Local\Temp\Low\ImInstaller\Complete_IncrediMail.exe -product IncrediMail

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray

O4 - HKCU..\Run: [bitTorrent DNA] "C:\Users\Julia\Program Files\DNA\btdna.exe"

O4 - HKCU..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-20..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus ... nicode.cab

O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - http://slimak.onet.pl/_m/kamerzysta/One ... or012s.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: eNetHook.dll

O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Validación de contrasena de Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 13150 bytes


(Tomasz Paziewski) #2

Popraw log według instrukcji w dziale :stuck_out_tongue:


(Darek Dar) #3

wstawie jeszcze log z combofix może on coś pokaże. sprawdz jak możesz jeszcze ten dobra. dzieki

ComboFix 08-05-01.3 - Julia 2008-05-07 15:48:18.1 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1250.1.3082.18.238 [GMT 2:00]

Se ejecuta desde: D:\Programy\ComboFix.exe

* Creado un nuevo punto de restauración

.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Windows\system32\ACER.exe

C:\Windows\system32\x64

.

(((((((((((((((((( Archivos creados desde 2008-04-07 - 2008-05-07 )))))))))))))))))))))))))))))))))

.

2008-05-07 14:39 . 2008-05-07 14:39

2008-05-07 11:16 . 2008-05-07 11:16

2008-04-09 23:59 . 2008-04-09 23:59 944,184 --a------ C:\Windows\System32\winload.exe

2008-04-09 23:59 . 2008-04-09 23:59 620,088 --a------ C:\Windows\System32\ci.dll

2008-04-09 23:59 . 2008-04-09 23:59 371,712 --a------ C:\Windows\System32\srcore.dll

2008-04-09 23:59 . 2008-04-09 23:59 313,856 --a------ C:\Windows\System32\rstrui.exe

2008-04-09 23:59 . 2008-04-09 23:59 40,960 --a------ C:\Windows\System32\srclient.dll

2008-04-09 23:59 . 2008-04-09 23:59 19,000 --a------ C:\Windows\System32\kd1394.dll

2008-04-09 23:59 . 2008-04-09 23:59 16,384 --a------ C:\Windows\System32\srdelayed.exe

2008-04-09 23:59 . 2008-04-09 23:59 7,168 --a------ C:\Windows\System32\f3ahvoas.dll

2008-04-09 23:59 . 2008-04-09 23:59 6,656 --a------ C:\Windows\System32\kbd106n.dll

2008-04-09 23:57 . 2008-04-09 23:57 2,027,008 --a------ C:\Windows\System32\win32k.sys

2008-04-09 23:56 . 2008-04-09 23:56 296,448 --a------ C:\Windows\System32\gdi32.dll

2008-04-09 23:54 . 2008-04-09 23:54 83,968 --a------ C:\Windows\System32\dnsrslvr.dll

2008-04-09 23:54 . 2008-04-09 23:54 24,576 --a------ C:\Windows\System32\dnscacheugc.exe

2008-04-07 13:16 . 2008-04-07 13:16

2008-04-07 13:16 . 2008-04-07 13:16

.

(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-07 13:45 --------- d-----w C:\Users\Julia\AppData\Roaming\DNA

2008-05-07 13:16 --------- d-----w C:\Users\Julia\AppData\Roaming\Skype

2008-05-07 11:10 --------- d-----w C:\Users\Julia\AppData\Roaming\skypePM

2008-05-07 09:13 --------- d-----w C:\Users\Julia\AppData\Roaming\BitTorrent

2008-04-13 10:43 --------- d-----w C:\Program Files\Acer GameZone

2008-04-11 21:25 --------- d---a-w C:\ProgramData\TEMP

2008-04-10 21:48 --------- d-----w C:\Users\Julia\AppData\Roaming\gtk-2.0

2008-04-10 07:55 --------- d-----w C:\Program Files\Windows Mail

2008-04-09 21:51 826,368 ----a-w C:\Windows\System32\wininet.dll

2008-04-09 21:51 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-04-09 21:51 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-04-09 21:51 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-04-07 14:55 57,632 ----a-w C:\PA207.DAT

2008-04-07 11:16 --------- d-----w C:\ProgramData\CyberLink

2008-04-03 21:28 --------- d-----w C:\ProgramData\Symantec

2008-04-02 19:46 --------- d-----w C:\ProgramData\IM

2008-04-02 19:42 --------- d-----w C:\ProgramData\IncrediMail

2008-03-29 23:45 --------- d-----w C:\Program Files\Stardock

2008-03-23 12:14 --------- d-----w C:\ProgramData\eMule

2008-03-23 12:13 --------- d-----w C:\Program Files\eMule

2008-03-19 10:41 --------- d-----w C:\Users\Julia\AppData\Roaming\Media Player Classic

2008-03-19 10:40 --------- d-----w C:\Program Files\Real Alternative

2008-03-19 10:40 --------- d-----w C:\Program Files\Media Player Classic

2008-03-13 08:29 --------- d-----w C:\Users\Julia\AppData\Roaming\Gadu-Gadu

2008-03-12 21:32 --------- d-----w C:\Program Files\Winamp

2008-03-12 19:18 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys

2008-03-12 19:18 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys

2008-03-11 20:29 --------- d-----w C:\Users\Julia\AppData\Roaming\Winamp

2008-03-11 20:26 --------- d-----w C:\ProgramData\Winamp Toolbar

2008-03-11 20:26 --------- d-----w C:\ProgramData\OrbNetworks

2008-03-11 20:26 --------- d-----w C:\Program Files\Winamp Toolbar

2008-03-11 20:26 --------- d-----w C:\Program Files\Winamp Remote

2008-03-11 20:14 --------- d-----w C:\Program Files\Gadu-Gadu

2008-03-10 17:08 --------- d-----w C:\Program Files\GIMP-2.0

2008-03-09 16:53 --------- d-----w C:\Program Files\Java

2008-03-09 16:37 --------- d-----w C:\Program Files\DAEMON Tools Lite

2008-03-09 16:31 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys

2008-03-09 16:29 --------- d-----w C:\Users\Julia\AppData\Roaming\DAEMON Tools

2008-03-07 23:48 --------- d-----w C:\Program Files\Google

2008-03-07 23:42 --------- d-----w C:\Program Files\Common Files\Onet.pl

2008-03-07 23:41 --------- d-----w C:\Users\Julia\AppData\Roaming\Kamerzysta

2008-03-07 23:41 --------- d-----w C:\Users\Julia\AppData\Roaming\Czat

2008-03-07 23:41 --------- d-----w C:\Users\Julia\AppData\Roaming\AutoUpdate

2008-03-07 23:34 --------- d-----w C:\Program Files\Common Files\Java

2008-03-07 23:20 --------- d-----w C:\Program Files\Onet

2008-03-07 19:45 --------- d-----w C:\ProgramData\Skype

2008-03-07 19:45 --------- d-----w C:\Program Files\Skype

2008-03-07 19:45 --------- d-----w C:\Program Files\Common Files\Skype

2008-03-03 20:15 174 --sha-w C:\Program Files\desktop.ini

2008-03-03 20:01 87,040 ----a-w C:\Windows\System32\msoert2.dll

2008-03-03 20:01 39,424 ----a-w C:\Windows\System32\ACCTRES.dll

2008-03-03 20:01 205,824 ----a-w C:\Windows\System32\msoeacct.dll

2008-03-03 19:59 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr

2008-03-03 19:59 67,584 ----a-w C:\Windows\System32\wlanhlp.dll

2008-03-03 19:59 542,720 ----a-w C:\Windows\System32\sysmain.dll

2008-03-03 19:59 502,784 ----a-w C:\Windows\System32\wlansvc.dll

2008-03-03 19:59 47,104 ----a-w C:\Windows\System32\wlanapi.dll

2008-03-03 19:59 297,984 ----a-w C:\Windows\System32\wlansec.dll

2008-03-03 19:59 290,816 ----a-w C:\Windows\System32\wlanmsm.dll

2008-03-03 19:59 24,064 ----a-w C:\Windows\System32\wtsapi32.dll

2008-03-03 19:59 2,923,520 ----a-w C:\Windows\explorer.exe

2008-03-03 19:57 194,560 ----a-w C:\Windows\System32\WebClnt.dll

2008-03-03 19:50 595,456 ----a-w C:\Windows\System32\schedsvc.dll

2008-03-03 19:45 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL

2008-03-03 19:45 7,680 ----a-w C:\Windows\System32\spwmp.dll

2008-03-03 19:45 4,096 ----a-w C:\Windows\System32\dxmasf.dll

2008-03-03 19:45 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll

2008-03-03 19:43 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe

2008-03-03 19:43 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe

2008-03-03 19:42 2,048 ----a-w C:\Windows\System32\msxml3r.dll

2008-03-03 19:42 1,191,936 ----a-w C:\Windows\System32\msxml3.dll

2008-03-03 19:41 24,064 ----a-w C:\Windows\System32\netcfg.exe

2008-03-03 19:41 22,016 ----a-w C:\Windows\System32\netiougc.exe

2008-03-03 19:41 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll

2008-03-03 19:40 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL

2008-03-03 19:40 223,232 ----a-w C:\Windows\System32\WMASF.DLL

2008-03-03 19:40 2,048 ----a-w C:\Windows\System32\asferror.dll

2008-03-03 19:40 1,327,104 ----a-w C:\Windows\System32\quartz.dll

2008-03-03 19:39 2,048 ----a-w C:\Windows\System32\msxml6r.dll

2008-03-03 19:39 1,335,296 ----a-w C:\Windows\System32\msxml6.dll

2008-03-03 19:34 61,440 ----a-w C:\Windows\System32\ntprint.exe

2008-03-03 19:34 269,824 ----a-w C:\Windows\System32\schannel.dll

2008-03-03 19:34 220,160 ----a-w C:\Windows\System32\ntprint.dll

2008-03-03 19:34 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll

2008-03-03 19:34 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll

2008-03-03 19:34 1,984,512 ----a-w C:\Windows\System32\authui.dll

2008-03-03 19:33 88,576 ----a-w C:\Windows\System32\avifil32.dll

2008-03-03 19:33 82,944 ----a-w C:\Windows\System32\mciavi32.dll

2008-03-03 19:33 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr

2008-03-03 19:33 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll

2008-03-03 19:33 69,632 ----a-w C:\Windows\System32\sendmail.dll

2008-03-03 19:33 65,024 ----a-w C:\Windows\System32\avicap32.dll

2008-03-03 19:33 31,232 ----a-w C:\Windows\System32\msvidc32.dll

2008-03-03 19:33 123,904 ----a-w C:\Windows\System32\msvfw32.dll

2008-03-03 19:33 12,800 ----a-w C:\Windows\System32\msrle32.dll

2008-03-03 19:31 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-03-03 19:31 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-03-03 19:31 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-03-03 19:31 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll

2008-03-03 19:31 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

2007-12-13 18:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120]

[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120]

[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-03 21:04 1232896]

"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-06 10:11 149040]

"BitComet"="C:\Program Files\BitComet\BitComet.exe" []

"BitTorrent DNA"="C:\Users\Julia\Program Files\DNA\btdna.exe" [2008-04-11 18:08 288576]

"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2008-02-27 21:53 587568]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 19:21 21898024]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]

"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 22:02 495616]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:34 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-01 01:59 1006264]

"ALaunch"="C:\Acer\ALaunch\AlaunchClient.exe" []

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216]

"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2007-06-21 18:25 155648]

"Acer Tour"="" []

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 04:38 40048]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 23:08 107112]

"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 01:18 22696]

"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-07-16 07:51 768520]

"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 10:06 159744]

"eRecoveryService"="" []

"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]

"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]

"SetPanel"="C:\Acer\APanel\APanel.cmd" []

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-15 22:02 153136]

"Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe" [2006-11-03 12:01 319488]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 18:07 141848]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 18:06 166424]

"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 18:07 133656]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]

"Onet.pl AutoUpdate"="C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe" []

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-01 02:26:56 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2005-12-20 22:57 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{7EF19186-C81F-40CE-8E4A-810BBAB99480}"= C:\Program Files\Acer\Acer Arcade\PowerCinema.exe:CyberLink PowerCinema

"{B483EA9A-8688-4F90-BC01-91745F7314E9}"= C:\Program Files\Acer\Acer Arcade\PCMService.exe:CyberLink PowerCinema Resident Program

"{A33C5E96-107B-4E7A-8A92-C5683516E3B8}"= C:\Program Files\Acer\Acer Arcade\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine

"{DD739CF8-8054-4704-8B55-23B3AD56EB68}"= C:\Program Files\Acer\Acer Arcade\Kernel\DMS\CLMSService.exe:CyberLink Media Server

"{1891E2C8-6F7A-4531-897A-9165ED10B9FF}"= C:\Program Files\Acer\HomeMedia\HomeMedia.exe:HomeMedia

"{60579885-C479-4215-81B0-F82D382ACA5F}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{4F5BDAEF-D0F1-4F1C-9B1D-88470B8FF25F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{4C12C05F-ABF8-4A2E-A36C-8A0CAB390896}C:\program files\bitcomet\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"UDP Query User{0E0563B1-ED2C-4520-838D-E70E4B7F8CC4}C:\program files\bitcomet\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"TCP Query User{6695EAC2-04CC-4CA3-BC56-0CD71F56A63C}C:\program files\skype\phone\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"UDP Query User{BD9D3FBA-8AAA-47F9-9BF7-4634D5B9A75B}C:\program files\skype\phone\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"{690DFB4A-4241-4436-B697-433E91D8734A}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent

"{65D794BB-DFBA-4948-8382-7E0899307C49}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent

"{2020D7C5-BF22-4984-ABDA-9EA5BD73EB63}"= UDP:C:\Program Files\DNA\btdna.exe:DNA

"{331ECB9D-C45D-48A8-9532-9CD965C3996C}"= TCP:C:\Program Files\DNA\btdna.exe:DNA

"{A911C682-F9FA-400B-9B7B-C53776A23D7B}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb

"{FFCCB12A-53BF-4C31-A452-BF8157BA41FC}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb

"{52CD61DA-BAF3-4EEF-AE60-96A93F432BE5}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{5C238AD6-4BEB-435A-BEE2-C92CF1BFF261}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{7325B138-316E-4AC4-A84F-901DEC949C84}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"{8A6D5D25-B8F8-45B8-A610-B9BA426D67BF}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"{52961EF1-4E95-4F2F-8B25-AA46D16D960F}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail

"{7A007AD2-CD83-4A2D-84A1-A9E90C9B3C26}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail

"{5FCCBCCD-78A2-4D1D-8E25-CCB55EE9028B}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

"{9E94CE49-D4F8-49C4-812B-C7ECE9EDCE1D}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

"{914242F2-7DF6-434C-A866-08978F51859A}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

"{02B2188F-ECD5-4FE6-8C0B-9B8F5D408BBF}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

"{4837494F-BDE7-4C9B-8EDB-137C87E7D5D6}"= Disabled:UDP:C:\Users\Julia\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer

"{AC52CB4A-2AAD-4A21-8792-FD7A2C65F38E}"= Disabled:TCP:C:\Users\Julia\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\BitTorrent\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 16:34]

R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16:34]

R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 16:34]

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080429.001\IDSvix86.sys [2008-02-14 03:51]

R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 14:24]

R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 16:34]

R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 15:00]

R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-05 10:13]

R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]

R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-05-16 22:15]

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 07:23]

R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 12:03]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 10:57]

R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 17:48]

R3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 12:34]

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 20:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{e5bbeebe-edf6-11dc-b373-001b38c96dac}]

\shell\AutoRun\command - F:\Autorun.exe

*Newly Created Service* - CATCHME

*Newly Created Service* - COMHOST

.

Contenido de carpeta 'Tareas Programadas'

"2008-05-02 20:30:28 C:\Windows\Tasks\Norton Internet Security - Análisis de todo el sistema - Julia.job"

  • C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-07 15:53:17

Windows 6.0.6000 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito

archivos ocultos: 0

**************************************************************************

.

Tiempo completado: 2008-05-07 15:55:12

ComboFix-quarantined-files.txt 2008-05-07 13:54:59

13 dirs 11,449,442,304 bytes libres

20 dirs 11,422,199,808 bytes libres

290 --- E O F --- 2008-04-17 01:04:11


(Tomasz Paziewski) #4

HJ:

zafixuj wpisy

Koniecznie odinstaluj BitTorrent DNA!