namrab
(Bartk0r)
22 Grudzień 2007 14:28
#1
Witam, posiadam windowsa xp z sp1, wszystko dzialalo swietnie az nagle wczoraj, przegladajac strony www za pomcoa internet explorera, komp sie zresetowal, a potem standardowe okienko z odliczaniem rodem z sassera czy blastera, niestety to co zlapal moj komp to cos mocniejszego. w menadzerzep rocesow iexplore skacze z gory na dol, wlacza sie, wylacza tak non stop, przez to moj komp non stop jest zajety, mysli, programy sie nie wlaczaja, narazie udalo mi sie jedynie zwalczyc popup blasterowy z odliczaniem ale nic wiecej, w folderach np FOLDER pojawiaja sie pliki folder.exe , _install.exe itp wklejam logi z hijacka i z combofixa, prosze o natychmiastowa pomoc.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:25:58, on 2007-12-22 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\S3VyZWs\command.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Network Monitor\netmon.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\PnkBstrA.exe C:\WINDOWS\System32\svcd\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\System32\CTXFIHLP.EXE C:\WINDOWS\System32\rundll32.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\HELP\DBBXY.exe C:\WINDOWS\CTDCRES.exe C:\WINDOWS\System32\newmaxxsv234.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe C:\WINDOWS\System32\dllgh8jkd1q2.exe C:\WINDOWS\System32\drivers\sysdrv.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\System32\msdtc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\vedxga1me4t1.exe C:\WINDOWS\System32\vedxg4am1et2.exe C:\WINDOWS\ntfyapp.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\MICROS~2\OFFICE11\WORDVIEW.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\IH_iexplore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\IH_iexplore.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM…\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM…\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe boot O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [CTDVDDET] “C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE” O4 - HKLM…\Run: [RCSystem] “C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe” RCSystem * -Startup O4 - HKLM…\Run: [AudioDrvEmulator] “C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe” -1 AudioDrvEmulator “C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll” O4 - HKLM…\Run: [VolPanel] “C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe” /r O4 - HKLM…\Run: [CTHelper] CTHELPER.EXE O4 - HKLM…\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM…\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM…\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM…\Run: [VirtualCloneDrive] “C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe” /s O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [RavTimeXP] C:\WINDOWS\HELP\DBBXY.exe O4 - HKLM…\Run: [installShield Installation Information] C:\WINDOWS\CTDCRES.exe O4 - HKLM…\Run: [system] C:\WINDOWS\System32\kernelwind32.exe O4 - HKLM…\Run: [systemSv12] C:\WINDOWS\System32\newmaxxsv234.exe O4 - HKLM…\Run: [taskmon] C:\WINDOWS\taskmon.exe O4 - HKCU…\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [main] C:\WINDOWS\System32\drivers\sysdrv.exe O4 - HKCU…\Run: [default] C:\Documents and Settings\Pawel\scvhost.exe O4 - HKCU…\Run: [Windows update loader] C:\Windows\xpupdate.exe O4 - HKCU…\Run: [ntfyapp] C:\WINDOWS\ntfyapp.exe O4 - HKCU…\RunOnce: [sysinit] C:\WINDOWS\System32\drivers\sysdrv.exe O4 - HKCU…\RunOnce: [ati] C:\Documents and Settings\Pawel\scvhost.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O17 - HKLM\System\CCS\Services\Tcpip…{9C5CD633-0A5B-4A3B-93D7-126FBA3C38D4}: NameServer = 85.255.116.115,85.255.112.158 O17 - HKLM\System\CCS\Services\Tcpip…{A2CA145E-7DDA-412D-810F-6068452B65FB}: NameServer = 85.255.116.115,85.255.112.158 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.115 85.255.112.158 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.115 85.255.112.158 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.115 85.255.112.158 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Dokumenty\Settings\bot.dll O21 - SSODL: BPKQeLmmx - {E43462B4-4E9E-C81E-C536-5FA8BBB0342C} - C:\WINDOWS\System32\lu.dll O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\S3VyZWs\command.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: FFI - Unknown owner - C:\WINDOWS\System32\svchost.exe:exm.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe O23 - Service: Security Service (TTSO) - Unknown owner - C:\WINDOWS\System32\svcd\svchost.exe – End of file - 7799 bytes
i combofix
ComboFix 07-12-21.4 - Pawel 2007-12-22 14:31:40.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.1661 [GMT 1:00] Running from: C:\Documents and Settings\Pawel\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\LocalService\Dane aplikacji\NetMon C:\Documents and Settings\LocalService\Dane aplikacji\NetMon\domains.txt C:\Documents and Settings\LocalService\Dane aplikacji\NetMon\log.txt C:\Documents and Settings\Pawel\Dane aplikacji\install.dat C:\Program Files\network monitor C:\Program Files\network monitor\netmon.exe C:\WINDOWS\Help\agt037b.hlp C:\WINDOWS\nwan.dat C:\WINDOWS\S3VyZWs\ C:\WINDOWS\S3VyZWs\asappsrv.dll C:\WINDOWS\S3VyZWs\command.exe C:\WINDOWS\S3VyZWs\mapVtqP.vbs C:\WINDOWS\S3VyZWs\command.exe C:\WINDOWS\system32\atmtd.dll C:\WINDOWS\system32\atmtd.dll._ C:\WINDOWS\system32\config\47645666.Evt C:\WINDOWS\system32\drivers\GMH45.sys C:\WINDOWS\system32\drivers\symavc32.sys C:\WINDOWS\system32\drivers\Wdhd23.sys C:\WINDOWS\system32\kernel32.exe C:\WINDOWS\system32\kernelw.sys C:\WINDOWS\system32\kernelwind32.exe C:\WINDOWS\system32\kr_done1 C:\WINDOWS\system32\m1ax1d1213216143v.exe C:\WINDOWS\system32\max1d11643v.exe C:\WINDOWS\system32\mscore.dll C:\WINDOWS\system32\newmaxxsv234.exe C:\WINDOWS\system32\shift.exe.exe C:\WINDOWS\system32\svcp.csv C:\WINDOWS\system32\vedxg4am1et2.exe C:\WINDOWS\system32\vedxg6ame4.exe C:\WINDOWS\system32\vedxga1me4t1.exe C:\WINDOWS\system32\vedxga3me2.exe C:\WINDOWS\system32\vedxga4me1.exe C:\WINDOWS\system32\vedxga5me3.exe C:\WINDOWS\system32\vx.tll C:\WINDOWS\system32\winlogon.scr C:\WINDOWS\system32\winsub.xml C:\WINDOWS\system32\xpdx.sys C:\WINDOWS\uninstall_nmon.vbs C:\windows\xpupdate.exe G:\autorun.inf G:\copy.exe G:\host.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_ASC3550P -------\LEGACY_CMDSERVICE -------\LEGACY_DRIVER -------\LEGACY_GMH45 -------\LEGACY_NDISWON -------\LEGACY_NETWORK_MONITOR -------\LEGACY_WINDOWS_MANAGEMENT_SERVICE -------\cmdService -------\Driver -------\Network Monitor ((((((((((((((((((((((((( Files Created from 2007-11-22 to 2007-12-22 ))))))))))))))))))))))))))))))) . 2007-12-22 14:26 . 2007-12-22 14:23 135,168 --a------ C:\Documents and Settings\Pawel_install.exe 2007-12-22 14:26 . 2007-12-22 14:23 135,168 --a------ C:\Documents and Settings\All Users_install.exe 2007-12-22 14:24 . 2007-12-22 14:31 28,328 --a------ C:\WINDOWS\ntfyapp.config 2007-12-22 14:23 . 2007-12-22 14:23 135,168 --a------ C:\WINDOWS\ntfyapp.exe 2007-12-22 14:23 . 2007-12-22 14:23 48,146 --a------ C:\WINDOWS\taskmon.exe 2007-12-22 14:23 . 2007-12-22 14:29 13,760 --a------ C:\WINDOWS\system32\taskmon.sys 2007-12-22 14:22 . 2007-12-22 14:22 2007-12-22 14:22 . 2007-12-22 14:22 29 --a------ C:\WINDOWS\system32\agdtqtug.tmp 2007-12-22 14:02 . 2003-05-11 16:26 24,576 --a------ C:\WINDOWS\system32\xpsp1hfm.exe 2007-12-22 14:01 . 2007-12-22 13:23 52,756 --a------ C:\WINDOWS\system32\csinq.exe 2007-12-22 13:37 . 2007-12-22 14:18 0 --a------ C:\WINDOWS\system32\dllgh8jkd1q8.exe 2007-12-22 13:23 . 2007-12-22 13:23 2007-12-22 13:23 . 2007-12-22 13:23 27,136 —hs---- C:\Documents and Settings\Pawel\scvhost.exe 2007-12-22 13:22 . 2007-12-22 13:22 29,184 --a------ C:\WINDOWS\CTDCRES.exe 2007-12-22 13:22 . 2007-12-22 13:22 21,504 --a------ C:\Documents and Settings\Pawel\n32n.exe 2007-12-17 21:50 . 2007-12-17 21:50 2007-12-16 12:54 . 2007-12-16 12:54 754 --a------ C:\WINDOWS\WORDPAD.INI 2007-12-01 15:10 . 2007-12-01 15:10 2007-12-01 15:10 . 2007-12-15 19:54 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2007-12-01 15:10 . 2007-12-04 17:19 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2007-12-01 15:10 . 2007-12-15 19:54 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-12-01 15:10 . 2007-12-04 17:15 22,328 --a------ C:\Documents and Settings\Pawel\Dane aplikacji\PnkBstrK.sys 2007-12-01 15:10 . 2007-12-01 15:10 300 --a------ C:\WINDOWS\game.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-11-24 17:24 53,765 —h–w C:\Program Files\Program Files.exe 2013-11-24 17:24 53,765 —h–w C:\Documents and Settings\All Users\All Users.exe 2013-11-24 17:24 53,765 ----a-w C:\WINFILE.EXE 2007-12-22 12:23 35,702 ----a-w C:\WINDOWS\system32\dllgh8jkd1q2.exe 2007-12-22 12:23 30,583 ----a-w C:\WINDOWS\system32\e1.exe 2007-12-22 12:23 27,136 --sh–w C:\WINDOWS\system32\drivers\sysdrv.exe 2007-12-22 12:23 25,103 ----a-w C:\WINDOWS\system32\e2.exe 2007-12-22 12:23 18,294 ----a-w C:\WINDOWS\system32\dllgh8jkd1q7.exe 2007-12-22 12:23 17,782 ----a-w C:\WINDOWS\system32\dllgh8jkd1q6.exe 2007-12-22 12:23 16,758 ----a-w C:\WINDOWS\system32\dllgh8jkd1q5.exe 2007-12-22 12:23 12,800 ----a-w C:\WINDOWS\system32\svchost.exe 2007-12-22 12:23 11,638 ----a-w C:\WINDOWS\system32\dllgh8jkd1q1.exe 2007-12-01 14:10 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-11-27 19:52 --------- d-----w C:\Program Files\Gadu-Gadu 2007-11-21 10:41 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\POP3Profiles 2007-11-13 12:47 --------- d-----w C:\Program Files\ivo 2007-11-06 18:02 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-11-06 18:02 --------- d–h--r C:\Documents and Settings\Pawel\Dane aplikacji\SecuROM 2007-11-06 13:38 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe 2007-10-29 16:05 --------- d-----w C:\Documents and Settings\Pawel\Dane aplikacji\Tlen.pl 2007-10-29 16:02 --------- d-----w C:\Documents and Settings\Pawel\Dane aplikacji\Gadu-Gadu 2007-10-28 22:19 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles 2007-09-27 17:09 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe 2007-09-27 16:13 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2007-09-27 16:13 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2007-09-27 15:42 315,392 ----a-w C:\WINDOWS\HideWin.exe 2007-09-27 15:23 558,142 ----a-w C:\WINDOWS\java\Packages\GTVXBTZZ.ZIP 2007-09-27 15:23 155,995 ----a-w C:\WINDOWS\java\Packages\V9V7VZXF.ZIP 2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe . Infected C:\WINDOWS\system32\svchost.exe hex repaired ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “LDM”=“C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe” [2007-11-06 15:14] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 08:39] “ntfyapp”=“C:\WINDOWS\ntfyapp.exe” [2007-12-22 14:23] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] “ati”=“C:\Documents and Settings\Pawel\scvhost.exe” [2007-12-22 13:23] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “JMB36X IDE Setup”=“C:\WINDOWS\RaidTool\xInsIDE.exe” [2007-03-20 15:36] “36X Raid Configurer”=“C:\WINDOWS\System32\xRaidSetup.exe” [2007-03-21 17:23] “RTHDCPL”=“RTHDCPL.EXE” [2007-03-21 15:49 C:\WINDOWS\RTHDCPL.exe] “NvCplDaemon”=“RUNDLL32.exe” [2002-09-28 23:00 C:\WINDOWS\system32\rundll32.exe] “nwiz”=“nwiz.exe” [2007-09-17 01:07 C:\WINDOWS\system32\nwiz.exe] “CTDVDDET”=“C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE” [2003-06-18 00:00] “RCSystem”=“C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe” [2005-11-04 17:07] “AudioDrvEmulator”=“C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe” [2005-11-04 17:07] “VolPanel”=“C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe” [2006-07-28 08:56] “CTHelper”=“CTHELPER.EXE” [2006-08-17 04:32 C:\WINDOWS\CTHELPER.EXE] “CTxfiHlp”=“CTXFIHLP.EXE” [2006-08-17 04:32 C:\WINDOWS\system32\CTXFIHLP.EXE] “UpdReg”=“C:\WINDOWS\UpdReg.EXE” [2000-05-11 00:00] “Logitech Hardware Abstraction Layer”=“KHALMNPR.EXE” [2004-12-10 11:45 C:\WINDOWS\KHALMNPR.Exe] “VirtualCloneDrive”=“C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe” [2006-04-29 14:21] “NvMediaCenter”=“RUNDLL32.exe” [2002-09-28 23:00 C:\WINDOWS\system32\rundll32.exe] “RavTimeXP”=“C:\WINDOWS\HELP\DBBXY.exe” [2013-11-24 18:24] “InstallShield Installation Information”=“C:\WINDOWS\CTDCRES.exe” [2007-12-22 13:22] “taskmon”=“C:\WINDOWS\taskmon.exe” [2007-12-22 14:23] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2002-09-28 23:00] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-06 15:14:08] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-27 18:08:59] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] “BPKQeLmmx”= {E43462B4-4E9E-C81E-C536-5FA8BBB0342C} - C:\WINDOWS\System32\lu.dll [2006-12-22 13:23 14848] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] “System”=“csvsu.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\botreg] C:\Documents and Settings\All Users\Dokumenty\Settings\bot.dll 2007-12-22 14:23 25569 C:\Documents and Settings\All Users\Dokumenty\Settings\bot.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pawel^Menu Start^Programy^Autostart^MSWin–1767954875.exe] path=C:\Documents and Settings\Pawel\Menu Start\Programy\Autostart\MSWin–1767954875.exe backup=C:\WINDOWS\pss\MSWin–1767954875.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Expressivo] C:\Program Files\ivo\Expressivo\expressivo.exe -t [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator] C:\Program Files\Tlen.pl\tlen.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-12-17 21:50 171448 --a------ C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader] C:\Windows\xpupdate.exe R2 TTSO;Security Service;C:\WINDOWS\System32\svcd\svchost.exe [2007-12-22 13:23] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\System32\DRIVERS\atl01_xp.sys [2007-03-15 15:12] R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\System32\drivers\ha20x2k.sys [2006-08-17 04:16] S2 FFI;FFI;C:\WINDOWS\System32\svchost.exe:exm.exe [] S3 taskmon.sys;taskmon.sys;C:\WINDOWS\System32\taskmon.sys [2007-12-22 14:29] . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-22 14:34:17 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes …
prosze o pomoc.