Czysty komputer?

ispep · 24 Maj 2008 16:54

Witam was proszę o sprawdzenie czy mam czysty komputer

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:53:06, on 2008-05-24 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Razer\Copperhead\razerhid.exe C:\Program Files\AutoConnect\AutoConnect.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Documents and Settings\Komputer\Menu Start\Programy\Autostart\ctfmon.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\usr\MYSQL\bin\mysqld.exe C:\Program Files\Razer\Copperhead\razerofa.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM…\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM…\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe O4 - HKCU…\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe O4 - HKCU…\Run: [Nokia.PCSync] “C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe” /NoDialog O4 - HKCU…\Run: [PC Suite Tray] “C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe” -onlytray O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O4 - Startup: ctfmon.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip…{5D8E4B1A-234F-4832-A9CA-4C2DBA096B16}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: MySql - Unknown owner - c:\usr/MYSQL/bin/mysqld.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe –

djarta · 24 Maj 2008 17:43

Daj log z Combofix’a

ispep · 24 Maj 2008 18:26

ComboFix 08-05-21.3 - Komputer 2008-05-24 20:24:12.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.428 [GMT 2:00] Running from: C:\Documents and Settings\Komputer\Pulpit\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Recycled\Recycled C:\Recycled\Recycled\ctfmon.exe D:\Autorun.inf E:\Autorun.inf F:\Autorun.inf G:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-04-24 to 2008-05-24 ))))))))))))))))))))))))))))))) . 2008-05-24 19:40 . 2008-05-24 19:40 2008-05-24 19:40 . 2008-05-24 19:40 2008-05-24 18:53 . 2008-05-24 18:53 2008-05-24 00:07 . 2008-05-24 00:07 2008-05-19 01:46 . 2008-05-19 01:46 2008-05-19 01:23 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-05-19 01:22 . 2008-05-19 01:23 2008-05-19 01:20 . 2008-05-19 01:20 2008-05-18 15:43 . 2008-05-18 15:43 2008-05-18 15:43 . 2008-05-18 18:59 2008-05-17 15:46 . 2008-05-17 15:46 1,669 --a------ C:\WINDOWS\system32\Pdx8.INI 2008-05-17 15:40 . 2008-05-17 15:40 221,252 --a------ C:\WINDOWS\system32\maskDll.dll 2008-05-17 15:40 . 2008-05-17 15:40 200,776 --a------ C:\WINDOWS\system32\unMaskDLL.dll 2008-05-17 15:37 . 2008-05-17 15:37 8,959 --a------ C:\WINDOWS\system32\drivers\U3sHlpDr.sys 2008-05-16 16:27 . 2002-07-11 04:11 2008-05-16 01:24 . 2008-05-24 04:04 2008-05-16 01:24 . 2008-05-16 01:24 2008-05-15 16:07 . 2008-05-15 16:07 2008-05-15 16:07 . 2001-01-04 10:12 162,900 --------- C:\WINDOWS\system32\drivers\USBICP.sys 2008-05-15 16:07 . 2005-07-22 15:01 69,632 --a------ C:\WINDOWS\system32\razer.cpl 2008-05-15 16:07 . 2005-08-12 10:11 19,020 --a------ C:\WINDOWS\system32\drivers\Razerlow.sys 2008-05-15 16:06 . 2008-04-14 00:15 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-05-15 16:06 . 2008-04-14 00:15 32,128 --a–c— C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-05-15 16:06 . 2008-04-14 21:50 14,720 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2008-05-15 16:06 . 2008-04-14 21:50 14,720 --a–c— C:\WINDOWS\system32\dllcache\kbdhid.sys 2008-05-15 16:06 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-05-15 16:06 . 2001-10-26 16:57 12,160 --a–c— C:\WINDOWS\system32\dllcache\mouhid.sys 2008-05-15 16:06 . 2008-04-14 00:15 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-05-15 16:06 . 2008-04-14 00:15 10,368 --a–c— C:\WINDOWS\system32\dllcache\hidusb.sys 2008-05-15 02:33 . 2008-05-15 02:33 2008-05-15 02:33 . 2008-05-15 02:33 2008-05-15 02:32 . 2008-05-15 02:32 2008-05-15 02:32 . 2008-05-15 02:32 2008-05-15 02:31 . 2008-05-15 02:31 29,480 --a------ C:\WINDOWS\system32\msxml3a.dll 2008-05-15 01:57 . 2002-07-11 04:11 2008-05-15 01:44 . 2008-05-15 01:44 2008-05-13 00:43 . 2002-07-11 04:11 2008-05-13 00:43 . 1997-04-08 20:08 299,520 --a------ C:\WINDOWS\uninst.exe 2008-05-10 01:54 . 2008-05-10 01:54 2008-05-08 23:42 . 2008-05-08 23:42 2008-05-08 23:42 . 2002-07-12 17:13 2008-05-08 21:19 . 2008-04-14 00:15 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys 2008-05-08 21:19 . 2008-04-14 00:15 26,112 --a–c— C:\WINDOWS\system32\dllcache\usbser.sys 2008-05-08 21:19 . 2008-05-08 21:19 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-05-08 21:19 . 2008-05-08 21:19 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-05-08 21:11 . 2008-05-08 21:20 2008-05-08 21:11 . 2008-05-08 21:11 2008-05-08 21:08 . 2008-05-08 21:08 2008-05-08 21:08 . 2008-05-08 21:08 2008-05-08 21:08 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys 2008-05-08 21:07 . 2002-07-11 04:39 2008-05-08 21:07 . 2008-05-08 21:07 2008-05-08 21:07 . 2008-02-01 15:17 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-05-08 21:05 . 2002-07-11 04:44 2008-05-08 16:47 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll 2008-05-08 16:47 . 2008-05-08 16:47 421 --a------ C:\WINDOWS\ODBC.INI 2008-05-08 16:44 . 2008-05-08 16:44 2008-05-08 16:43 . 2008-05-08 16:45 2008-05-08 16:43 . 2008-05-08 16:43 2008-05-08 09:45 . 2008-05-08 09:45 2008-05-08 09:45 . 2002-07-11 04:12 2008-05-08 02:40 . 1996-07-15 02:10 21,648 --a------ C:\WINDOWS\system\CTL3DV2.DLL 2008-05-06 18:22 . 2002-07-11 04:12 2008-05-06 18:22 . 1997-07-11 00:00 1,037,312 --a------ C:\WINDOWS\system32\msjet35.dll 2008-05-06 18:22 . 1996-11-08 03:48 368,912 --a------ C:\WINDOWS\system32\vbar332.dll 2008-05-06 18:22 . 1997-07-11 00:00 251,664 --a------ C:\WINDOWS\system32\msrd2x35.dll 2008-05-06 18:22 . 1997-07-11 00:00 121,104 --a------ C:\WINDOWS\system32\msjint35.dll 2008-05-06 18:22 . 1997-07-11 00:00 24,336 --a------ C:\WINDOWS\system32\msjter35.dll 2008-05-06 05:32 . 2008-05-18 18:59 2008-05-04 12:41 . 2008-04-14 22:50 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2008-05-04 12:41 . 2008-04-14 22:50 54,784 --a–c— C:\WINDOWS\system32\dllcache\vfwwdm32.dll 2008-05-04 12:40 . 2008-05-04 12:40 2008-05-04 12:40 . 2008-05-04 12:41 2008-05-04 12:40 . 2003-07-15 11:25 99,476 --a------ C:\WINDOWS\system32\drivers\STK014W2.sys 2008-05-04 12:40 . 2003-07-11 12:30 40,960 --a------ C:\WINDOWS\system32\STK014P.ax 2008-05-04 12:40 . 2003-07-15 11:25 32,140 --a------ C:\WINDOWS\system32\drivers\STK014W1.sys 2008-05-01 21:29 . 2008-05-01 21:33 2008-04-30 01:34 . 2004-05-12 08:49 1,089,536 --------- C:\WINDOWS\system32\ROBOEX32.DLL 2008-04-25 22:12 . 2008-04-25 22:14 2008-04-25 16:11 . 2002-07-12 07:04 2008-04-25 16:11 . 2002-07-12 07:21 2008-04-25 09:33 . 2008-04-25 09:34 90,112 --a------ C:\WINDOWS\DUMP411f.tmp 2008-04-25 08:58 . 2008-04-25 08:58 2008-04-25 08:58 . 2008-04-25 08:58 2008-04-25 08:58 . 2001-07-06 14:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll 2008-04-25 08:58 . 2001-07-06 12:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll 2008-04-25 08:58 . 2001-07-06 18:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll 2008-04-25 08:58 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2008-04-25 08:58 . 2003-03-29 16:45 89,184 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys 2008-04-25 08:58 . 2003-09-15 14:56 57,344 --a------ C:\WINDOWS\system32\ImageDrive.cpl 2008-04-25 08:58 . 2001-06-26 08:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll 2008-04-25 08:42 . 2008-04-25 08:42 2008-04-25 02:59 . 2008-04-14 22:51 294,912 -----c— C:\WINDOWS\system32\dllcache\dlimport.exe 2008-04-25 02:59 . 2008-04-14 22:50 33,792 -----c— C:\WINDOWS\system32\dllcache\custsat.dll 2008-04-25 02:59 . 2008-04-14 21:29 8,192 -----c— C:\WINDOWS\system32\dllcache\asferror.dll 2008-04-25 02:57 . 2008-04-13 22:06 144,384 --------- C:\WINDOWS\system32\drivers\hdaudbus.sys 2008-04-25 02:57 . 2008-04-14 00:10 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys 2008-04-25 02:56 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\005691_.tmp 2008-04-24 04:08 . 2008-04-24 04:08 2008-04-24 04:06 . 2008-04-24 04:06 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-24 18:14 --------- d-----w C:\Program Files\AutoConnect 2008-05-23 22:31 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\Skype 2008-05-19 11:29 --------- d-----w C:\Program Files\Steam 2008-05-18 20:32 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\HLSW 2008-05-17 12:40 --------- d-----w C:\Program Files\Notepad++ 2008-05-09 13:03 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-05-09 12:59 --------- d-----w C:\Program Files\NAPI-PROJEKT 2008-05-09 10:54 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\teamspeak2 2008-04-29 23:34 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-04-25 07:05 --------- d-----w C:\Program Files\BitComet 2008-04-22 14:39 --------- d-----w C:\Program Files\Ventrilo 2008-04-22 14:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-04-22 14:39 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\Ventrilo 2008-04-22 13:57 --------- d-----w C:\Program Files\Teamspeak2_RC2 2008-04-22 10:28 --------- d-----w C:\Program Files\Robster Productions 2008-04-22 09:40 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\Media Player Classic 2008-04-22 08:24 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\ATI 2008-04-22 08:21 --------- d-----w C:\Program Files\ATI Technologies 2008-04-22 05:31 --------- d-----w C:\Program Files\BearShare Pro 2008-04-22 05:24 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2008-04-22 05:23 --------- d-----w C:\Program Files\Skype 2008-04-22 05:23 --------- d-----w C:\Program Files\Common Files\Skype 2008-04-22 05:23 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\Notepad++ 2008-04-22 05:23 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\Gadu-Gadu 2008-04-22 05:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2008-04-22 05:21 --------- d-s—w C:\Program Files\HLSW 2008-04-22 05:20 --------- d-----w C:\Program Files\Gadu-Gadu 2008-04-22 05:17 --------- d-----w C:\Program Files\Common Files\Adobe 2008-04-22 05:16 --------- d-----w C:\Program Files\WinAmp 2008-04-22 05:16 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\Winamp 2008-04-22 05:13 --------- d-----w C:\Program Files\MarBit 2008-04-22 04:44 --------- d-----w C:\Program Files\Thomson 2008-04-22 04:22 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\Creative 2008-04-22 04:21 --------- d-----w C:\Program Files\Creative 2008-04-22 04:19 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Creative 2008-04-22 03:52 558,142 ----a-w C:\WINDOWS\java\Packages\MCQVNRHJ.ZIP 2008-04-22 03:52 155,995 ----a-w C:\WINDOWS\java\Packages\KEXR5B3F.ZIP 2008-04-22 03:52 --------- d-----w C:\Program Files\microsoft frontpage 2008-04-22 03:49 --------- d-----w C:\Program Files\Usługi online 2008-04-14 21:16 1,804 ----a-w C:\WINDOWS\system32\dcache.bin 2008-04-14 20:56 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe 2008-04-14 20:52 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll 2008-04-14 20:52 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll 2008-04-14 20:52 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys 2008-04-14 20:52 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys 2008-04-14 20:52 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys 2008-04-14 20:52 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll 2008-04-14 20:52 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys 2008-04-14 20:50 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll 2008-04-14 20:49 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll 2008-04-14 20:48 5,632 ----a-w C:\WINDOWS\system32\wmi.dll 2008-04-14 20:48 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll 2008-04-14 20:47 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll 2008-04-14 20:47 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll 2008-04-14 20:43 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll 2008-04-14 20:42 3,584 ----a-w C:\WINDOWS\system32\msafd.dll 2008-04-14 20:36 3,584 ----a-w C:\WINDOWS\system32\icmp.dll 2008-04-14 20:35 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll 2008-04-14 20:35 569,856 ----a-w C:\WINDOWS\system32\gpedit.dll 2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll 2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll 2008-04-14 20:33 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll 2008-04-14 20:31 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll 2008-04-14 20:30 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll 2008-04-14 20:04 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys 2008-04-14 20:03 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys 2008-04-14 20:03 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys 2008-04-14 20:03 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys 2008-04-14 20:03 120,320 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys 2008-04-14 20:00 2,190,336 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-04-14 19:59 2,067,200 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-04-14 19:55 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll 2008-04-14 19:52 89,600 ------w C:\WINDOWS\system32\msxml6r.dll 2008-04-14 19:52 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys 2008-04-14 19:52 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys 2008-04-14 19:50 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll 2008-04-14 19:50 24,960 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys 2008-04-14 19:48 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys 2008-04-14 19:47 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys 2008-04-14 19:46 40,448 ------w C:\WINDOWS\system32\drivers\intelppm.sys 2008-04-14 19:45 49,664 ----a-w C:\WINDOWS\system32\inetres.dll 2008-04-14 19:45 2,977,792 ----a-w C:\WINDOWS\system32\wmploc.dll 2008-04-14 19:43 563,200 ----a-w C:\WINDOWS\system32\shdoclc.dll 2008-04-14 19:41 65,280 ----a-w C:\WINDOWS\system32\drivers\serial.sys 2008-04-14 19:41 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys 2008-04-14 19:39 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys 2008-04-14 19:39 190,976 ------w C:\WINDOWS\system32\wmerror.dll 2008-04-14 19:37 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll 2008-04-14 19:35 67,584 ----a-w C:\WINDOWS\system32\browselc.dll 2008-04-14 19:35 58,880 ----a-w C:\WINDOWS\system32\drivers\redbook.sys 2008-04-14 19:35 273,920 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-04-14 19:35 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys 2008-04-14 19:33 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys 2008-04-14 19:32 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll 2008-04-14 19:31 52,864 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys 2008-04-14 19:30 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys 2008-04-14 19:29 8,192 ----a-w C:\WINDOWS\system32\asferror.dll 2008-04-14 19:28 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys 2008-04-14 19:28 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys 2008-04-14 19:25 23,296 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “AutoConnect”=“C:\Program Files\AutoConnect\AutoConnect.exe” [2006-12-03 01:14 310784] “Nokia.PCSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe” [2008-03-26 18:41 1232896] “PC Suite Tray”=“C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe” [2008-04-16 12:53 1079808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTStartup”=“C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe” [2001-12-20 01:00 28672] “razer”=“C:\Program Files\Razer\Copperhead\razerhid.exe” [2005-10-08 16:27 155648] “egui”=“C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” [2008-03-13 16:48 1443072] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2008-04-14 22:51 15360] “Nokia.PCSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2008-03-26 18:41 1232896] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] “msacm.ctmp3”= C:\WINDOWS\System32\ctmp3.acm “VIDC.YV12”= yv12vfw.dll “aux”= ctwdm32.dll [HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Privoxy.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Privoxy.lnk backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup [HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^STK014 PNP Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\STK014 PNP Monitor.lnk backup=C:\WINDOWS\pss\STK014 PNP Monitor.lnkCommon Startup [HKLM~\startupfolder\C:^Documents and Settings^Komputer^Menu Start^Programy^Autostart^ctfmon.exe] path=C:\Documents and Settings\Komputer\Menu Start\Programy\Autostart\ctfmon.exe backup=C:\WINDOWS\pss\ctfmon.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] --a------ 2006-01-02 16:41 45056 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange] --a------ 2006-05-03 18:45 26112 C:\WINDOWS\system32\Ati2mdxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection] --a------ 2001-10-04 01:00 28672 C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-14 22:51 1695232 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync] --a------ 2008-03-26 18:41 1232896 C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] --a------ 2008-04-16 12:53 1079808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut] --------- 2007-12-14 11:36 50472 C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8] --------- 2008-03-20 20:23 83240 C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics] --a------ 2004-01-26 11:38 866816 C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] --------- 2000-05-11 01:00 90112 C:\WINDOWS\UpdReg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch] --a------ 2002-02-07 20:01 40960 C:\WINDOWS\system32\CTHELPER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center] “AntiVirusOverride”=dword:00000001 [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”= “C:\Program Files\Steam\steamapps\sloma90\counter-strike\hl.exe”= “C:\Program Files\HLSW\hlsw.exe”= “C:\usr\apache\Apache.exe”= “%windir%\Network Diagnostic\xpnetdiag.exe”= “C:\Program Files\BitComet\BitComet.exe”= “C:\Program Files\mIRC\mirc.exe”= “C:\Program Files\Valve\hl.exe”= “C:\Program Files\BearShare Pro\Bearshare.exe”= “C:\Program Files\Valve\hlds.exe”= “C:\Program Files\Mozilla Firefox\firefox.exe”= “C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe”= “C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe”= “C:\Program Files\Hamachi\hamachi.exe”= “C:\WINDOWS\system32\dplaysvr.exe”= “C:\Program Files\Codemasters\Colin McRae Rally 2\CMR2.exe”= “C:\Program Files\Skype\Phone\Skype.exe”= R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52] R2 U3sHlpDr;U3sHlpDr;C:\WINDOWS\System32\Drivers\U3sHlpDr.sys [2008-05-17 15:37] S3 DCamUSBSTK014;STK014 Camera;C:\WINDOWS\system32\DRIVERS\STK014W2.sys [2003-07-15 11:25] S3 PRODIGY;PRODIGY;C:\WINDOWS\system32\Drivers\PRODIGY.SYS [2006-08-29 16:56] S3 Razerlow;Razer Copperhead Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-08-12 10:11] S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{fa6870a8-1023-11dd-90ba-000e50d4ecfc}] \Shell\AutoRun\command - J:\USBNB.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-24 20:25:05 Windows 5.1.2600 Dodatek Service Pack 3 NTFS scanning hidden processes … scanning hidden autostart entries … HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h???s???w? ?w???w???w4???.??w4???4???TA?s4???8??? ??? ???5?7~e?7~???S??????C@?\???\??????s????\??????s\????8?A??s?8??C@?x???|?w???@ scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql] “ImagePath”=“c:\usr/MYSQL/bin/mysqld.exe” . Completion time: 2008-05-24 20:25:48 ComboFix-quarantined-files.txt 2008-05-24 18:25:41 Pre-Run: 3,925,274,624 bajtów wolnych Post-Run: 3,912,519,680 bajtów wolnych 329 — E O F — 2008-05-16 01:21:12

Leon1 · 24 Maj 2008 18:37

Otwórz notatnik i wklej

zapisz jako plik.reg >> wszystkie pliki >> scal z rejestrem >> restart

powstanie plik o takiej ikonie

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

zrób optymalizacje uruchamiania http://cybertrash.netarteria.pl/cyber/index.php/topic,378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE

ispep · 24 Maj 2008 18:47

mam 6 pocesow

svchost.exe

chyba to jest nie normalnie bo powinno by tylko 4

huber2t · 25 Maj 2008 02:38

To zależy od systemu ile jest tych procesów a nie od zasad, w twoim wypadku to jest normalne

Agaton · 25 Maj 2008 05:29

ispep ,

Uwaga na przyszłość:

w związku ze zmianą, jaka obowiązuje przy wklejaniu logów w tym dziale, przeczytaj i stosuj się do Tematu