Log z hiJackthis


(Rafal F19) #1

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:28:49, on 2008-12-18

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\runservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\PnkBstrA.exe

D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe

C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

C:\Program Files\Java\j2re1.4.2_15\bin\jucheck.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

D:\Tlen.pl\tlen.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe"

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU..\Run: [Komunikator] D:\Tlen.pl\tlen.exe

O4 - HKCU..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O4 - HKCU..\Run: [vamsoft] C:\WINDOWS\system32\vamsoft.exe

O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_15\bin\npjpi142_15.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_15\bin\npjpi142_15.dll

O9 - Extra button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--

End of file - 5610 bytes

i teraz pytanie ktore wpisy mam usunac?? a wklejam loga bo nie moge otwierac dysku... :confused:


(Olixxx94) #2

Fix w HijackThis. Daj log z Combofix.


(Rafal F19) #3

ComboFix 08-12-17.01 - Rafał 2008-12-18 20:54:48.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.510.184 [GMT 1:00]

Uruchomiony z: c:\documents and settings\Rafał\Pulpit\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\autorun.inf

c:\documents and settings\Rafa\Ustawienia lokalne\Temporary Internet Files\

c:\program files\Mozilla Firefox\plugins\NPMyGlSh.dll

c:\program files\myglobalsearch

c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR

c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST

c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR

c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST

c:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL

c:\program files\myglobalsearch\bar\1.bin\MGSBAR.DLL

c:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL

c:\program files\myglobalsearch\bar\Cache\0004F374

c:\program files\myglobalsearch\bar\Cache\007C040C.bin

c:\program files\myglobalsearch\bar\Cache\007C060F.bin

c:\program files\myglobalsearch\bar\Cache\007C07C5.bin

c:\program files\myglobalsearch\bar\Cache\files.ini

c:\program files\myglobalsearch\bar\History\search

c:\program files\myglobalsearch\bar\Settings\prevcfg.htm

c:\program files\SAV

c:\windows\system32\AutoRun.inf

c:\windows\system32\Memman.vxd

c:\windows\system32\skinboxer43.dll

D:\Autorun.inf

.

((((((((((((((((((((((((( Pliki utworzone od 2008-11-18 do 2008-12-18 )))))))))))))))))))))))))))))))

.

2008-12-18 19:27 . 2008-12-18 19:27

2008-12-18 17:02 . 2008-12-18 17:02

2008-12-10 21:07 . 2007-07-18 18:47 290,816 --a------ C:\d3d9.dll

2008-12-10 17:08 . 2008-11-21 22:47 120,056 --------- c:\windows\system32\pxcpyi64.exe

2008-12-10 17:07 . 2008-12-10 17:08

2008-12-09 14:03 . 2008-12-09 14:03

2008-12-09 14:03 . 2008-12-09 14:03 9,836 --a------ c:\windows\system32\ealregsnapshot1.reg

2008-12-06 03:02 . 2008-12-06 03:02

2008-12-06 03:02 . 2008-12-16 21:09

2008-12-06 01:06 . 2005-10-19 18:19 1,327,189 --a------ c:\windows\system32\odSupp_M.dll

2008-12-06 01:06 . 2006-12-18 12:35 675,840 --a------ c:\windows\system32\ANIWZCS2.dll

2008-12-06 01:06 . 2006-12-22 18:44 245,760 --a------ c:\windows\system32\wnicapi.dll

2008-12-06 01:06 . 2006-08-28 18:38 241,664 --------- c:\windows\system32\wlanapi.dll

2008-12-06 01:06 . 2006-11-27 18:12 196,608 --a------ c:\windows\system32\WlanApp.dll

2008-12-06 01:06 . 2006-04-07 14:40 184,320 --a------ c:\windows\system32\aIPH.dll

2008-12-06 01:06 . 2005-10-27 08:55 49,152 --a------ c:\windows\system32\JJAKEn.dll

2008-12-06 01:06 . 2005-10-19 18:19 49,152 --a------ c:\windows\system32\AQCKGen.dll

2008-12-06 01:06 . 2006-09-26 13:49 45,115 --a------ c:\windows\system32\ANICtl.dll

2008-12-06 01:06 . 2008-12-18 20:41 6 --a------ c:\windows\system32\ANIWZCSUSERNAME{70AA1AA2-181F-426F-B963-735B57EFA808}

2008-12-06 01:05 . 2008-12-06 01:06

2008-12-01 21:58 . 2008-12-05 23:52 6 --a------ c:\windows\system32\ANIWZCSUSERNAME{C5E38AFE-7B13-45BC-9772-E3E9AA481655}

2008-12-01 20:25 . 2008-12-01 21:40 6 --a------ c:\windows\system32\ANIWZCSUSERNAME{DC685AE8-CC1D-4EB9-9022-79C1AEAE2D97}

2008-12-01 17:46 . 2008-12-01 18:25 6 --a------ c:\windows\system32\ANIWZCSUSERNAME{9434EF20-F961-45D8-8C4D-10F54F4F635C}

2008-11-30 19:13 . 2008-11-30 19:13

2008-11-25 17:59 . 2008-12-01 17:39 46 --a------ c:\windows\adiras.ini

2008-11-21 22:47 . 2008-11-21 22:47 3,596,288 --a------ c:\windows\system32\qt-dx331.dll

2008-11-21 22:47 . 2008-11-21 22:47 524,288 --a------ c:\windows\system32\DivXsm.exe

2008-11-21 22:47 . 2008-11-21 22:47 4,816 --a------ c:\windows\system32\divxsm.tlb

2008-11-21 22:46 . 2008-11-21 22:46 1,044,480 --a------ c:\windows\system32\libdivx.dll

2008-11-21 22:46 . 2008-11-21 22:46 200,704 --a------ c:\windows\system32\ssldivx.dll

2008-11-21 22:44 . 2008-11-21 22:44 161,096 --a------ c:\windows\system32\DivXCodecVersionChecker.exe

2008-11-21 22:44 . 2008-11-21 22:44 12,288 --a------ c:\windows\system32\DivXWMPExtType.dll

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-18 15:05 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2008-12-18 15:05 103,736 ----a-w c:\windows\system32\PnkBstrB.exe

2008-12-11 12:23 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP

2008-12-10 20:48 66,872 ----a-w c:\windows\system32\PnkBstrA.exe

2008-12-09 13:03 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-09 13:03 --------- d-----w c:\program files\Electronic Arts

2008-12-06 16:54 --------- d-----w c:\program files\Gadu-Gadu

2008-12-06 16:28 --------- d-----w c:\program files\EA SPORTS

2008-11-21 21:47 129,784 ------w c:\windows\system32\pxafs.dll

2008-11-21 21:47 118,520 ------w c:\windows\system32\pxinsi64.exe

2008-11-16 17:40 --------- d-----w c:\program files\D-Link

2008-11-12 18:36 682,280 ----a-w c:\windows\system32\pbsvc.exe

2008-11-12 18:13 --------- d-----w c:\program files\Activision

2008-11-09 23:29 --------- d-----w c:\program files\White line for wheels F-1Mania MOD

2008-11-09 21:00 --------- d-----w c:\program files\F-1Mania 2008 Normal physics for v3.8

2008-09-18 21:33 444,952 ----a-w c:\windows\system32\wrap_oal.dll

2008-09-18 21:33 109,080 ----a-w c:\windows\system32\OpenAL32.dll

2008-09-18 21:33 107,888 ----a-w c:\windows\system32\CmdLineExt.dll

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Komunikator"="d:\tlen.pl\tlen.exe" [2008-01-15 6290944]

"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]

"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_15\bin\jusched.exe" [2007-05-22 32881]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]

"D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2006-11-17 1552384]

"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 49152]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"c:\WINDOWS\system32\PnkBstrA.exe"=

"c:\WINDOWS\system32\PnkBstrB.exe"=

"d:\Program Files\Codemasters\GRID\GRID.exe"=

"c:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"=

"c:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"=

"d:\Tlen.pl\tlen.exe"=

"c:\Program Files\Gadu-Gadu\gg.exe"=

"c:\Program Files\BearShare\BearShare.exe"=

"d:\Program Files\EA SPORTS\F-1 Mania 2008\F1 Challenge 2008.exe"=

"c:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"=

"c:\Program Files\Electronic Arts\EADM\Core.exe"=

R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2007-09-17 2560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{0095cfaf-6528-11dc-bf41-806d6172696f}]

\Shell\AutoRun\command - F:\Menu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{026d8389-df14-11dc-a33d-806d6172696f}]

\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{026d838a-df14-11dc-a33d-806d6172696f}]

\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{02be7d89-eba8-11dc-a598-806d6172696f}]

\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{02be7d8a-eba8-11dc-a598-806d6172696f}]

\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{0aced02f-eeb2-11dc-97e7-806d6172696f}]

\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{0aced030-eeb2-11dc-97e7-806d6172696f}]

\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{10787609-67b5-11dc-8172-806d6172696f}]

\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{1e81652f-7288-11dc-a476-806d6172696f}]

\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{2126b189-99db-11dc-b68e-806d6172696f}]

\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{23b919d5-5a5e-11dc-8926-806d6172696f}]

\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{26749009-e92a-11dc-a5eb-806d6172696f}]

\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{2674900a-e92a-11dc-a5eb-806d6172696f}]

\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{3f027009-e79b-11dc-9fa8-806d6172696f}]

\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{3f02700a-e79b-11dc-9fa8-806d6172696f}]

\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{42c2942f-8a36-11dc-9e63-806d6172696f}]

\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{474da489-b25a-11dc-87b8-806d6172696f}]

\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{48c948af-b2f4-11dc-9850-806d6172696f}]

\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{580ac089-99f7-11dc-8691-806d6172696f}]

\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5a521f63-1391-11dd-b796-806d6172696f}]

\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5a521f64-1391-11dd-b796-806d6172696f}]

\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{65753c8a-594a-11dc-b393-0017315a2514}]

\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{6ddf4faf-7054-11dc-9252-806d6172696f}]

\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{6ec03655-5a38-11dc-bf11-806d6172696f}]

\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{797f3725-841d-11dd-aae4-0017315a2514}]

\Shell\AutoRun\command - H:\xih9.cmd

\Shell\explore\Command - H:\xih9.cmd

\Shell\open\Command - H:\xih9.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{845b4209-7bec-11dc-94ad-806d6172696f}]

\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{9c9a05af-eed1-11dc-97ec-806d6172696f}]

\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{9c9a05b0-eed1-11dc-97ec-806d6172696f}]

\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{a61efb63-20e9-11dd-923f-806d6172696f}]

\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{a61efb64-20e9-11dd-923f-806d6172696f}]

\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{a6afd8e3-1916-11dd-9bc1-806d6172696f}]

\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{a6afd8e4-1916-11dd-9bc1-806d6172696f}]

\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{a9003f89-e897-11dc-b328-806d6172696f}]

\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{a9003f8a-e897-11dc-b328-806d6172696f}]

\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b21b082e-5a34-11dc-a3a1-806d6172696f}]

\Shell\AutoRun\command - e:\setup\rsrc\autorun.exe

\Shell\dinstall\command - e:\directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b21b082f-5a34-11dc-a3a1-806d6172696f}]

\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b27829e3-136f-11dd-a09c-806d6172696f}]

\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b27829e4-136f-11dd-a09c-806d6172696f}]

\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b887bc2f-5bbb-11dc-b94d-806d6172696f}]

\Shell\AutoRun\command - F:\Menu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{be7ee42f-e77d-11dc-b857-806d6172696f}]

\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{be7ee430-e77d-11dc-b857-806d6172696f}]

\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{c2879989-f323-11dc-9386-806d6172696f}]

\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{c287998a-f323-11dc-9386-806d6172696f}]

\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{c97ee8af-653e-11dc-985a-806d6172696f}]

\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{ec02ac89-c675-11dc-8540-806d6172696f}]

\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{faa85d2f-9e8d-11dc-a829-806d6172696f}]

\Shell\AutoRun\command - F:\Autorun.exe

*Newly Created Service* - PROCEXP90

.

.

------- Skan uzupełniający -------

.

IE: E&ksport do programu Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Rafał\Dane aplikacji\Mozilla\Firefox\Profiles\q6uu9qf3.default\

FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPJava11.dll

FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPJava12.dll

FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPJava13.dll

FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPJava14.dll

FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPJava32.dll

FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPJPI142_15.dll

FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPOJI610.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyGlSh.dll

FF - plugin: d:\program files\Real Alternative\browser\plugins\nppl3260.dll

FF - plugin: d:\program files\Real Alternative\browser\plugins\nprpjplug.dll

ATTENTION: FIREFOX POLICES IS IN FORCE

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.rights.version", 3);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.rights.3.shown", false);

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-18 20:56:53

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

Czas ukończenia: 2008-12-18 20:58:28

ComboFix-quarantined-files.txt 2008-12-18 19:57:32

Przed: 11,143,585,792 bajtów wolnych

Po: 13,267,333,120 bajtów wolnych

256


(Rafal F19) #4

OK problem zniknął co do otwierania sie dyskow :smiley:


(Leon$) #5

Wylecz pendriva lub kartę pamięci http://www.softpedia.com/get/Security/S ... Tool.shtml

Flash Disinfector http://www.searchengines.pl/index.php?s ... ntry369724

lub format

Otwórz notatnik i wklej

zapisz jako plik.reg >> wszystkie pliki

b57f17008275c957m.jpg

powstanie plik o takiej ikonie

062aec4c9b51c033m.jpg

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

Pobierz CCleaner http://www.filehippo.com/download_ccleaner/

przeskanuj nim i wyczyść rejestr.

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i ... 378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html gdy będą wirusy pokaż raport

:slight_smile:


(JNJN) #6

Proszę zmienić temat na konkretny, opcja EDYTUJ i popraw.JNJN

Poczytaj:

viewtopic.php?f=16&t=253052