Witam Was!

Jak już Wam wiadomo mam problem, z zupełnie dla mnie niewiadomym i jakże wielce uciążliwym SystemDefender (nie wiem czy się poprawnie wyraziłem).

Problem przedstawia się następująco: Po włączeniu komputera po jakimś czasie otwiera się Internet Explorer (warto dodać, że samoistnie, bez mojego w tym udziału) informując mnie o bodajże jakimś spyware na moim komputerze, i oferując przy tym jakieś programy anty-spyware, które są bezużyteczne, gdyż, aby z nich skorzystać trzeba ja kupić… Warto dodać, ze miałem wcześniej problem z spyware, i różnego rodzaju trojanami, na które każdy z nas jest narażony… Co więcej dodać, to uciążliwe okienko otwiera się co równe 30min. Co mnie niesamowicie denerwuje!

Proszę o pomoc! Czekam…

http://www.system-defender.com/freeware … id=37&p=01 tu jeszcze załączam link do prześladującego mnie okienka!

Daj log z -----> ComboFix (niżej na stronie linku).

=============================

K.

Witam spróbuj, start—>uruchom—> wpisz : msconfig

wejdź w uruchamianie i wyłącz to tam, któryś z procesów prawdopodobnie za to odpowiada jak nie wiesz który to daj screena i Ci powiem.

ComboFix 08-08-15.04 - xxxx 2008-08-16 14:06:00.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.607 [GMT 2:00]

Running from: C:\Documents and Settings\xxxx\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\vwsrfton.dll

C:\WINDOWS\wbqxfpgl.dll

.

((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 )))))))))))))))))))))))))))))))

.

2008-08-16 11:06 . 2008-08-16 11:06

2008-08-16 11:06 . 2008-08-16 11:06

2008-08-16 00:17 . 2008-08-16 00:18

2008-08-15 16:35 . 2008-08-15 16:58

2008-08-15 14:04 . 2008-08-15 14:05

2008-08-14 13:45 . 2008-08-14 20:19

2008-08-14 13:45 . 2008-08-14 13:45

2008-08-14 13:45 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-08-14 13:45 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-08-14 13:45 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-08-14 13:45 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-08-13 19:12 . 2008-08-15 11:01

2008-08-13 14:29 . 2008-08-13 19:45

2008-08-13 13:16 . 2008-08-13 11:02 86,016 --a------ C:\WINDOWS\ateqoflr.exe

2008-08-12 11:58 . 2008-08-12 11:58

2008-08-12 11:58 . 2008-08-12 11:58

2008-08-12 11:54 . 2008-08-12 11:57

2008-08-12 11:54 . 2008-08-12 11:54

2008-08-11 20:02 . 2008-08-11 20:02

2008-08-11 14:39 . 2008-08-15 20:30

2008-08-11 11:45 . 2008-08-13 19:50

2008-08-11 11:14 . 2008-08-12 20:41

2008-08-11 11:13 . 2008-08-13 19:50

2008-08-10 12:43 . 2008-08-16 13:51

2008-08-10 12:42 . 2008-08-10 12:42

2008-08-10 12:42 . 2008-08-10 12:42

2008-08-10 11:31 . 2008-08-10 11:31

2008-08-10 11:23 . 2008-08-10 11:23

2008-08-09 12:43 . 2008-08-09 12:43

2008-08-07 13:09 . 2008-08-07 13:09

2008-08-07 12:35 . 2008-08-07 12:35 1,289 --a------ C:\WINDOWS\system32\ff_libfaad2.dll

2008-08-07 12:34 . 2008-08-07 12:34 1,288 --a------ C:\WINDOWS\system32\CoreAVCDecoder.ax

2008-08-07 12:06 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax

2008-08-05 21:13 . 2008-08-05 21:13

2008-08-05 19:10 . 2008-08-05 19:12 5,368 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd

2008-08-03 23:49 . 2008-08-03 23:49

2008-08-03 23:46 . 2008-08-03 23:48

2008-08-02 10:06 . 2008-08-02 10:06 714 --a------ C:\WINDOWS\unins000.dat

2008-08-01 18:54 . 2008-08-01 18:54

2008-08-01 12:50 . 2008-08-14 15:25

2008-08-01 12:50 . 2008-08-01 12:50

2008-07-31 22:43 . 2008-07-31 22:43

2008-07-30 11:13 . 2008-07-30 11:49

2008-07-29 10:30 . 2008-08-05 19:12 2,359,350 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp

2008-07-29 10:30 . 2008-08-05 19:12 71,033 --a------ C:\WINDOWS\BricoPackUninst.cmd

2008-07-29 10:29 . 2008-08-05 19:10

2008-07-28 00:16 . 2008-07-28 00:16

2008-07-28 00:04 . 2008-07-28 00:04

2008-07-27 10:46 . 2008-07-27 10:46 221 --a------ C:\WINDOWS\NCLogConfig.ini

2008-07-26 21:08 . 2008-07-26 21:08

2008-07-26 21:07 . 2008-08-06 11:52

2008-07-26 20:54 . 2008-07-26 21:04

2008-07-26 20:51 . 2008-08-14 19:42

2008-07-26 20:50 . 2008-08-16 14:06

2008-07-26 20:50 . 2008-07-26 20:50

2008-07-26 20:50 . 2008-07-16 04:45

2008-07-26 20:50 . 2008-08-15 17:04

2008-07-26 20:50 . 2008-08-15 16:59

2008-07-26 20:50 . 2008-07-26 21:07

2008-07-26 20:50 . 2008-08-15 16:32

2008-07-26 20:50 . 2008-08-15 16:35

2008-07-26 20:50 . 2008-08-14 10:15

2008-07-25 17:29 . 2008-07-25 17:29 2,495,290 --a------ C:\WINDOWS\system32\ds.wav

2008-07-22 13:27 . 2008-07-22 13:27

2008-07-22 13:27 . 2008-07-22 13:27 23 --a------ C:\WINDOWS\system32\accdf8_z.ocx

2008-07-22 01:31 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2008-07-22 01:19 . 2008-08-12 11:59

2008-07-21 13:40 . 2008-07-22 01:29

2008-07-21 00:00 . 2008-07-21 00:00

2008-07-20 20:33 . 2008-07-20 21:36 50 --a------ C:\WINDOWS\MegaManager.INI

2008-07-20 20:18 . 2008-07-20 20:18

2008-07-20 19:31 . 2008-07-20 19:31

2008-07-20 09:57 . 2008-07-20 09:58

2008-07-19 16:18 . 2008-04-14 22:50 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-07-19 16:18 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2008-07-18 18:30 . 2008-08-10 11:32

2008-07-18 12:48 . 2008-07-18 12:54

2008-07-18 10:44 . 2008-07-19 16:43

2008-07-17 23:36 . 2008-07-17 23:36

2008-07-16 17:58 . 2008-06-14 19:36 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-07-16 17:58 . 2008-06-14 19:36 273,024 -----c— C:\WINDOWS\system32\dllcache\bthport.sys

2008-07-16 17:24 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-07-16 14:30 . 2008-08-16 11:18

2008-07-16 14:30 . 2008-07-16 14:30 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat

2008-07-16 14:22 . 2008-08-10 12:42

2008-07-16 13:31 . 2008-07-27 10:46

2008-07-16 13:31 . 2006-04-12 12:04 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys

2008-07-16 13:31 . 2006-04-12 12:04 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys

2008-07-16 13:30 . 2008-08-16 00:29

2008-07-16 13:25 . 2008-07-16 13:25

2008-07-16 13:24 . 2008-07-16 13:24

2008-07-16 13:23 . 2008-07-16 13:23

2008-07-16 13:23 . 2008-07-16 13:23

2008-07-16 13:21 . 2008-07-16 13:32 120,185 --a------ C:\WINDOWS\hpoins11.dat

2008-07-16 13:19 . 2008-07-16 13:19

2008-07-16 13:18 . 2008-08-06 19:45

2008-07-16 13:14 . 2008-08-01 12:16

2008-07-16 13:00 . 2006-01-03 19:12 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll

2008-07-16 13:00 . 2006-04-10 14:03 48,128 --a------ C:\WINDOWS\system32\hpzll054.dll

2008-07-16 13:00 . 2008-04-14 00:15 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-07-16 13:00 . 2008-04-14 00:15 15,104 --a–c— C:\WINDOWS\system32\dllcache\usbscan.sys

2008-07-16 12:59 . 2008-07-16 12:59

2008-07-16 12:59 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe

2008-07-16 12:59 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll

2008-07-16 12:59 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll

2008-07-16 12:59 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll

2008-07-16 12:59 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe

2008-07-16 12:59 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe

2008-07-16 12:59 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll

2008-07-16 12:58 . 2008-04-14 00:17 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-07-16 12:58 . 2008-04-14 00:17 25,856 --a–c— C:\WINDOWS\system32\dllcache\usbprint.sys

2008-07-16 12:48 . 2008-04-14 00:15 26,368 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys

2008-07-16 12:42 . 2008-07-16 12:42

2008-07-16 12:42 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-07-16 12:39 . 2008-07-16 12:39

2008-07-16 12:24 . 2008-07-16 12:24 0 --a------ C:\WINDOWS\nsreg.dat

2008-07-16 11:49 . 2008-07-16 11:49

2008-07-16 11:18 . 2008-07-16 11:18 16 --a------ C:\WINDOWS\system32\coh.cache

2008-07-16 08:31 . 2008-07-16 11:21

2008-07-16 08:30 . 2008-07-16 11:21

2008-07-16 06:43 . 2008-07-16 06:43 4,444 --a------ C:\WINDOWS\system32\pid.PNF

2008-07-16 06:43 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

2008-07-16 06:42 . 2008-04-14 23:35 58,880 --a------ C:\WINDOWS\system32\drivers\redbook.sys

2008-07-16 06:42 . 2008-04-15 00:50 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-07-16 06:41 . 2008-04-15 00:50 77,312 --a------ C:\WINDOWS\system32\usbui.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-29 08:30 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll

2008-07-25 13:46 --------- d-----w C:\Program Files\Windows Media Connect 2

2008-07-25 09:34 15,600 ----a-w C:\WINDOWS\gdrv.sys

2008-07-25 08:34 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-07-25 08:34 683,520 ----a-w C:\WINDOWS\system32\divx.dll

2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-07-20 19:36 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-07-16 02:57 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-07-16 02:57 --------- d-----w C:\Program Files\Realtek

2008-07-16 02:57 --------- d-----w C:\Program Files\DIFX

2008-07-16 02:57 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-07-16 02:54 --------- d-----w C:\Program Files\Yahoo!

2008-07-16 02:54 --------- d-----w C:\Documents and Settings\xxxx\Dane aplikacji\InstallShield

2008-07-16 02:48 --------- d-----w C:\Program Files\microsoft frontpage

2008-07-16 02:47 --------- d-----w C:\Program Files\Usługi online

2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-20 17:48 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

.

------- Sigcheck -------

2008-04-23 09:20 826368 e1c03d3bba5fed8c37df83a57890978d C:\WINDOWS\SoftwareDistribution\Download\4dae9b80f58747655fdf525a02067be3\SP2GDR\wininet.dll

2008-04-23 06:21 827392 dfbdc6023a541f5a9558336fec15c75a C:\WINDOWS\SoftwareDistribution\Download\4dae9b80f58747655fdf525a02067be3\SP2QFE\wininet.dll

2008-06-23 18:42 826368 15c09e8a74a0988fb2f24eff9d68d886 C:\WINDOWS\SoftwareDistribution\Download\ab9d78b03b368d8b59723db13556e0cc\SP2GDR\wininet.dll

2008-06-23 17:41 827904 e02939ebf940d5eb274903f58154dc56 C:\WINDOWS\SoftwareDistribution\Download\ab9d78b03b368d8b59723db13556e0cc\SP2QFE\wininet.dll

2008-04-25 16:08 809472 f284a6225a3057a1e19985e1d4b47ada C:\WINDOWS\system32\wininet.dll

2008-04-25 16:08 809472 f284a6225a3057a1e19985e1d4b47ada C:\WINDOWS\system32\dllcache\wininet.dll

2008-04-15 00:51 977408 f042e3426d45d86d9bb55f6a79ab441a C:\WINDOWS\explorer.exe

2008-04-15 00:51 977408 f042e3426d45d86d9bb55f6a79ab441a C:\WINDOWS\system32\dllcache\explorer.exe

2007-07-30 19:19 68440 84d9a61860272d6177d46c86b8431557 C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 68440 84d9a61860272d6177d46c86b8431557 C:\WINDOWS\system32\dllcache\wuauclt.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2008-04-15 00:51 15360]

“FreeRAM XP”=“C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe” [2006-03-23 00:13 1591808]

“Odkurzacz-MCD”=“D:\Program Files\Odku\Odkurzacz\odk_mcd.exe” [2008-03-03 14:44 266240]

“RocketDock”=“C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe” [2007-03-19 00:05 630784]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2008-04-14 22:51 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2005-06-15 11:20 6803456]

“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2005-06-15 11:20 86016]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 04:27 144784]

“WinampAgent”=“D:\Winamp\winampa.exe” [2008-07-09 23:33 36352]

“HP Software Update”=“D:\HP Software Update\HPWuSchd2.exe” [2006-02-19 02:41 49152]

“WebAccelerator”=“C:\Program Files\Web Accelerator\webxl.exe” [2005-08-27 05:16 98304]

“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 00:47 31016]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-07-19 16:38 78008]

“RTHDCPL”=“RTHDCPL.EXE” [2007-07-05 10:08 16380416 C:\WINDOWS\RTHDCPL.exe]

“nwiz”=“nwiz.exe” [2005-06-15 11:20 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2008-04-15 00:51 15360]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

“nltide_2”=“shell32” [X]

C:\Documents and Settings\xxxx\Menu Start\Programy\Autostart\

RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]

TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536]

UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 09:43:08 180224]

Y’z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 09:43:14 155648]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

HP Digital Imaging Monitor.lnk - D:\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“vidc.I420”= i263_32.drv

“VIDC.YV12”= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

“wscsvc”=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusDisableNotify”=dword:00000001

“UpdatesDisableNotify”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“%windir%\system32\sessmgr.exe”=

“D:\Digital Imaging\bin\hpqtra08.exe”=

“D:\Digital Imaging\bin\hpqste08.exe”=

“D:\Digital Imaging\bin\hpofxm08.exe”=

“D:\Digital Imaging\bin\hposfx08.exe”=

“D:\Digital Imaging\bin\hposid01.exe”=

“D:\Digital Imaging\bin\hpqscnvw.exe”=

“D:\Digital Imaging\bin\hpqkygrp.exe”=

“D:\Digital Imaging\bin\hpqCopy.exe”=

“D:\Digital Imaging\bin\hpfccopy.exe”=

“D:\Digital Imaging\bin\hpzwiz01.exe”=

“D:\Digital Imaging\bin\hpoews01.exe”=

“D:\Digital Imaging\bin\hpqnrs08.exe”=

“C:\Program Files\Ares\Ares.exe”=

“D:\Program Files\BearShare\BearShare.exe”=

“D:\Gadu-Gadu\gg.exe”=

“C:\Program Files\Bonjour\mDNSResponder.exe”=

“C:\Program Files\BitComet\BitComet.exe”=

“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=

“C:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=

“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=

“C:\Program Files\Skype\Phone\Skype.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“10598:TCP”= 10598:TCP:BitComet 10598 TCP

“10598:UDP”= 10598:UDP:BitComet 10598 UDP

“21958:TCP”= 21958:TCP:BitComet 21958 TCP

“21958:UDP”= 21958:UDP:BitComet 21958 UDP

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]

S3 axsaki;axsaki;C:\WINDOWS\system32\DRIVERS\axsaki.sys [2003-03-30 21:38]

S3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys [2003-03-28 11:58]

*Newly Created Service* - CATCHME

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\xxxx\Dane aplikacji\Mozilla\Firefox\Profiles\dhxzle6t.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl/

FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-16 14:07:01

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-08-16 14:07:41

ComboFix-quarantined-files.txt 2008-08-16 12:07:29

Pre-Run: 40,999,002,112 bajtów wolnych

Post-Run: 40,999,985,152 bajtów wolnych

279 — E O F — 2008-08-16 11:04:25

I co dalej?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:36:57, on 2008-08-16

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

D:\Winamp\winampa.exe

D:\HP Software Update\HPWuSchd2.exe

C:\Program Files\Web Accelerator\webxl.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\Program Files\Messenger\msmsgs.exe

D:\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

D:\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”

O4 - HKLM…\Run: [WinampAgent] D:\Winamp\winampa.exe

O4 - HKLM…\Run: [HP Software Update] D:\HP Software Update\HPWuSchd2.exe

O4 - HKLM…\Run: [WebAccelerator] “C:\Program Files\Web Accelerator\webxl.exe”

O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [FreeRAM XP] “C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe” -win

O4 - HKCU…\Run: [Odkurzacz-MCD] D:\Program Files\Odku\Odkurzacz\odk_mcd.exe

O4 - HKCU…\Run: [RocketDock] “C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe”

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-19…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-20…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS\S-1-5-18…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - HKUS.DEFAULT…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘Default user’)

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

O4 - Startup: Y’z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

–

End of file - 8681 bytes

No! Nareszcie! Już sobie poradziłem!! Okienka nie ma! I mam nadzieje, że już nie będzie! Wielkie dzięki za pomoc!