Podejrzewam Trojana Vundo


(Ksysiuw) #1

Wyskakują mi różne okienka z niby programami antywirusowymi. Co mam robić??


(Lost World) #2

bez_pseudonimu może byś się tak zapytał , co wyskakuje , jaki komunikat , jaka treść komunikatu , jaki system? , jaki rodzaj komunikatu :-s

Te pytania kieruje również do ksysiuw


(Gutek) #3

Daj log z HJT + Silenta - http://forum.dobreprogramy.pl/viewtopic.php?t=36654


(Ksysiuw) #4
Logfile of HijackThis v1.99.1

Scan saved at 20:23:44, on 2007-11-25

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\windows\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\windows\system32\spoolsv.exe

C:\windows\system32\RUNDLL32.EXE

C:\windows\RTHDCPL.EXE

C:\WINDOWS\system32\LXSUPMON.EXE

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\lg_fwupdate\fwupdate.exe

C:\Program Files\BearShare\BearShare.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\SiteAdvisor\6172\SiteAdv.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\YourPrivacyGuard\mc.exe

C:\Program Files\Last.fm\LastFMHelper.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\windows\system32\nvsvc32.exe

C:\Program Files\SiteAdvisor\6172\SAService.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\UAService7.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\windows\system32\svchost.exe

C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Krzys\Pulpit\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll

O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)

O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll

O2 - BHO: MSVPS System - {F675EED8-4A4B-4A11-801B-08297749B83D} - C:\windows\oprevnpx.dll

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll

O3 - Toolbar: The bonsws - {05E9894E-9C5F-454B-A6E1-7BEF518EC87E} - C:\windows\bonsws.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Transparent] C:\Program Files\TweakNow PowerPack 2006\Transparent.exe 200

O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe

O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\YourPrivacyGuard\mc.exe" dm=http://yourprivacyguard.com ad=http://yourprivacyguard.com sd=http://ilp.yourprivacyguard.com

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [DesktopIconToy] C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe

O4 - HKCU\..\Run: [Salestart] "C:\Program Files\Common Files\YourPrivacyGuard\mc.exe" dm=http://yourprivacyguard.com ad=http://yourprivacyguard.com sd=http://ilp.yourprivacyguard.com

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: ddkret - {AF680DC9-DA21-4CD5-BAEF-0545AF457F78} - C:\windows\ddkret.dll

O21 - SSODL: nopctrl - {1BCBF7DC-8832-441A-A0B9-A84E4550B079} - C:\windows\nopctrl.dll (file missing)

O21 - SSODL: msmdev - {A0FE2168-6D1D-4162-9143-812640BBD1CA} - C:\windows\msmdev.dll (file missing)

O21 - SSODL: msmhost - {27BAEEA8-FA33-4151-B685-3DA5D78E8E56} - C:\windows\msmhost.dll (file missing)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\MAGIX\Common\Database\bin\fbserver.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe

O23 - Service: Usługa SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

(Gutek) #5

Najpierw automat -

Daj log z ComboFix


(Ksysiuw) #6


(Gutek) #7

Wklej do Notatnika:

>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku -->88953CFScript-createdbyMiekiemoes.gif

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: **** Qoobox.

Po tym nowy log z Combo


(Ksysiuw) #8


(Gutek) #9

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.


(Ksysiuw) #10

I to już wszystko??


(Arekmalek) #11

daj nowy log


(Ksysiuw) #12

ComboFix 07-11-19.4 - Krzys 2007-11-27 17:54:27.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.488 [GMT 1:00]

Running from: C:\Documents and Settings\Krzys\Pulpit\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 )))))))))))))))))))))))))))))))

.

2007-11-26 21:14

2007-11-24 22:43

2007-11-24 21:04

2007-11-17 10:04

2007-11-16 19:14

2007-11-13 17:31

2007-11-11 19:33

2007-11-11 19:33

2007-11-11 19:20

2007-11-11 18:39

2007-11-10 14:59

2007-11-02 20:35

2007-11-02 13:59

2007-11-02 13:59

2007-11-02 13:59

2007-11-02 10:08

2007-11-02 10:08

2007-11-02 10:07

2007-11-02 10:04

2007-10-28 19:40

2007-10-28 19:30 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl

2007-10-28 19:29

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-27 15:47 --------- d-----w C:\Program Files\lg_fwupdate

2007-11-17 18:11 --------- d-----w C:\Documents and Settings\Krzys\Dane aplikacji\SiteAdvisor

2007-11-16 19:43 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-11-15 17:16 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\SiteAdvisor

2007-11-03 18:05 98,304 ----a-w C:\windows\system32\CmdLineExt.dll

2007-11-02 09:44 --------- d-----w C:\Program Files\City Interactive

2007-11-02 09:35 --------- d-----w C:\Program Files\Windows Media Connect 2

2007-11-02 09:17 --------- d-----w C:\Program Files\Winamp

2007-11-02 09:15 --------- d-----w C:\Program Files\AtomixMP3

2007-11-01 21:37 --------- d-----w C:\Program Files\Sony Ericsson

2007-11-01 12:39 --------- d-----w C:\Documents and Settings\Krzys\Dane aplikacji\Vso

2007-10-28 18:30 --------- d-----w C:\Program Files\Common Files\InstallShield

2007-10-25 18:04 --------- d-----w C:\Documents and Settings\Krzys\Dane aplikacji\InstallShield

2007-10-20 09:09 --------- d-----w C:\Documents and Settings\Krzys\Dane aplikacji\Azureus

2007-10-20 07:52 --------- d-----w C:\Program Files\BearShare

2007-10-19 17:41 --------- d-----w C:\Program Files\NAPI-PROJEKT

2007-10-19 17:25 --------- d-----w C:\Program Files\MobiRise 3GP Converter Komputer Swiat Edition

2007-10-18 17:32 --------- d-----w C:\Program Files\Winamp Toolbar

2007-10-18 17:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar

2007-10-18 16:05 --------- d-----w C:\Program Files\Universal Interactive

2007-10-17 17:24 --------- d-----w C:\Program Files\Gimnazjum klasa 1 - Planeta Nowa

2007-10-17 17:24 --------- d-----w C:\Program Files\Common Files\YDP

2007-10-17 16:33 --------- d-----w C:\Documents and Settings\Krzys\Dane aplikacji\Hamachi

2007-10-16 15:22 25,544 ----a-w C:\windows\system32\drivers\hamachi.sys

2007-10-11 16:09 --------- d-----w C:\Documents and Settings\Krzys\Dane aplikacji\BearShare

2007-10-08 16:58 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Last.fm

2007-10-08 16:56 --------- d-----w C:\Program Files\Last.fm

2007-10-06 10:07 --------- d-----w C:\Program Files\DFX

2007-10-06 10:07 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\DFX

2007-10-03 18:59 --------- d-----w C:\Program Files\Gimnazjum - Chemia Nowej Ery 1

2007-10-02 15:00 --------- d-----w C:\Program Files\Mozilla Thunderbird

2007-10-01 18:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Elaborate Bytes

2007-09-06 10:09 801,144 ----a-w C:\windows\system32\aswBoot.exe

2007-09-06 10:00 95,608 ----a-w C:\windows\system32\AvastSS.scr

2007-08-30 13:08 47,104 ----a-w C:\windows\system32\KMVIDC32.DLL

2007-08-01 10:21 47,360 ----a-w C:\Documents and Settings\Krzys\Dane aplikacji\pcouffin.sys

2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2006-02-10 20:40]

"DesktopIconToy"="C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe" []

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:44 C:\WINDOWS\system32\rundll32.exe]

"nwiz"="nwiz.exe" [2005-12-09 20:06 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:44 C:\WINDOWS\system32\rundll32.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 17:44 C:\WINDOWS\RTHDCPL.exe]

"LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.exe" [2002-07-08 15:49]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]

"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]

"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-11-02 07:55]

"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2005-04-12 10:11]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]

"Transparent"="C:\Program Files\TweakNow PowerPack 2006\Transparent.exe" []

"BearShare"="C:\Program Files\BearShare\BearShare.exe" [2006-08-01 16:04]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15]

"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-03-30 16:42]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-23 13:19]

"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" []

"WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" []

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-01-25 21:20:48]

Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-10-08 17:56:44]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 10:15:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRecentDocsHistory"= 0 (0x0)

"MaxRecentDocs"= 11 (0xb)

"NoStartMenuMFUprogramsList"= 0 (0x0)

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\windows\system32\drivers\sfsync03.sys

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe

S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\windows\system32\DRIVERS\KS-959.sys

S3 Maplom;Maplom;C:\windows\system32\drivers\Maplom.sys

S3 SER120;OTI Serial port driver;C:\windows\system32\DRIVERS\SER120.sys

S3 sony_ssm.sys;sony_ssm.sys;\??\C:\DOCUME~1\Krzys\USTAWI~1\Temp\sony_ssm.sys

.

Contents of the 'Scheduled Tasks' folder

"2007-10-15 20:12:01 C:\windows\Tasks\AppleSoftwareUpdate.job"

  • C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-27 17:56:50

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

.

Completion time: 2007-11-27 17:58:04

C:\ComboFix2.txt ... 2007-11-26 20:59

C:\ComboFix3.txt ... 2007-11-26 20:54

.

--- E O F ---


(Gutek) #13

Powinno być Ok