Prośba o sprawdzenie loga


(Crazolqa3) #1

samoczynne restarty kompa,ciągle błędy explorera,znikający pasek zadań,problem z właczeniem aktualizacji automatycznych systemu,ogólnie coś niedobrego siedzi w systemie,podaję log z hijackthis I prosze wielce o jego sprawdzenie [-o<


(pycia14) #2

Log?


(Crazolqa3) #3

przepraszam juz podaje

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:35:40, on 2008-07-03

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20815)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WLAN\WConfig\WConfig.exe

C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

C:\Program Files\Opera\opera.exe

C:\Program Files\Tlen.pl\tlen.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {58C592FD-D167-42E0-A70E-61570452C7F3} - C:\WINDOWS\system32\vtUomjHw.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: WinView plugin - {8AE578E0-6DF5-41E0-869F-F65A32D2F6BD} - C:\WINDOWS\system32\domview.dll (file missing)

O2 - BHO: (no name) - {BE7E4CE1-8CBA-44A6-956F-462A667D3286} - (no file)

O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)

O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM..\Run: [bM237199a2] "Rundll32.exe" "C:\WINDOWS\system32\nhccatlh.dll",s

O4 - HKLM..\Run: [2042aa3e] "rundll32.exe" "C:\WINDOWS\system32\dwyflytv.dll",b

O4 - HKLM..\Run: [Tweak UI] "RUNDLL32.EXE" TWEAKUI.CPL,TweakMeUp

O4 - HKLM..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

O4 - HKLM..\Run: [bearShare] "D:\BearShare\BearShare.exe" /pause

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-20..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WConfig.lnk = ?

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP Premium\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP Premium\dapextie2.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3800073968

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: mlJBRLdd - C:\WINDOWS\

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Strażnik AntiVirus (AVKWCtl) - Unknown owner - C:\Program Files\G DATA AntiVirus Trial\AVK\AVKWCtl.exe (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--

End of file - 7096 bytes


(Spandau) #4

Usuń te wpisy w HJT

Uruchom HijackThis - Do a system scan only - w oknie programu pokaże się log >> zaznacz kratki przy podanych wpisach - klikasz Fix checked

Pobierz Combofix ale nie uruchamiaj wklej do notatnika:

Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe

Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum

Usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.


(Crazolqa3) #5

ComboFix 08-07-02.5 - AsmaX 2008-07-03 17:08:08.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.69 [GMT 2:00]

Running from: C:\Documents and Settings\AsmaX\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\AsmaX\Pulpit\CFScript.txt

* Created a new restore point

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

FILE ::

C:\WINDOWS\system32\dwyflytv.dll

C:\WINDOWS\system32\nhccatlh.dll

C:\WINDOWS\system32\vtUomjHw.dll

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\BM237199a2.txt

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\ddcYPfdC.dll

C:\WINDOWS\system32\dwyflytv.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\vtUomjHw.dll

C:\WINDOWS\system32\vtylfywd.ini

C:\WINDOWS\system32\wHjmoUtv.ini

C:\WINDOWS\system32\wHjmoUtv.ini2

C:\WINDOWS\system32\yftrtenf.ini

.

((((((((((((((((((((((((( Files Created from 2008-06-03 to 2008-07-03 )))))))))))))))))))))))))))))))

.

2008-07-03 14:14 . 2008-07-03 14:14

2008-07-03 14:14 . 2008-07-03 14:14

2008-07-03 14:14 . 2008-07-03 14:14

2008-07-03 14:14 . 2008-07-03 14:14

2008-07-03 14:14 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll

2008-07-03 14:14 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys

2008-07-03 14:14 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys

2008-07-03 14:14 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys

2008-07-03 14:14 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys

2008-07-03 14:02 . 2008-07-03 14:02

2008-07-03 09:39 . 2008-07-03 09:39 11,776 --a------ C:\WINDOWS\KeyGen.exe

2008-07-02 16:17 . 2008-07-02 16:17

2008-07-02 16:17 . 2008-07-02 16:17

2008-07-02 09:59 . 2008-07-02 09:59 45,768 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys

2008-07-02 09:59 . 2008-07-02 09:59 32,072 --a------ C:\WINDOWS\system32\drivers\HookCentre.sys

2008-07-02 09:47 . 2008-07-02 10:02

2008-07-02 09:47 . 2008-07-02 09:47

2008-07-02 09:41 . 2008-07-02 09:41 37,888 --a------ C:\WINDOWS\system32\rar.exe

2008-07-02 08:28 . 2008-07-03 16:49

2008-07-01 18:58 . 2008-07-02 17:37 110,498 --a------ C:\WINDOWS\BM237199a2.xml

2008-07-01 18:52 . 2008-02-07 17:10

2008-07-01 13:12 . 2008-07-01 13:12

2008-06-30 21:53 . 2008-07-01 19:01

2008-06-30 21:36 . 2008-06-30 21:36 17,624 --ah----- C:\WINDOWS\system32\mlfcache.dat

2008-06-29 18:38 . 2008-06-29 18:38

2008-06-29 18:33 . 2008-06-30 08:31

2008-06-29 17:25 . 2008-06-29 17:55

2008-06-26 20:25 . 2008-06-26 20:53 1,034 --a------ C:\WINDOWS\VPlayer.INI

2008-06-26 20:24 . 2008-06-26 20:24

2008-06-26 20:20 . 2008-06-30 07:59

2008-06-26 11:03 . 2008-06-26 11:03 538 --a------ C:\WINDOWS\eReg.dat

2008-06-26 09:56 . 1998-01-23 14:15 304,640 --a------ C:\WINDOWS\IsUn0415.exe

2008-06-25 17:28 . 2008-06-25 17:28

2008-06-25 17:22 . 2008-06-25 17:29

2008-06-19 12:31 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-06-19 12:31 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-06-19 10:22 . 2008-06-19 10:22 32 --a------ C:\WINDOWS\go

2008-06-18 19:52 . 2008-06-18 19:52 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-06-18 16:32 . 2008-06-18 16:32

2008-06-17 18:41 . 2008-06-17 18:41

2008-06-17 18:24 . 2008-07-02 08:56

2008-06-17 18:24 . 2008-06-17 18:24

2008-06-14 11:30 . 2008-06-14 11:30

2008-06-14 07:46 . 2008-06-14 07:51

2008-06-14 07:46 . 2007-11-22 16:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx

2008-06-13 14:43 . 2008-06-13 14:43

2008-06-13 07:36 . 2008-06-13 07:36

2008-06-12 18:50 . 2008-06-12 18:52

2008-06-12 17:25 . 2008-06-12 17:48

2008-06-12 17:25 . 2008-06-12 17:25

2008-06-12 17:20 . 2008-06-26 09:23

2008-06-12 16:26 . 2001-08-17 21:49 26,624 --a------ C:\WINDOWS\system32\drivers\irstusb.sys

2008-06-12 16:26 . 2001-08-17 21:49 26,624 --a--c--- C:\WINDOWS\system32\dllcache\irstusb.sys

2008-06-11 21:10 . 2008-06-11 21:10

2008-06-11 14:42 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-06-11 14:41 . 2008-06-14 19:36 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-11 02:07 . 2008-06-11 02:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-06-11 02:07 . 2008-06-11 02:07 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe

2008-06-11 02:07 . 2008-06-11 02:07 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb

2008-06-11 02:04 . 2008-06-11 02:04 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll

2008-06-11 02:04 . 2008-06-11 02:04 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

2008-06-10 22:42 . 2008-07-02 10:46

2008-06-10 18:56 . 2008-06-10 18:56 34,312 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys

2008-06-10 18:48 . 2008-06-10 18:48 53,256 --a------ C:\WINDOWS\system32\drivers\easdrv.sys

2008-06-10 18:47 . 2008-06-10 18:47 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys

2008-06-08 13:20 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-06-08 12:26 . 2008-06-08 13:19

2008-06-08 12:16 . 2008-06-08 12:16

2008-06-03 16:46 . 2008-06-03 16:46

2008-06-03 16:46 . 2008-06-03 16:52

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-03 14:52 --------- d-----w C:\Program Files\Torrent Master

2008-07-03 12:28 --------- d-----w C:\Program Files\DivX

2008-07-03 12:21 --------- d-----w C:\Program Files\ffdshow

2008-07-03 12:07 --------- d-----w C:\Program Files\Real Alternative

2008-07-03 08:59 --------- d-----w C:\Program Files\Odkurzacz

2008-07-03 08:44 --------- d-----w C:\Documents and Settings\AsmaX\Dane aplikacji\Azureus

2008-07-03 07:47 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-07-03 06:28 --------- d-----w C:\Program Files\JetAudio

2008-07-02 07:48 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-07-01 17:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-07-01 17:14 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec

2008-06-19 11:56 --------- d-----w C:\Program Files\Common Files\Adobe

2008-06-18 14:38 --------- d-----w C:\Program Files\Opera

2008-06-18 14:29 --------- d-----w C:\Documents and Settings\AsmaX\Dane aplikacji\Skype

2008-06-16 19:02 --------- d-----w C:\Documents and Settings\AsmaX\Dane aplikacji\Tlen.pl

2008-06-14 17:36 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-14 05:35 --------- d-----w C:\Program Files\eSkiMoS R2

2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

2008-06-12 16:53 --------- d-----w C:\Program Files\ACE Mega CoDecS Pack

2008-06-02 14:03 --------- d-----w C:\Documents and Settings\AsmaX\Dane aplikacji\eSkiMoS R2

2008-05-31 15:14 --------- d-----w C:\Program Files\Skype

2008-05-31 15:14 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype

2008-05-31 15:13 --------- d-----w C:\Program Files\Common Files\Skype

2008-05-28 09:33 --------- d-----w C:\Program Files\DAP Premium

2008-05-28 08:58 --------- d-----w C:\Documents and Settings\AsmaX\Dane aplikacji\Symantec

2008-05-24 16:10 --------- d-----w C:\Program Files\Mobile Action

2008-05-24 06:40 --------- d-----w C:\Documents and Settings\AsmaX\Dane aplikacji\SecondLife

2008-05-23 14:52 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Azureus

2008-05-23 14:18 --------- d-----w C:\Documents and Settings\AsmaX\Dane aplikacji\COWON

2008-05-23 14:17 --------- d-----w C:\Program Files\Common Files\COWON

2008-05-23 14:12 --------- d-----w C:\Program Files\XP Codec Pack

2008-05-23 14:10 --------- d-----w C:\Program Files\QT Lite

2008-05-23 14:10 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer

2008-05-23 14:04 98,304 ----a-w C:\WINDOWS\system32\qttask.exe

2008-05-23 13:57 --------- d-----w C:\Documents and Settings\AsmaX\Dane aplikacji\Gadu-Gadu

2008-05-23 13:55 --------- d-----w C:\Program Files\Tlen.pl

2008-05-23 13:32 --------- d-----w C:\Program Files\WLAN

2008-05-23 13:28 --------- d-----w C:\Program Files\Analog Devices

2008-05-23 13:07 --------- d-----w C:\Program Files\microsoft frontpage

2008-05-23 13:04 --------- d-----w C:\Program Files\Usługi online

2008-05-23 13:01 --------- d-----w C:\Program Files\Windows Media Connect 2

2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2008-05-13 01:53 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys

2008-05-13 01:53 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-05-13 01:53 129,784 ------w C:\WINDOWS\system32\pxafs.dll

2008-05-13 01:53 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe

2008-05-13 01:53 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe

2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 05:12 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-23 04:21 827,392 ----a-w C:\WINDOWS\system32\wininet.dll

2008-04-14 21:16 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 20:56 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 20:52 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll

2008-04-14 20:52 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll

2008-04-14 20:52 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll

2008-04-14 20:52 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll

2008-04-14 20:50 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll

2008-04-14 20:49 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll

2008-04-14 20:48 5,632 ----a-w C:\WINDOWS\system32\wmi.dll

2008-04-14 20:48 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll

2008-04-14 20:47 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll

2008-04-14 20:47 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll

2008-04-14 20:43 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll

2008-04-14 20:42 3,584 ----a-w C:\WINDOWS\system32\msafd.dll

2008-04-14 20:36 3,584 ----a-w C:\WINDOWS\system32\icmp.dll

2008-04-14 20:35 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll

2008-04-14 20:35 569,856 ----a-w C:\WINDOWS\system32\gpedit.dll

2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll

2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll

2008-04-14 20:33 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll

2008-04-14 20:31 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll

2008-04-14 20:30 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll

2008-04-14 20:00 2,190,336 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 19:59 2,067,200 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-14 19:55 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 19:52 89,600 ----a-w C:\WINDOWS\system32\msxml6r.dll

2008-04-14 19:50 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll

2008-04-14 19:45 49,664 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 19:43 563,200 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 19:37 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 19:35 67,584 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-14 19:35 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-13 22:15 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys

2008-04-13 22:13 9,728 ------w C:\WINDOWS\system32\comsdupd.exe

2008-04-13 22:13 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe

2008-04-13 22:10 427,008 ----a-w C:\WINDOWS\system32\xpob2res.dll

2008-04-13 22:08 2,953,216 ----a-w C:\WINDOWS\system32\xpsp2res.dll

2008-04-13 22:05 194,560 ----a-w C:\WINDOWS\system32\xpsp1res.dll

2008-04-13 22:01 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll

2008-04-13 22:00 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll

2008-04-13 21:07 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll

2008-04-13 21:07 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll

2008-04-13 20:56 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll

2008-04-13 20:56 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll

2008-04-13 20:51 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll

2008-04-13 20:18 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll

2008-04-13 20:15 216,064 ----a-w C:\WINDOWS\system32\moricons.dll

2008-04-13 19:53 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll

2008-04-13 19:09 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll

2007-11-24 20:46 251,392 ----a-w C:\Program Files\opera\program\plugins\dapop.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:51 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168]

"BearShare"="D:\BearShare\BearShare.exe" [2008-06-14 08:15 9887744]

"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

"Tweak UI"="TWEAKUI.CPL" [2003-03-25 05:49 106544 C:\WINDOWS\system32\tweakui.cpl]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 22:51 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

WConfig.lnk - C:\Program Files\WLAN\WConfig\WConfig.exe [2008-05-23 15:32:01 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.iac2"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax

"msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm

"vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll

"vidc.yvu9"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll

"vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll

"vidc.yuy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll

"vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll

"msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm

"msacm.avis"= ff_acm.acm

"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\Program Files\Gadu-Gadu\gg.exe"=

"D:\bearshare\BearShare.exe"=

"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"=

"C:\Program Files\Tlen.pl\tlen.exe"=

"C:\Program Files\Opera\opera.exe"=

"C:\WINDOWS\system32\sessmgr.exe"=

"C:\Program Files\Skype\Phone\Skype.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]

R3 RT2400PCI;802.11b WLAN PCI;C:\WINDOWS\system32\DRIVERS\RT2400.sys [2003-10-31 09:47]

S2 AVKWCtl;Strażnik AntiVirus;C:\Program Files\G DATA AntiVirus Trial\AVK\AVKWCtl.exe []

S3 GDMnIcpt;GDMnIcpt;C:\WINDOWS\system32\drivers\MiniIcpt.sys [2008-07-02 09:59]

S3 HookCentre;HookCentre;C:\WINDOWS\system32\drivers\HookCentre.sys [2008-07-02 09:59]

S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-09-05 03:59]

S3 pacdcacm;pacdcacm;C:\WINDOWS\system32\DRIVERS\pacdcacm.sys [2005-06-15 10:28]

.

Contents of the 'Scheduled Tasks' folder

"2008-07-02 20:20:56 C:\WINDOWS\Tasks\User_Feed_Synchronization-{1CC6CDAE-604F-414C-943D-2BBCDFCE0F82}.job"

  • C:\WINDOWS\system32\msfeedssync.exe

"2008-07-03 12:14:46 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"

  • C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe/ScheduleSweep=wrSpySweeperTrialSweep

  • C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex

  • A:\

.

  • ORPHANS REMOVED - - - -

ShellExecuteHooks-{BE7E4CE1-8CBA-44A6-956F-462A667D3286} - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-03 17:23:48

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Webroot\Spy Sweeper\ssu.exe

.

**************************************************************************

.

Completion time: 2008-07-03 17:32:33 - machine was rebooted

ComboFix-quarantined-files.txt 2008-07-03 15:32:11

Pre-Run: 119,882,567,680 bajtów wolnych

Post-Run: 120,183,648,256 bajt˘w wolnych

286 --- E O F --- 2008-06-22 05:12:37


(huber2t) #6

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

C:\WINDOWS\BM237199a2.xml

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

Logi dajesz na http://wklejto.pl a w poście dajesz tylko link


(Crazolqa3) #7

http://www.wklej.org/id/b5a70ff32f


(Spandau) #8

Log wydaje się czysty.

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar Mój komputer Kaspersky Online Scanner Uruchom pod IE daj raport na forum


(Gutek) #9

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052