Prosba o zerkniecie na log HiJackThis

Dla specjalistów Bezpieczeństwo
#1

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:37:04, on 2008-12-27

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ggao.hit.gemius.pl/hitredir/id=. … index.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: {fca836a6-da7f-bc3b-92c4-080f983ae6a5} - {5a6ea389-f080-4c29-b3cb-f7ad6a638acf} - C:\WINDOWS\system32\kqxtmu.dll

O2 - BHO: (no name) - {EFFA6938-5F7E-46F6-A637-C094CEE26689} - C:\WINDOWS\system32\ljJbcbAP.dll (file missing)

O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

O4 - HKLM…\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime

O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”

O4 - HKLM…\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent

O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [PhoneDaemon] C:\Documents and Settings\Rafal\Pulpit\iPhone PC Suite\PhoneDaemon.exe

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: ,C:\WINDOWS\system32\bofofevu.dll kqxtmu.dll

O20 - Winlogon Notify: ljJcbCRL - ljJcbCRL.dll (file missing)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

End of file - 5024 bytes

#2

Wpisy skasuj w HJT

Daj log z Combofix

#3

ComboFix 08-12-26.03 - Rafal 2008-12-27 14:05:13.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1919.1395 [GMT 1:00]

Uruchomiony z: c:\documents and settings\Rafal\Pulpit\ComboFix.exe

* Utworzono nowy punkt przywracania

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\svhost.exe

c:\windows\system32\cbXQhGvT.dll

c:\windows\system32\efqhbavc.dll

c:\windows\system32\hjnnvf.dll

c:\windows\system32\koiwfjfe.dll

c:\windows\system32\kqxtmu.dll

c:\windows\system32\mcrh.tmp

c:\windows\system32\rqRLcBro.dll

c:\windows\system32\utdwtq.dll

c:\windows\system32\wvUlmlMd.dll

c:\windows\system32\xanjfz.dll

c:\windows\system32\xuooet.dll

.

((((((((((((((((((((((((( Pliki utworzone od 2008-11-27 do 2008-12-27 )))))))))))))))))))))))))))))))

.

2008-12-27 12:55 . 2008-12-27 12:55

2008-12-27 12:18 . 2008-12-27 12:18

2008-12-26 14:35 . 2008-12-26 14:35

2008-12-26 12:32 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll

2008-12-26 12:31 . 2008-12-26 12:31

2008-12-26 12:29 . 2008-12-26 12:31

2008-12-26 12:29 . 2008-12-26 12:29

2008-12-26 12:29 . 2008-12-26 12:29

2008-12-26 12:28 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll

2008-12-26 12:28 . 2008-07-06 13:06 1,676,288 -----c— c:\windows\system32\dllcache\xpssvcs.dll

2008-12-26 12:28 . 2008-07-06 11:50 597,504 -----c— c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2008-12-26 12:28 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll

2008-12-26 12:28 . 2008-07-06 13:06 575,488 -----c— c:\windows\system32\dllcache\xpsshhdr.dll

2008-12-26 12:28 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll

2008-12-26 12:28 . 2008-07-06 13:06 89,088 -----c— c:\windows\system32\dllcache\filterpipelineprintproc.dll

2008-12-26 12:25 . 2008-12-26 12:25

2008-12-24 21:53 . 2008-12-24 21:53

2008-12-23 22:16 . 2008-12-23 22:16

2008-12-23 21:23 . 2008-12-23 21:23

2008-12-23 21:23 . 2008-12-23 21:24

2008-12-23 21:22 . 2008-12-23 21:22

2008-12-23 20:32 . 2008-12-23 20:47

2008-12-23 20:32 . 2008-12-23 20:37

2008-12-23 20:19 . 2008-12-23 20:19

2008-12-22 22:07 . 2008-12-22 22:07 103,936 --a------ c:\windows\system32\ueevduaf.dll

2008-12-22 16:41 . 2008-12-22 16:41 103,936 --a------ c:\windows\system32\tmkmbnfc.dll

2008-12-22 16:39 . 2008-12-22 16:39 68,096 --------- c:\windows\system32\mucwnsev.dll

2008-12-22 13:22 . 2008-12-27 11:58

2008-12-22 13:22 . 2008-12-22 13:22 56 --ah----- c:\windows\system32\ezsidmv.dat

2008-12-22 13:20 . 2008-12-22 13:20

2008-12-22 13:20 . 2008-12-22 13:20

2008-12-22 13:20 . 2008-12-27 14:08

2008-12-22 13:19 . 2008-12-22 13:20

2008-12-21 16:05 . 2008-12-21 16:05

2008-12-21 16:04 . 2008-12-21 16:04

2008-12-21 15:49 . 2008-12-21 15:49 67,584 --a------ c:\windows\system32\adeiplac.dll

2008-12-21 15:47 . 2008-12-21 15:47 103,424 --a------ c:\windows\system32\hlrolyjf.dll

2008-12-20 18:40 . 2008-12-24 11:21

2008-12-20 17:44 . 2008-12-20 17:44

2008-12-20 13:49 . 2008-12-20 13:49

2008-12-20 12:34 . 2003-03-29 16:45 89,184 --a------ c:\windows\system32\drivers\imagedrv.sys

2008-12-20 12:34 . 2003-07-22 16:29 57,344 --a------ c:\windows\system32\ImageDrive.cpl

2008-12-20 12:33 . 2008-12-20 12:33

2008-12-20 12:33 . 2008-12-20 12:33

2008-12-20 12:33 . 2001-07-06 14:41 569,344 --a------ c:\windows\system32\imagr5.dll

2008-12-20 12:33 . 2001-07-06 12:44 544,768 --a------ c:\windows\system32\imagx5.dll

2008-12-20 12:33 . 2001-07-06 18:24 283,920 --a------ c:\windows\system32\ImagXpr5.dll

2008-12-20 12:33 . 2001-07-09 11:50 155,648 --a------ c:\windows\system32\NeroCheck.exe

2008-12-20 12:33 . 2008-12-20 12:33 103,424 --a------ c:\windows\system32\inmlstww.dll

2008-12-20 12:33 . 2001-06-26 08:15 38,912 --a------ c:\windows\system32\picn20.dll

2008-12-20 11:52 . 2008-12-20 11:53

2008-12-20 08:54 . 2008-11-12 22:16

2008-12-20 08:54 . 2008-12-20 08:54

2008-12-20 08:54 . 2008-11-12 22:23

2008-12-20 08:54 . 2008-12-27 14:02

2008-12-20 08:54 . 2008-12-26 14:49

2008-12-20 08:54 . 2008-12-20 18:40

2008-12-20 08:54 . 2008-12-20 08:54

2008-12-20 08:54 . 2008-12-26 14:35

2008-12-20 08:54 . 2008-12-27 03:13

2008-12-19 22:16 . 2008-12-19 22:16

2008-12-19 19:30 . 2008-12-19 19:30

2008-12-19 19:30 . 2008-12-19 19:30

2008-12-19 19:30 . 2005-08-11 15:29 73,728 --a------ c:\windows\system32\ISUSPM.cpl

2008-12-19 17:00 . 2008-12-19 17:01

2008-12-19 16:41 . 2008-12-19 16:43

2008-12-19 12:28 . 2008-12-19 12:28

2008-12-01 19:40 . 2008-12-01 19:40

2008-12-01 19:35 . 2008-12-01 19:35

2008-12-01 19:35 . 2008-05-22 23:22 3,596,288 --a------ c:\windows\system32\qt-dx331.dll

2008-12-01 19:35 . 2008-07-04 07:34 860,160 --a------ c:\windows\system32\lameACM.acm

2008-12-01 19:35 . 2008-01-10 13:15 755,027 --a------ c:\windows\system32\xvidcore.dll

2008-12-01 19:35 . 2008-05-31 00:22 683,520 --a------ c:\windows\system32\divx.dll

2008-12-01 19:35 . 2004-01-25 17:18 217,088 --a------ c:\windows\system32\yv12vfw.dll

2008-12-01 19:35 . 2007-09-04 17:56 164,352 --a------ c:\windows\system32\unrar.dll

2008-12-01 19:35 . 2008-01-10 13:16 159,839 --a------ c:\windows\system32\xvidvfw.dll

2008-12-01 19:35 . 2007-09-21 01:52 118,784 --a------ c:\windows\system32\ac3acm.acm

2008-12-01 19:35 . 2008-05-22 23:19 81,920 --a------ c:\windows\system32\dpl100.dll

2008-12-01 19:35 . 2008-06-12 19:36 7,680 --a------ c:\windows\system32\ff_vfw.dll

2008-12-01 19:35 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest

2008-12-01 19:35 . 2007-10-03 16:03 414 --a------ c:\windows\system32\lame_acm.xml

2008-11-28 18:37 . 2008-11-28 18:37

2008-11-28 18:27 . 2008-11-28 18:27

2008-11-28 18:26 . 2008-11-28 18:26 54,156 --ah----- c:\windows\QTFont.qfn

2008-11-28 18:26 . 2008-11-28 18:26 1,409 --a------ c:\windows\QTFont.for

2008-11-28 18:24 . 2006-09-05 18:57 90,800 -ra------ c:\windows\system32\drivers\se58unic.sys

2008-11-28 18:24 . 2006-09-05 19:00 88,624 -ra------ c:\windows\system32\drivers\se58mgmt.sys

2008-11-28 18:24 . 2006-09-05 19:00 86,432 -ra------ c:\windows\system32\drivers\se58obex.sys

2008-11-28 18:24 . 2006-09-05 18:57 18,704 -ra------ c:\windows\system32\drivers\se58nd5.sys

2008-11-28 18:24 . 2006-09-05 18:57 4,128 -ra------ c:\windows\system32\drivers\se58cr.sys

2008-11-28 18:23 . 2006-09-05 18:59 97,088 -ra------ c:\windows\system32\drivers\se58mdm.sys

2008-11-28 18:23 . 2006-09-05 18:58 61,536 -ra------ c:\windows\system32\drivers\se58bus.sys

2008-11-28 18:23 . 2006-09-05 18:59 9,360 -ra------ c:\windows\system32\drivers\se58mdfl.sys

2008-11-28 18:23 . 2006-09-05 19:00 6,240 -ra------ c:\windows\system32\drivers\se58cmnt.sys

2008-11-28 18:23 . 2006-09-05 19:00 6,240 -ra------ c:\windows\system32\drivers\se58cm.sys

2008-11-28 18:23 . 2006-09-05 18:58 5,872 -ra------ c:\windows\system32\drivers\se58whnt.sys

2008-11-28 18:23 . 2006-09-05 18:58 5,872 -ra------ c:\windows\system32\drivers\se58wh.sys

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-27 00:15 --------- d-----w c:\program files\Wanadoo

2008-12-20 12:48 --------- d-----w c:\documents and settings\Rafal\Dane aplikacji\Apple Computer

2008-12-19 18:30 --------- d–h--w c:\program files\InstallShield Installation Information

2008-12-19 18:30 --------- d-----w c:\program files\Common Files\InstallShield

2008-11-17 21:05 --------- d-----w c:\program files\OrangeBS

2008-11-17 21:04 --------- d-----w c:\program files\Common Files\France Telecom

2008-11-16 18:15 --------- d-----w c:\program files\Mp3tag

2008-11-14 22:30 --------- d-----w c:\program files\iTunes

2008-11-14 22:30 --------- d-----w c:\program files\iPod

2008-11-14 22:30 --------- d-----w c:\program files\Bonjour

2008-11-14 22:30 --------- d-----w c:\documents and settings\All Users\Dane aplikacji{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-11-14 22:29 --------- d-----w c:\program files\QuickTime

2008-11-14 22:29 --------- d-----w c:\program files\Common Files\Apple

2008-11-14 22:28 --------- d-----w c:\program files\Apple Software Update

2008-11-14 22:28 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Apple Computer

2008-11-14 22:28 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Apple

2008-11-14 14:40 --------- d-----w c:\program files\Common Files\Adobe

2008-11-14 14:30 315,392 ----a-w c:\windows\HideWin.exe

2008-11-14 14:30 --------- d-----w c:\program files\Realtek

2008-11-14 14:29 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ATI

2008-11-14 14:26 --------- d-----w c:\program files\ATI Technologies

2008-11-13 19:19 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\MSN6

2008-11-12 22:25 --------- d-----w c:\program files\foobar2000

2008-11-12 22:02 23 ----a-w c:\windows\system32\drivers\adidsl.cfg

2008-11-12 22:02 --------- d-----w c:\program files\SAGEM

2008-11-12 22:01 --------- d-----w c:\program files\JavaSoft

2008-11-12 21:28 --------- d-----w c:\program files\microsoft frontpage

2008-11-12 21:24 --------- d-----w c:\program files\Usługi online

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2004-08-04 15360]

“Gadu-Gadu”=“c:\program files\Gadu-Gadu\gg.exe” [2008-03-20 2127296]

“Skype”=“c:\program files\Skype\Phone\Skype.exe” [2008-11-18 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“WOOWATCH”=“c:\progra~1\Wanadoo\Watch.exe” [2002-12-09 20480]

“WOOTASKBARICON”=“c:\progra~1\Wanadoo\TaskbarIcon.exe” [2002-12-09 45056]

“StartCCC”=“c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 90112]

“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe” [2008-09-06 413696]

“iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe” [2008-10-01 289576]

“NeroCheck”=“c:\windows\system32\NeroCheck.exe” [2001-07-09 155648]

“RTHDCPL”=“RTHDCPL.EXE” [2007-05-28 c:\windows\RTHDCPL.exe]

“AGRSMMSG”=“AGRSMMSG.exe” [2006-06-29 c:\windows\AGRSMMSG.exe]

“BluetoothAuthenticationAgent”=“bthprops.cpl” [2004-08-04 c:\windows\system32\bthprops.cpl]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE” [2004-08-04 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-11-12 962661]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“UpdatesDisableNotify”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“c:\Program Files\Bonjour\mDNSResponder.exe”=

“c:\Program Files\uTorrent\uTorrent.exe”=

“c:\Program Files\Wanadoo\TaskBarIcon.exe”=

“c:\Program Files\iTunes\iTunes.exe”=

“c:\Program Files\Skype\Phone\Skype.exe”=

R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2002-09-28 14336]

S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2008-11-17 95744]

S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2008-11-17 51968]

S3 GTPTSER;GT PT SER;c:\windows\system32\DRIVERS\gtptser.sys [2008-11-17 8064]

.

Zawartość folderu ‘Zaplanowane zadania’

2008-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job

  • c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

.

        • USUNIĘTO PUSTE WPISY - - - -

BHO-{EFFA6938-5F7E-46F6-A637-C094CEE26689} - c:\windows\system32\ljJbcbAP.dll

HKCU-Run-PhoneDaemon - c:\documents and settings\Rafal\Pulpit\iPhone PC Suite\PhoneDaemon.exe

.

------- Skan uzupełniający -------

.

uInternet Connection Wizard,ShellNext = hxxp://ggao.hit.gemius.pl/hitredir/id=. … index.html

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

FF - ProfilePath - c:\documents and settings\Rafal\Dane aplikacji\Mozilla\Firefox\Profiles\nahgfxts.default\

FF - component: c:\program files\Mozilla Firefox\extensions{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\program files\JavaSoft\JRE\1.3.1_03\bin\NPJava11.dll

FF - plugin: c:\program files\JavaSoft\JRE\1.3.1_03\bin\NPJava12.dll

FF - plugin: c:\program files\JavaSoft\JRE\1.3.1_03\bin\NPJava131_03.dll

FF - plugin: c:\program files\JavaSoft\JRE\1.3.1_03\bin\NPJava32.dll

FF - plugin: c:\program files\JavaSoft\JRE\1.3.1_03\bin\NPOJI600.dll

FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-27 14:07:55

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

              • > ‘winlogon.exe’(776)

c:\windows\system32\Ati2evxx.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\windows\system32\ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\windows\system32\rundll32.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Czas ukończenia: 2008-12-27 14:09:27 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2008-12-27 13:09:25

Przed: 1 327 353 856 bajtów wolnych

Po: 1,269,600,256 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /fastdetect /NoExecute=OptIn

257 — E O F — 2008-11-12 22:27:52

#4

carev_92 ,

Proszę zapoznać się z tematem Ważny komunikat dotyczący tytułowania tematów i poprawić tytuł na konkretny, dokładnie też proszę opisać problem. W celu dokonania zaleconej korekty - proszę użyć przycisku ac7a4cd89050aa6e.gif

Zignorowanie zalecenia będzie skutkowało usunięciem tematu do Kosza.

W związku ze zmianą, jaka obowiązuje przy wklejaniu logów - przeczytaj i zastosuj się do Tematu