Thor93
(Odyn93)
30 Czerwiec 2007 11:59
#1
Tak więc :
komputer się zacina, wyłącza gadu-gadu podczas gry w gry Online, proszę o pomoc
oto log z hijackthis :
Logfile of HijackThis v1.99.1 Scan saved at 13:45:07, on 2007-06-30 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\xerox\wdfmgr-4289651.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\RunDLL32.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\NetPanel\NetPanel.exe C:\Program Files\Creative\Shared Files\CamTray.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\1\Pulpit\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Mario Forever Toolbar Helper - {A20854FD-DDB5-4931-8F76-D11EA2364D94} - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing) O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\NetPanel\IEHelper.dll O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~3\BEARSH~1\MediaBar.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing) O3 - Toolbar: Mario Forever Toolbar - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll (file missing) O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513 O4 - HKLM…\Run: [kis] “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe” O4 - HKLM…\Run: [bearShare] “C:\Program Files\BearShare\BearShare.exe” /pause O4 - HKLM…\Run: [NetPanel] “C:\Program Files\NetPanel\Starter.exe” /path=“C:\Program Files\NetPanel” O4 - HKLM…\Run: [bearFlix] “C:\Program Files\BearFlix\bearflix.exe” /pause O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [CorelDRAW Graphics Suite 11b] F:\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title=“CorelDRAW Graphics Suite 12” /date=071207 serial=DR12WEB-******-****lang=EN O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [sDTray] “C:\Program Files\Spyware Doctor\SDTrayApp.exe” O4 - HKCU…\Run: [Creative WebCam Tray] “C:\Program Files\Creative\Shared Files\CamTray.exe” O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [winmatrix.exe] C:\Program Files\WinMatrix XP\WinMatrixXP.exe O4 - HKCU…\Run: [bearShare Acceleration Patch] C:\Documents and Settings\All Users\Menu Start\Programy\BearShare Acceleration Patch\BearShare Acceleration Patch.lnk O4 - HKCU…\Run: [ADS] C:\Windows\ADS.exe O4 - HKCU…\Run: [ares] “C:\Program Files\Ares\Ares.exe” -h O4 - HKCU…\Run: [DAEMON Tools] “F:\DAEMON Tools\daemon.exe” -lang 1045 O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Startup: hamachi.lnk = F:\hamachi\hamachi.exe O4 - Startup: Tahni Deskmate.LNK = C:\TahniDeskMate\DESKMATE.EXE O4 - Startup: UniSpiker-2.6.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object) - http://netpanel.gem.pl/netpanel2/WebInstaller.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (file missing) O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
adam9870
(adam9870)
30 Czerwiec 2007 12:27
#2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing) O2 - BHO: Mario Forever Toolbar Helper - {A20854FD-DDB5-4931-8F76-D11EA2364D94} - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll (file missing) O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~3\BEARSH~1\MediaBar.dll (file missing) O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing) O3 - Toolbar: Mario Forever Toolbar - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll (file missing) O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKCU…\Run: [ADS] C:\Windows\ADS.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
Folder i plik zaznaczony na czerwono usuń ręcznie będąc w trybie awaryjnym natomiast wpisy HijackThis.
Jeśli nie masz już Google Toolbar to usuń dodatkowo te dwa poniżej przedstawione wpisy:
Czy to jakiś Twój program? Jeśli nie to go również usuń.
Po wykonaniu wklej log z ComboFix . Aby zrobić w nim log należy go uruchomić => nacisnąć klawisz Y => czekać cierpliwie i log powinien być w formie pliku .txt o nazwie combofix na partycji C.
Monczkin
(Monczkin)
30 Czerwiec 2007 12:31
#3
Popraw tytuł na konkretny.
Thor93
(Odyn93)
1 Lipiec 2007 16:56
#4
@2x up nie to nie jest program podejrzewam keyloggera bo pliki cookie mi znikają ;/ ii IE samo się włącza + próbuje coś ściągnąć
@edit
te combofix pokasowało mi ikonki na pulpicie o0 ?? co jest to mialo tak byc mam nadzieje ze to nie żaden virek ??
@down
no jest cały nie skracałem
2001-07-30 17:40 24576 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\msxml3a.dll.vir
2006-08-07 23:00 61440 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\packet.dll.vir
Zmienna PATH folderu dla woluminu programy
Numer seryjny woluminu: 71F5E346 5CBC:C51A
C:\QOOBOX
\---Quarantine
+---C
| \---WINDOWS
| \---system32
| msxml3a.dll.vir
| packet.dll.vir
|
\---Registry_backups
adam9870
(adam9870)
1 Lipiec 2007 18:47
#5
Wklej zawartość pliku C:\ComboFix.txt
adam9870
(adam9870)
3 Lipiec 2007 10:18
#7
Ty wklejasz zawartość pliku ComboFix-quarantined-files.txt natomiast ja chcę byś wkleić zawartość pliku ComboFix.txt, w którym znajdują się szczegółowe informacje na temat plików utworzonych i zmodyfikowanych w przeciągu ostatniego miesiąca oraz są pokazane niektóre wpisy pokazujące aplikacje uruchamiane tuż przy starcie systemu.
Thor93
(Odyn93)
3 Lipiec 2007 12:23
#8
ok już jest czekam na odp. ;]
qrczak13
(qrczak13)
3 Lipiec 2007 19:21
#9
Ściągasz Pocket Killbox ,
zaznaczasz Delete on reboot , w polu Full Path of File to Delete wklej ścieżkę:
C:\Windows\ADS.exe
i naciskasz X czerwony . Program poprosi o restart kompa, co robisz.
Do notatnika wklej:
Plik > zapisz jako > zmień rozszerzenie z .txt na wszystkie pliki > zapisz pod nazwą Fix.reg np na
pulpicie > dwuklik na Fix.reg > potwierdzasz > restart.
Zrób po tym czyszczenie rejestru > jv16 PowerTools 2006 1.5.2.350
Ten plik przeskanuj na http://www.virustotal.com/vt/ i wklej raport po skanowaniu oraz nowy log z ComboFix .
Thor93
(Odyn93)
4 Lipiec 2007 06:55
#10
skanowanie z http://www.virustotal.com/vt/
Complete scanning result of “wdfmgr-4289651.exe”, received in VirusTotal at 07.04.2007, 08:37:40 (CET). Antivirus Version Update Result AhnLab-V3 2007.7.4.0 07.04.2007 no virus found AntiVir 7.4.0.37 07.03.2007 no virus found Authentium 4.93.8 07.03.2007 no virus found Avast 4.7.997.0 07.03.2007 no virus found AVG 7.5.0.476 07.03.2007 no virus found BitDefender 7.2 07.04.2007 no virus found CAT-QuickHeal 9.00 07.03.2007 no virus found ClamAV devel-20070416 07.04.2007 no virus found DrWeb 4.33 07.03.2007 no virus found eSafe 7.0.15.0 07.03.2007 no virus found eTrust-Vet 30.8.3761 07.03.2007 no virus found Ewido 4.0 07.03.2007 no virus found FileAdvisor 1 07.04.2007 no virus found Fortinet 2.91.0.0 07.03.2007 no virus found F-Prot 4.3.2.48 07.03.2007 no virus found F-Secure 6.70.13030.0 07.04.2007 no virus found Ikarus T3.1.1.8 07.04.2007 no virus found Kaspersky 4.0.2.24 07.04.2007 no virus found McAfee 5066 07.03.2007 no virus found Microsoft 1.2701 07.04.2007 no virus found NOD32v2 2377 07.04.2007 no virus found Norman 5.80.02 07.03.2007 no virus found Panda 9.0.0.4 07.04.2007 Suspicious file Sophos 4.19.0 06.28.2007 no virus found Sunbelt 2.2.907.0 07.04.2007 no virus found Symantec 10 07.04.2007 no virus found TheHacker 6.1.6.141 07.02.2007 no virus found VBA32 3.12.0.2 07.03.2007 no virus found VirusBuster 4.3.23:9 07.03.2007 no virus found Webwasher-Gateway 6.0.1 07.03.2007 no virus found
nowy log z CcobmoFix
ComboFix 07-06-18.2 - F:\ComboFix.exe “1” - 2007-07-04 8:49:52 - Dodatek Service Pack. 1 NTFS ((((((((((((((((((((((((( Files Created from 2007-06-04 to 2007-07-04 ))))))))))))))))))))))))))))))) 2007-07-04 08:35 2007-07-03 17:16 2007-07-01 21:04 2007-07-01 20:59 2007-07-01 20:56 2007-07-01 19:35 82,258 --a–c— C:\WINDOWS\system32\drivers\klin.dat 2007-07-01 19:35 82,258 --a–c— C:\WINDOWS\system32\drivers\klick.dat 2007-07-01 19:35 3,207,712 --ahsc— C:\WINDOWS\system32\drivers\fidbox.dat 2007-07-01 19:35 13,088 --ahsc— C:\WINDOWS\system32\drivers\fidbox2.dat 2007-07-01 19:35 2007-07-01 19:35 2007-07-01 19:30 2007-07-01 19:20 2007-07-01 19:10 2007-07-01 19:10 2007-07-01 19:10 2007-07-01 19:04 49,152 --a–c— C:\WINDOWS\nircmd.exe 2007-07-01 18:47 711 --a–c— C:\WINDOWS\unins000.dat 2007-06-28 09:40 626,688 --a–c— C:\WINDOWS\system32\msvcr80.dll 2007-06-28 08:55 2007-06-27 10:15 2007-06-26 18:12 2007-06-25 18:02 2007-06-18 21:33 2007-06-14 15:49 2007-06-14 14:09 25,544 --a–c— C:\WINDOWS\system32\drivers\hamachi.sys (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-04 06:29:48 -------- dc----w C:\Program Files\NetPanel 2007-07-04 06:29:43 -------- dc----w C:\DOCUME~1\1\DANEAP~1\Skype 2007-07-04 06:29:21 -------- dc----w C:\DOCUME~1\1\DANEAP~1\Hamachi 2007-07-01 17:17:45 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-07-01 17:17:45 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-27 18:38:40 -------- dc----w C:\Program Files\Gadu-Gadu 2007-05-22 15:20:24 61,477 -c–a-w C:\WINDOWS\War3Unin.dat 2007-05-18 13:46:12 -------- dc-h–w C:\Program Files\InstallShield Installation Information 2007-05-11 13:24:51 -------- dc----w C:\Program Files\Microsoft Games 2007-05-11 13:12:16 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-05-07 06:07:11 -------- dc----w C:\DOCUME~1\1\DANEAP~1\Winamp 2007-05-07 05:20:40 -------- dc----w C:\Program Files\Winamp 2007-05-06 16:32:24 -------- dc----w C:\DOCUME~1\1\DANEAP~1\MusicIP ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 14:22] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “RTHDCPL”=“RTHDCPL.EXE” [2005-12-19 08:52 C:\WINDOWS\RTHDCPL.exe] “Alcmtr”=“ALCMTR.EXE” [2005-05-03 12:43 C:\WINDOWS\Alcmtr.exe] “nwiz”=“nwiz.exe” [2005-12-10 03:06 C:\WINDOWS\system32\nwiz.exe] “RemoteControl”=“C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” [2004-11-02 20:24] “InCD”=“C:\Program Files\Ahead\InCD\InCD.exe” [2004-09-07 15:25] “HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2005-05-11 23:12] “PD0620 STISvc”=“P0620Pin.dll” [2005-05-10 19:03 C:\WINDOWS\system32\P0620Pin.dll] “BearShare”=“C:\Program Files\BearShare\BearShare.exe” [] “NetPanel”=“C:\Program Files\NetPanel\Starter.exe” [2006-08-13 09:21] “BearFlix”=“C:\Program Files\BearFlix\bearflix.exe” [] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [2005-11-10 14:03] “CorelDRAW Graphics Suite 11b”=“F:\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe” [2003-11-25 13:39] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-04-26 19:11] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Creative WebCam Tray”=“C:\Program Files\Creative\Shared Files\CamTray.exe” [2005-10-27 20:00] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2006-07-21 13:06] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2002-08-20 15:08] “winmatrix.exe”=“C:\Program Files\WinMatrix XP\WinMatrixXP.exe” [] “ares”=“C:\Program Files\Ares\Ares.exe” [2007-05-15 00:37] “DAEMON Tools”=“F:\DAEMON Tools\daemon.exe” [2007-04-04 00:29] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-04-19 17:43] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] “SysCore32-ID4289651”=C:\Program Files\xerox\wdfmgr-4289651.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “appinit_dlls”=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-04 08:51:50 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes … scanning hidden autostart entries … HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run SysCore32-ID4289651 = C:\Program Files\xerox\wdfmgr-4289651.exe?|?,???( scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-04 8:52:52 C:\ComboFix-quarantined-files.txt … 2007-07-01 19:10 — E O F —
Gutek
(Gutek)
4 Lipiec 2007 09:52
#11