Proszę o sprawdzenie loga

(Szejk12) #1

Logfile of HijackThis v1.99.1

Scan saved at 12:53:43, on 2008-07-08

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:

C:\WINDOWS\Explorer.EXE

C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

G:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe

C:\Program Files\SpyNoMore\SNM.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\WINZIP\winzip32.exe

C:\Documents and Settings\x\Ustawienia lokalne\Temp\wz7ef2\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: BitComet ClickCapture - {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM…\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”

O4 - HKLM…\Run: [RemoteControl] “G:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe”

O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM…\Run: [samsung LBP SM] “C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe” /autorun

O4 - HKLM…\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup

O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033

O4 - HKLM…\Run: [egui] “C:\Program Files\ESET\ESET Smart Security\egui.exe” /hide /waitservice

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [CTSyncU.exe] “C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe”

O4 - HKCU…\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE”

O4 - HKCU…\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe

O4 - HKCU…\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe” ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - Startup: Secunia PSI (RC1).lnk = C:\Program Files\Secunia\PSI (RC1)\psi.exe

O8 - Extra context menu item: &d&ownload &with bitcomet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &d&ownload all video with bitcomet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &d&ownload all with bitcomet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Utwórz Ulubione dla urządzenia przenośnego - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra ‘Tools’ menuitem: Utwórz Ulubione dla urządzenia przenośnego… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)

O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O15 - Trusted Zone: http://arcaonline.arcabit.com

O15 - Trusted Zone: http://www.mks.com.pl

O15 - Trusted Zone: http://*.mks.com.pl

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/ … TSUEng.cab

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar … vSniff.cab

O16 - DPF: {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan … stubie.cab

O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} - http://www.symantec.com/techsupp/active … rdtinf.cab

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://www.bemowo.waw.pl:30/activex/AMC.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: winghy32 - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Settings Manager (ccsetmgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Eset HTTP Server (ehttpsrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe" -s "C:\Program Files\Linksys\Linksys Updater\conf\wrapper.conf (file missing)

O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - (no file)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Plánovač automatické aktualizace LiveUpdate (plánovač automatické aktualizace liveupdate) - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe

O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

O23 - Service: Symantec Core LC (symantec core lc) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

(huber2t) #2

fix w hijackthis

Czy są jakieś problemy?

W dniu 08.07.2008 , o godzinie 14:37 został dopisany post przez huber2t

fix w hijackthis

Czy są jakieś problemy?

(Szejk12) #3

Witam

Dziękuję za pomoc

log po sfixowaniu

Logfile of HijackThis v1.99.1

Scan saved at 16:56:46, on 2008-07-08

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:

C:\WINDOWS\Explorer.EXE

C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

G:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe

C:\Program Files\SpyNoMore\SNM.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\WINZIP\winzip32.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\Outlook Express\msimn.exe

C:\Documents and Settings\x\Ustawienia lokalne\Temp\wze688\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: BitComet ClickCapture - {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM…\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”

O4 - HKLM…\Run: [RemoteControl] “G:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe”

O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM…\Run: [samsung LBP SM] “C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe” /autorun

O4 - HKLM…\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup

O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033

O4 - HKLM…\Run: [egui] “C:\Program Files\ESET\ESET Smart Security\egui.exe” /hide /waitservice

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [CTSyncU.exe] “C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe”

O4 - HKCU…\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE”

O4 - HKCU…\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe

O4 - HKCU…\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe” ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - Startup: Secunia PSI (RC1).lnk = C:\Program Files\Secunia\PSI (RC1)\psi.exe

O8 - Extra context menu item: &d&ownload &with bitcomet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &d&ownload all video with bitcomet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &d&ownload all with bitcomet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Utwórz Ulubione dla urządzenia przenośnego - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra ‘Tools’ menuitem: Utwórz Ulubione dla urządzenia przenośnego… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O15 - Trusted Zone: http://arcaonline.arcabit.com

O15 - Trusted Zone: http://www.mks.com.pl

O15 - Trusted Zone: http://*.mks.com.pl

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/ … TSUEng.cab

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar … vSniff.cab

O16 - DPF: {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan … stubie.cab

O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} - http://www.symantec.com/techsupp/active … rdtinf.cab

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://www.bemowo.waw.pl:30/activex/AMC.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip…{122C9019-0192-4DDE-BC14-F48FACC68379}: NameServer = 194.204.152.34 217.98.63.164

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Settings Manager (ccsetmgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Eset HTTP Server (ehttpsrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe" -s "C:\Program Files\Linksys\Linksys Updater\conf\wrapper.conf (file missing)

O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - (no file)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Plánovač automatické aktualizace LiveUpdate (plánovač automatické aktualizace liveupdate) - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe

O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

O23 - Service: Symantec Core LC (symantec core lc) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

(Dmirecki) #4

Wygląda na czysty…

(Szejk12) #5

Dzięki na razie zrestartuję komp i zobaczę co dalej

W dniu 08.07.2008 , o godzinie 17:53 został dopisany post przez mercedes100

Witam

Komp wciąż się muli

Proszę o sprawdzenie loga z combofixa

ComboFix 08-07-01.5 - admin 2008-07-08 17:46:03.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.935 [GMT 2:00]

Running from: C:\Documents and Settings\x\Pulpit\ComboFix.exe

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((( Files Created from 2008-06-08 to 2008-07-08 )))))))))))))))))))))))))))))))

.

2008-07-07 20:12 . 2008-07-07 20:17

2008-07-06 17:46 . 2008-07-06 17:46

2008-07-06 17:44 . 2008-07-06 17:44

2008-07-06 17:44 . 2008-07-06 17:44

2008-07-06 15:45 . 2008-07-06 15:45

2008-07-06 15:34 . 2008-07-08 17:49

2008-07-06 15:34 . 2008-07-06 15:37

2008-07-06 15:34 . 2005-12-28 17:45

2008-07-06 15:34 . 2008-07-07 16:59

2008-07-06 15:34 . 2008-07-06 15:37

2008-07-06 15:34 . 2005-12-28 18:38

2008-07-06 15:34 . 2008-07-08 00:46

2008-07-06 15:34 . 2008-07-07 17:43

2008-07-06 15:10 . 2008-07-06 15:10

2008-07-06 14:26 . 2008-07-06 14:36

2008-07-06 12:32 . 2008-07-06 13:07

2008-07-06 10:51 . 2008-07-06 17:42

2008-07-05 21:11 . 2008-07-05 21:23

2008-07-05 20:02 . 2008-07-06 17:48

2008-07-05 17:00 . 2008-07-05 17:00

2008-07-02 14:31 . 2008-07-02 14:31

2008-07-01 19:29 . 2008-07-01 19:29 0 --a------ C:\WINDOWS\BM8b03637a.xml

2008-07-01 19:04 . 2008-07-05 22:22

2008-07-01 19:04 . 2008-07-01 19:04

2008-07-01 08:12 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\000002_.tmp

2008-06-30 23:21 . 2008-07-03 23:46

2008-06-30 23:21 . 2008-06-30 23:21

2008-06-30 23:21 . 2008-06-30 23:21 1,152 --a------ C:\WINDOWS\system32\windrv.sys

2008-06-29 23:39 . 2008-06-29 23:41

2008-06-29 19:28 . 2008-07-05 19:43

2008-06-29 18:51 . 2008-06-29 18:52

2008-06-29 17:43 . 2008-07-08 17:49 68,018 --a------ C:\WINDOWS\system32\drivers\4388de70.sys

2008-06-29 13:15 . 2008-06-05 18:24 47 --a------ C:\Documents and Settings\x\readme.bat

2008-06-29 09:56 . 2008-06-29 09:56

2008-06-22 10:47 . 2008-06-22 10:47

2008-06-22 10:41 . 2008-06-22 10:41

2008-06-22 10:41 . 2008-06-22 10:43

2008-06-22 10:41 . 2008-06-22 10:41

2008-06-21 19:42 . 2008-06-21 19:42 1,849 --a------ C:\WINDOWS\system32\odtwarzacz.csh

2008-06-21 17:01 . 2008-06-21 17:01

2008-06-21 14:02 . 2008-06-21 14:02

2008-06-21 12:18 . 2003-12-05 20:46 10,368 --------- C:\WINDOWS\system32\drivers\pfc.sys

2008-06-21 11:10 . 2006-11-15 11:29 1,712,128 --a------ C:\WINDOWS\system32\GDIPLUS.DLL

2008-06-21 11:10 . 2005-07-12 14:25 401,408 --a------ C:\WINDOWS\system32\pvmjpg30.dll

2008-06-21 11:10 . 2006-04-11 15:03 233,472 --------- C:\WINDOWS\system32\DiskIO.dll

2008-06-21 11:10 . 2006-04-11 15:03 184,320 --------- C:\WINDOWS\system32\RALMain.dll

2008-06-21 11:10 . 2004-01-02 12:28 126,976 --------- C:\WINDOWS\system32\AVIPrAx.dll

2008-06-21 11:10 . 2001-12-11 22:21 73,728 --------- C:\WINDOWS\system32\MMAviAx.dll

2008-06-21 11:10 . 2003-04-21 16:11 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll

2008-06-21 11:10 . 2007-03-06 18:53 41,984 --a------ C:\WINDOWS\system32\cacheX.dll

2008-06-21 11:10 . 2005-12-12 15:57 32,768 --------- C:\WINDOWS\system32\MLPagAx.dll

2008-06-21 11:06 . 2007-01-26 02:04 196,096 --a------ C:\WINDOWS\system32\macd32.dll

2008-06-21 11:06 . 2007-01-26 02:04 138,752 --a------ C:\WINDOWS\system32\mase32.dll

2008-06-21 11:06 . 2007-01-26 02:04 136,192 --a------ C:\WINDOWS\system32\mamc32.dll

2008-06-21 11:06 . 2004-07-02 17:28 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL

2008-06-21 11:06 . 2007-01-26 02:04 57,856 --a------ C:\WINDOWS\system32\masd32.dll

2008-06-21 11:06 . 2007-01-26 02:04 27,648 --a------ C:\WINDOWS\system32\ma32.dll

2008-06-21 11:04 . 2008-06-21 11:11

2008-06-21 11:01 . 2008-06-21 11:09

2008-06-21 11:01 . 2008-06-21 11:11

2008-06-16 23:41 . 2008-07-07 17:14

2008-06-11 15:31 . 2008-06-11 15:31

2008-06-11 11:11 . 2008-06-14 19:36 273,024 -----c— C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-11 11:11 . 2008-05-08 16:02 203,136 -----c— C:\WINDOWS\system32\dllcache\rmcast.sys

2008-06-10 18:56 . 2008-06-10 18:56 71,688 --a------ C:\WINDOWS\system32\drivers\epfw.sys

2008-06-10 18:56 . 2008-06-10 18:56 54,280 --a------ C:\WINDOWS\system32\drivers\epfwtdi.sys

2008-06-10 18:56 . 2008-06-10 18:56 30,728 --a------ C:\WINDOWS\system32\drivers\epfwndis.sys

2008-06-10 18:48 . 2008-06-10 18:48 53,256 --a------ C:\WINDOWS\system32\drivers\easdrv.sys

2008-06-10 18:47 . 2008-06-10 18:47 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys

2008-06-10 18:05 . 2008-06-10 18:15

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-07 23:03 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2008-07-06 18:50 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help

2008-07-05 20:41 --------- d-----w C:\Program Files\Smarty Uninstaller Pro

2008-07-04 10:43 --------- d-----w C:\Program Files\EsetOnlineScanner

2008-07-04 10:17 --------- d-----w C:\Program Files\SkanerOnline

2008-07-04 06:22 --------- d-----w C:\Program Files\ArcaMicroScan

2008-07-02 17:48 --------- d-----w C:\Program Files\BitComet

2008-07-01 17:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-07-01 15:15 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search Destroy

2008-07-01 14:46 --------- d-----w C:\Program Files\Spybot - Search Destroy

2008-06-30 21:44 98,304 ----a-w C:\WINDOWS\system32\ahui.exe

2008-06-30 18:41 --------- d-----w C:\Program Files\Lavasoft

2008-06-30 18:18 --------- d-----w C:\Program Files\Microsoft ActiveSync

2008-06-29 07:56 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-06-25 14:20 --------- d-----w C:\Program Files\eMule

2008-06-24 16:00 --------- d-----w C:\Program Files\Creative

2008-06-22 08:26 --------- d-----w C:\Program Files\Common Files\Ahead

2008-06-22 08:26 --------- d-----w C:\Program Files\Ahead

2008-06-21 16:11 --------- d-----w C:\Program Files\MediaCoder

2008-06-21 10:18 --------- d-----w C:\Program Files\CyberLink

2008-06-21 10:18 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\CyberLink

2008-06-14 17:36 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-13 14:40 --------- d-----w C:\Program Files\Java

2008-06-05 18:29 --------- d-----w C:\Program Files\Firefly Studios

2008-05-28 20:02 --------- d-----w C:\Program Files\Absolute Video Converter

2008-05-27 14:00 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Creative

2008-05-26 19:47 --------- d-----w C:\Program Files\Audible

2008-05-26 19:45 --------- d–h--w C:\Program Files\Creative Installation Information

2008-05-26 19:42 --------- d-----w C:\Program Files\Common Files\Creative

2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2008-05-11 19:08 --------- d-----w C:\Program Files\fishsim2

2008-05-11 09:09 --------- d-----w C:\Program Files\Ubisoft

2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 05:12 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-03 16:56 299,008 ----a-w C:\WINDOWS\system32\miccyhook.dll

2008-04-23 07:20 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-04-14 21:16 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 20:56 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 20:52 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll

2008-04-14 20:52 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll

2008-04-14 20:52 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll

2008-04-14 20:50 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll

2008-04-14 20:49 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll

2008-04-14 20:48 5,632 ----a-w C:\WINDOWS\system32\wmi.dll

2008-04-14 20:48 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll

2008-04-14 20:47 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll

2008-04-14 20:47 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll

2008-04-14 20:43 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll

2008-04-14 20:42 3,584 ----a-w C:\WINDOWS\system32\msafd.dll

2008-04-14 20:36 3,584 ----a-w C:\WINDOWS\system32\icmp.dll

2008-04-14 20:35 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll

2008-04-14 20:35 569,856 ----a-w C:\WINDOWS\system32\gpedit.dll

2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll

2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll

2008-04-14 20:33 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll

2008-04-14 20:31 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll

2008-04-14 20:30 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll

2008-04-14 19:59 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 19:59 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-14 19:55 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 19:52 89,600 ------w C:\WINDOWS\system32\msxml6r.dll

2008-04-14 19:50 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll

2008-04-14 19:45 49,664 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 19:43 563,200 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 19:37 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 19:35 67,584 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-14 19:35 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-13 22:15 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys

2008-04-13 22:13 9,728 ------w C:\WINDOWS\system32\comsdupd.exe

2008-04-13 22:13 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe

2008-04-13 22:10 427,008 ----a-w C:\WINDOWS\system32\xpob2res.dll

2008-04-13 22:08 2,953,216 ----a-w C:\WINDOWS\system32\xpsp2res.dll

2008-04-13 22:05 194,560 ----a-w C:\WINDOWS\system32\xpsp1res.dll

2008-04-13 22:01 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll

2008-04-13 22:00 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll

2008-04-13 21:07 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll

2008-04-13 21:07 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll

2008-04-13 20:56 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll

2008-04-13 20:56 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll

2008-04-13 20:51 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll

2008-04-13 20:18 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll

2008-04-13 20:15 216,064 ----a-w C:\WINDOWS\system32\moricons.dll

2008-04-13 19:53 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll

2008-04-13 19:09 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll

2007-03-19 18:13 6,422,611 ----a-w C:\Program Files\frostwire-4.13.1.6.windows.exe

2005-10-31 15:08 10,377,415 ----a-w C:\Documents and Settings\x\setup.exe

2004-08-09 21:30 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe

2003-03-21 11:37 16,056 ----a-w C:\Program Files\owcstp16.dll

.

((((((((((((((((((((((((((((( snapshot@2008-07-01_17.19.56.82 )))))))))))))))))))))))))))))))))))))))))

.

  • 2008-05-21 10:56:08 124,208 ----a-w C:\WINDOWS\Downloaded Program Files\as2stubie.dll
  • 2008-06-30 08:39:58 128,256 ----a-w C:\WINDOWS\Downloaded Program Files\as2stubie.dll

  • 2008-07-06 13:10:12 22,016 ----a-w C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP\WiseCustomCall.dll

  • 2008-07-06 15:45:50 10,134 ----a-r C:\WINDOWS\Installer{4B206352-0BFF-47A8-B9D6-3876AB2A367A}\callmsi.exe

  • 2008-07-06 15:45:50 140,544 ----a-r C:\WINDOWS\Installer{4B206352-0BFF-47A8-B9D6-3876AB2A367A}\egui.exe

  • 2008-02-22 23:12:56 217,864 ----a-r C:\WINDOWS\Installer{90120000-006E-0415-0000-0000000FF1CE}\misc.exe
  • 2008-07-06 18:50:08 217,864 ----a-r C:\WINDOWS\Installer{90120000-006E-0415-0000-0000000FF1CE}\misc.exe

  • 2008-07-01 17:04:48 18,944 ----a-r C:\WINDOWS\Installer{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

  • 2008-07-01 17:04:48 65,024 ----a-r C:\WINDOWS\Installer{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

  • 2006-10-26 12:10:06 33,088 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
  • 2006-10-26 11:10:06 33,088 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
  • 2008-06-21 09:21:07 328,296 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
  • 2008-07-06 10:22:30 327,504 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
  • 2007-07-04 12:28:32 196,684 ----a-w C:\WINDOWS\system32\lnod32apiA.dll
  • 2007-07-27 12:49:02 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll
  • 2007-07-04 12:28:34 225,356 ----a-w C:\WINDOWS\system32\lnod32apiW.dll
  • 2007-07-27 12:49:02 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll
  • 2005-12-05 18:25:22 139,264 ----a-w C:\WINDOWS\system32\lnod32umc.dll
  • 2005-12-05 17:25:22 139,264 ----a-w C:\WINDOWS\system32\lnod32umc.dll
  • 2005-12-05 11:37:10 106,496 ----a-w C:\WINDOWS\system32\lnod32upd.dll
  • 2005-12-05 10:37:10 106,496 ----a-w C:\WINDOWS\system32\lnod32upd.dll
  • 2007-07-04 12:53:32 233,472 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
  • 2008-02-11 07:39:26 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
  • 2007-07-04 12:53:20 221,184 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
  • 2008-02-11 07:39:18 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
  • 2007-06-29 15:32:42 16,896 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
  • 2008-02-08 11:53:46 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
  • 2007-06-13 09:10:34 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
  • 2008-02-05 06:48:04 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
  • 2008-07-01 14:29:35 65,764 ----a-w C:\WINDOWS\system32\perfc009.dat
  • 2008-07-07 22:47:40 66,112 ----a-w C:\WINDOWS\system32\perfc009.dat
  • 2008-07-01 14:29:35 83,814 ----a-w C:\WINDOWS\system32\perfc015.dat
  • 2008-07-07 22:47:40 84,162 ----a-w C:\WINDOWS\system32\perfc015.dat
  • 2008-07-01 14:29:35 412,928 ----a-w C:\WINDOWS\system32\perfh009.dat
  • 2008-07-07 22:47:40 413,852 ----a-w C:\WINDOWS\system32\perfh009.dat
  • 2008-07-01 14:29:36 471,076 ----a-w C:\WINDOWS\system32\perfh015.dat
  • 2008-07-07 22:47:40 472,078 ----a-w C:\WINDOWS\system32\perfh015.dat

  • 2004-12-07 08:11:34 258,352 ----a-w C:\WINDOWS\system32\unicows.dll

  • 2005-09-23 05:29:16 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
  • 2006-10-26 11:40:36 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
  • 2005-09-23 05:29:16 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
  • 2006-10-26 11:40:36 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
  • 2005-09-23 05:29:16 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
  • 2006-10-26 11:40:36 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll

.

– Snapshot reset to current date –

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2008-04-14 22:51 15360]

“H/PC Connection Agent”=“C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE” [2005-01-19 16:29 405583]

“IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe” [2008-02-28 17:07 1828136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTCheck”=“C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe” [2008-07-02 19:44 397312]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 04:25 144784]

“RemoteControl”=“G:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” [2004-06-28 21:29 32768]

“NeroFilterCheck”=“C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe” [2008-02-28 09:59 570664]

“Samsung LBP SM”=“C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe” [2003-04-04 09:40 266240]

“SNM”=“C:\Program Files\SpyNoMore\SNM.exe” [2008-06-30 23:22 1064400]

“DAEMON Tools-1033”=“C:\Program Files\D-Tools\daemon.exe” [2004-08-22 18:05 81920]

“egui”=“C:\Program Files\ESET\ESET Smart Security\egui.exe” [2008-06-10 18:52 1447168]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2008-04-14 22:51 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!saswinlogon]

2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“vidc.I420”= vdrcodec.dll

“msacm.avis”= ff_acm.acm

“MSACM.CEGSM”= mobilev.acm

“msacm.ac3filter”= ac3filter.acm

“VIDC.MJPG”= Pvmjpg30.dll

“VIDC.CSCD”= camcodec.dll

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^InterVideo WinCinema Manager.lnk]

[HKLM~\startupfolder\C:^Documents and Settings^x^Menu Start^Programy^Autostart^Adobe Gamma.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM~\startupfolder\C:^Documents and Settings^x^Menu Start^Programy^Autostart^OpenOffice.org 2.2.lnk]

backup=C:\WINDOWS\pss\OpenOffice.org 2.2.lnkStartup

[HKLM~\startupfolder\C:^Documents and Settings^x^Menu Start^Programy^Autostart^Registration Heroes of Might Magic 5 - Hammers of Fate.LNK]

backup=C:\WINDOWS\pss\Registration Heroes of Might Magic 5 - Hammers of Fate.LNKStartup

=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kernelfaultcheck]

C:\WINDOWS\system32\dumprep 0 -k [X]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

–a------ 2006-01-12 20:52 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]

–a------ 2008-06-14 19:03 2194744 C:\Program Files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

–a------ 2006-07-24 19:07 169984 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nbkeyscan]

–a------ 2008-02-18 16:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

–a------ 2006-04-26 08:29 237568 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

–a------ 2005-10-24 16:53 307200 C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]

–a------ 2004-12-20 08:31 151552 C:\PROGRA~1\Mouse\Amoumain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

–a------ 2008-01-16 00:54 37376 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

“ose”=3 (0x3)

“gusvc”=3 (0x3)

“Adobe LM Service”=3 (0x3)

“CA_LIC_CLNT”=2 (0x2)

“ccsetmgr”=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusOverride”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“C:\Program Files\eMule\emule.exe”=

“C:\Program Files\NAPI-PROJEKT\napisy.exe”=

“C:\Program Files\Registry Washer\LiveUpdate.exe”=

“C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe”=

“C:\Program Files\Ubisoft\THE SETTLERS - Narodziny Imperium\base\bin\Settlers6.exe”=

“C:\Program Files\Ubisoft\THE SETTLERS - Narodziny Imperium\extra1\bin\Settlers6.exe”=

“C:\WINDOWS\system32\ftp.exe”=

“C:\Program Files\MoorHunt\MoorHunt.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“%windir%\system32\sessmgr.exe”=

“C:\Documents and Settings\x\Pulpit\yaglow\Ygoow.exe”=

“C:\Program Files\Pinnacle\Studio 11\programs\RM.exe”=

“C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe”=

“C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe”=

“C:\Program Files\Pinnacle\Studio 11\programs\umi.exe”=

“C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\Polish\setup.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“11951:TCP”= 11951:TCP:BitComet 11951 TCP

“11951:UDP”= 11951:UDP:BitComet 11951 UDP

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

“AllowInboundTimestampRequest”= 1 (0x1)

“AllowInboundMaskRequest”= 1 (0x1)

“AllowInboundRouterRequest”= 1 (0x1)

“AllowOutboundTimeExceeded”= 1 (0x1)

“AllowRedirect”= 1 (0x1)

“AllowOutboundPacketTooBig”= 1 (0x1)

R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v3.8.360\ATI Tray Tools\atitray.sys [2007-05-22 11:04]

R2 LinksysUpdater;Linksys Updater;“C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe” -s “C:\Program Files\Linksys\Linksys Updater\conf\wrapper.conf” []

R2 LogWatch;Event Log Watch;“C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe” [2004-07-23 16:06]

R2 port_nt;port_nt;c:\windows\system32\drivers\port_nt.sys [2000-10-24 00:00]

S0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys []

S2 plánovač automatické aktualizace liveupdate;Plánovač automatické aktualizace LiveUpdate;“C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe” []

S3 AC2003;AC2003;C:\WINDOWS\system32\Drivers\AC2003.sys [2003-12-10 09:21]

S3 Arfumftr;(Standard Mouse Types) USB RF-Mouse filter driver;C:\WINDOWS\system32\DRIVERS\Arfumftr.sys [2004-12-20 08:31]

S3 Memctl;Memctl;C:\Program Files\U-ABIT\FlashMenu\Memctl.sys [2006-04-18 15:53]

S3 MksMonEn;MkS_Mon Kernel Engine;C:\Program Files\MKS\Bin\MksMonEn.sys []

S3 MksMonEv;MkS_Mon Kernel Events;C:\Program Files\MKS\Bin\MksMonEv.sys []

S3 MksMonFd;MkS_Mon Kernel Filter Driver;C:\Program Files\MKS\Bin\MksMonFd.sys []

S3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2007-09-21 03:52]

S4 CA_LIC_CLNT;CA License Client;“C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe” [2004-08-31 15:21]

.

Contents of the ‘Scheduled Tasks’ folder

“2008-07-07 18:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Prověřit tento počítač - x.job”

  • C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exef/TASK:

.

        • ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-08 17:49:49

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-07-08 17:50:49

ComboFix-quarantined-files.txt 2008-07-08 15:50:42

ComboFix2.txt 2008-07-04 17:27:08

ComboFix3.txt 2008-07-02 19:08:48

ComboFix4.txt 2008-07-01 15:20:56

Pre-Run: 24,909,926,400 bajtów wolnych

Post-Run: 26,049,163,264 bajtów wolnych

356 — E O F — 2008-07-07 01:01:14

(JNJN) #6

Przeczytaj tematy przyklejone w tym dziale i popraw wszystko, opcja edytuj.JNJN

(huber2t) #7

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP

C:\WINDOWS\BM8b03637a.xml

C:\WINDOWS\000002_.tmp

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Rozpocznie się usuwanie i powstanie log, który dasz na forum.

Logi dajesz na http://wklejto.pl a w poście dajesz tylko link