kajko
(Kajko10)
10 Grudzień 2007 16:57
#1
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:56:51, on 2007-12-10 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE E:\Programy\Ad-Aware\bebechy\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\DialNet\winpppoverethernet.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\WINDOWS\ATKKBService.exe E:\Programy\Ewido Anti-Spyware\bebechy\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe E:\Programy\Alkohol 120%\bebechy\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\DialNet\WrOS.EXE C:\WINDOWS\System32\alg.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=3 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.idg.pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.idg.pl R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Programy\FlashGet\bebechy\FlashGet\jccatch.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Programy\BitComet\bebechy\BitComet\tools\BitCometBHO_1.1.9.24.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - E:\Programy\Expressivo\bebechy\Expressivo\IH_iexplore.dll O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Programy\FlashGet\bebechy\FlashGet\getflash.dll O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\Programy\FlashGet\bebechy\FlashGet\fgiebar.dll O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - E:\Programy\Expressivo\bebechy\Expressivo\IH_iexplore.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [HP Software Update] “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe” O4 - HKLM…\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM…\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” O4 - HKLM…\Run: [iaxLite] C:\Documents and Settings\Imperator\Pulpit\iaxLite.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [a-winpoet-service] “C:\Program Files\DialNet\winpppoverethernet.exe” O4 - HKLM…\Run: [] “C:\PROGRA~1\DialNet\FPLICE~1.EXE zhimakaimen//WINPOET_QUITTING_EVENT” O4 - HKLM…\Run: [z-wrdialer] “C:\Program Files\DialNet\wrdialer.exe” O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [z-WrDialer] C:\Program Files\DialNet\WrDialer.exe O4 - HKCU…\Run: [AlcoholAutomount] “E:\Programy\Alkohol 120%\bebechy\Alcohol 120\axcmd.exe” /automount O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Programy\Adobe Reader\bebechy\Reader\reader_sl.exe O4 - Global Startup: BlueSoleil.lnk = ? O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\Programy\BitComet\bebechy\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\Programy\BitComet\bebechy\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\Programy\BitComet\bebechy\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - E:\Programy\FlashGet\bebechy\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - E:\Programy\FlashGet\bebechy\FlashGet\jc_all.htm O8 - Extra context menu item: Add to AMV Converter… - C:\Program Files\MP3 Player Utilities 4.10\AMVConverter\grab.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.10\MediaManager\grab.html O8 - Extra context menu item: Pobierz z &BitSpirit - E:\Programy\BitSpirit\bebechy\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - E:\Programy\BitComet\bebechy\BitComet\tools\BitCometBHO_1.1.9.24.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programy\FRONTP~1\bebechy\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Programy\FlashGet\bebechy\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Programy\FlashGet\bebechy\FlashGet\flashget.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 8965652077 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 8967508686 O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s … wflash.cab O17 - HKLM\System\CCS\Services\Tcpip…{048B6076-D97B-4BDA-B20F-9491EC7A3DC4}: NameServer = 85.255.115.45,85.255.112.110 O17 - HKLM\System\CCS\Services\Tcpip…{44C8C720-02AE-4758-8012-B2AFBBB6F90F}: NameServer = 85.255.115.45,85.255.112.110 O17 - HKLM\System\CCS\Services\Tcpip…{761F71E0-A1FB-455D-B5BC-92CC092593ED}: NameServer = 85.255.115.45,85.255.112.110 O17 - HKLM\System\CCS\Services\Tcpip…{7E6274FD-74C7-473B-AA95-869A7BF3648B}: NameServer = 85.255.115.45,85.255.112.110 O17 - HKLM\System\CCS\Services\Tcpip…{806356A4-C86A-48AD-8424-9934A1196A67}: NameServer = 85.255.115.45,85.255.112.110 O17 - HKLM\System\CCS\Services\Tcpip…{A7B99E96-D135-41EA-9116-11451CCC9309}: NameServer = 85.255.115.45,85.255.112.110 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.45 85.255.112.110 O17 - HKLM\System\CS1\Services\Tcpip…{048B6076-D97B-4BDA-B20F-9491EC7A3DC4}: NameServer = 85.255.115.45,85.255.112.110 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.45 85.255.112.110 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Programy\Ad-Aware\bebechy\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Programy\Ewido Anti-Spyware\bebechy\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: ##Id_String1 .6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpdj - HP - C:\DOCUME~1\IMPERA~1\USTAWI~1\Temp\hpdj.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\WINDOWS\ O23 - Service: WinPPPoverEthernet - Fine Point Technologies, Inc. - C:\Program Files\DialNet\WrOS.EXE – End of file - 12334 bytes
Złączono Posta : 10.12.2007 (Pon) 18:04
Witam. Przekierowania w czasie odwiedzania witryny Google. Po wyszukaniu tematów w Googlach otwierają się stronki reklamowe, a nie znalezione przez witrynę.
Pozdrawiam kajko
Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE
Pozdrawiam Gutek2222
Gutek
(Gutek)
10 Grudzień 2007 17:09
#2
O17 - HKLM\System\CCS\Services\Tcpip…{048B6076-D97B-4BDA-B20F-9491EC7A3DC4}: NameServer = 85.255.115.45,85.255.112.110 O17 - HKLM\System\CCS\Services\Tcpip…{44C8C720-02AE-4758-8012-B2AFBBB6F90F}: NameServer = 85.255.115.45,85.255.112.110 O17 - HKLM\System\CCS\Services\Tcpip…{761F71E0-A1FB-455D-B5BC-92CC092593ED}: NameServer = 85.255.115.45,85.255.112.110 O17 - HKLM\System\CCS\Services\Tcpip…{7E6274FD-74C7-473B-AA95-869A7BF3648B}: NameServer = 85.255.115.45,85.255.112.110 O17 - HKLM\System\CCS\Services\Tcpip…{806356A4-C86A-48AD-8424-9934A1196A67}: NameServer = 85.255.115.45,85.255.112.110 O17 - HKLM\System\CCS\Services\Tcpip…{A7B99E96-D135-41EA-9116-11451CCC9309}: NameServer = 85.255.115.45,85.255.112.110 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.45 85.255.112.110 O17 - HKLM\System\CS1\Services\Tcpip…{048B6076-D97B-4BDA-B20F-9491EC7A3DC4}: NameServer = 85.255.115.45,85.255.112.110 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.45 85.255.112.110
usuń wpisy HJT
Użyj FixWareOut - http://downloads.subratam.org/Fixwareout.exe
Daj log z ComboFix
kajko
(Kajko10)
10 Grudzień 2007 17:24
#3
CODE Username “Imperator” - 2007-12-10 18:14:21 [Fixwareout edited 9/01/2007]
HKLM\SOFTWARE\~\Winlogon\ "System"="kdfjm.exe"
HKEY\_LOCAL\_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.115.45 85.255.112.110"
HKEY\_LOCAL\_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{048B6076-D97B-4BDA-B20F-9491EC7A3DC4}
"nameserver"="85.255.115.45,85.255.112.110"
HKEY\_LOCAL\_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{44C8C720-02AE-4758-8012-B2AFBBB6F90F}
"nameserver"="85.255.115.45,85.255.112.110"
HKEY\_LOCAL\_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{761F71E0-A1FB-455D-B5BC-92CC092593ED}
"nameserver"="85.255.115.45,85.255.112.110"
HKEY\_LOCAL\_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7E6274FD-74C7-473B-AA95-869A7BF3648B}
"nameserver"="85.255.115.45,85.255.112.110"
HKEY\_LOCAL\_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{806356A4-C86A-48AD-8424-9934A1196A67}
"nameserver"="85.255.115.45,85.255.112.110"
HKEY\_LOCAL\_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{A7B99E96-D135-41EA-9116-11451CCC9309}
"nameserver"="85.255.115.45,85.255.112.110"
HKEY\_LOCAL\_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{048B6076-D97B-4BDA-B20F-9491EC7A3DC4}
"DhcpNameServer"="85.255.115.45,85.255.112.110"
HKEY\_LOCAL\_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{44C8C720-02AE-4758-8012-B2AFBBB6F90F}
"DhcpNameServer"="85.255.115.45,85.255.112.110"
HKEY\_LOCAL\_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{806356A4-C86A-48AD-8424-9934A1196A67}
"DhcpNameServer"="85.255.115.45,85.255.112.110"
HKEY\_LOCAL\_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{A7B99E96-D135-41EA-9116-11451CCC9309}
"DhcpNameServer"="85.255.115.45,85.255.112.110"
HKEY\_LOCAL\_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{B73359C6-5B5B-4901-8250-BAD31B5456F4}
"DhcpNameServer"="85.255.115.45,85.255.112.110"
Pomyślnie opróżniono pamięć podręczną programu rozpoznawania nazw DNS.
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINDOWS\Temp\kdfjm.ren 72729 2007-06-13
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"SoundMan"="SOUNDMAN.EXE"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"DeviceDiscovery"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\_03\\bin\\jusched.exe\""
"iaxLite"="C:\\Documents and Settings\\Imperator\\Pulpit\\iaxLite.exe"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"a-winpoet-service"="\"C:\\Program Files\\DialNet\\winpppoverethernet.exe\""
@="\"C:\\PROGRA~1\\DialNet\\FPLICE~1.EXE zhimakaimen//WINPOET\_QUITTING\_EVENT\""
"z-wrdialer"="\"C:\\Program Files\\DialNet\\wrdialer.exe\""
[HKEY\_CURRENT\_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"eyeBeam SIP Client"=""
"Gadu-Gadu"="\"C:\\Program Files\\Gadu-Gadu\\gg.exe\" /tray"
"z-WrDialer"="C:\\Program Files\\DialNet\\WrDialer.exe"
"AlcoholAutomount"="\"E:\\Programy\\Alkohol 120%\\bebechy\\Alcohol 120\\axcmd.exe\" /automount"
[HKEY\_CURRENT\_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~End report~~~~~ QUOTE
**_Złączono Posta_** _: 10.12.2007 (Pon) 18:27_
Wita. Użyłem FixWareOut, wyłączył , przeskanował, włączył. Nie wiem czy mam samodzielnie coś usuwać ??
**_Złączono Posta_** _: 10.12.2007 (Pon) 18:29_
Witam. Rozumiem że 9 wpisów "O17" mam usunąć ręcznie ???
**_Złączono Posta_** _: 10.12.2007 (Pon) 18:37_
Witam. ComboFix.exe nie jest prawidłową aplikacją systemu Win32. Otrzymuję taki komunikat w trakcie uruchamiania ComboFix, i nic się nie dzieje.
Pozdrawiam kajko
**_Złączono Posta_** _: 10.12.2007 (Pon) 18:46_
CODE ComboFix 07-12-09.1 - Imperator 2007-12-10 18:42:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.626 [GMT 1:00]
Running from: E:\Pliki z Menadżera\ComboFix.exe
\* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\History\search
C:\WINDOWS\hosts
.
((((((((((((((((((((((((( Files Created from 2007-11-10 to 2007-12-10 )))))))))))))))))))))))))))))))
.
2007-12-10 17:17 . 2007-12-10 17:17
2007-12-06 22:24 . 2007-12-06 22:47
2007-12-06 22:24 . 2007-12-10 18:15
2007-12-05 18:59 . 2007-12-05 18:59 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-11-29 20:18 . 2007-12-04 19:23
2007-11-26 16:30 . 2007-11-26 16:30
2007-11-26 15:57 . 2007-11-26 15:57 360 --a------ C:\drmHeader.bin
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-10 17:16 --------- d-----w C:\Program Files\DialNet
2007-12-10 11:57 --------- d-----w C:\Documents and Settings\Imperator\Dane aplikacji\Programer
2007-12-08 21:14 --------- d-----w C:\Documents and Settings\Imperator\Dane aplikacji\GanymedeNet
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-12-03 16:59 --------- d-----w C:\Documents and Settings\Imperator\Dane aplikacji\Skype
2007-11-24 18:17 --------- d-----w C:\Documents and Settings\Imperator\Dane aplikacji\Ahead
2007-11-20 16:34 --------- d-----w C:\Program Files\Ganymede
2007-11-10 16:45 23,008 ----a-w C:\Documents and Settings\Imperator\Dane aplikacji\GDIPFONTCACHEV1.DAT
2007-11-02 17:20 --------- d-----w C:\Program Files\Zylom Games
2007-11-02 17:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Zylom
2007-10-31 18:19 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2007-10-24 19:55 --------- d-----w C:\Program Files\City Interactive
2007-10-24 16:41 --------- d-----w C:\Program Files\Java
2007-10-14 15:18 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2007-10-14 15:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-14 15:03 --------- d-----w C:\Program Files\LEGO Media
2007-10-11 18:30 --------- d-----w C:\Program Files\DivX
2007-10-04 18:33 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-09-27 09:26 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-27 09:26 167,936 ----a-w C:\WINDOWS\system32\ts.dll
2007-09-27 09:26 1,559,040 ----a-w C:\WINDOWS\system32\xvidcore.dll
2007-09-27 09:25 79,360 ----a-w C:\WINDOWS\system32\mkzlib.dll
2007-09-27 09:25 23,552 ----a-w C:\WINDOWS\system32\mkunicode.dll
2007-09-27 09:25 151,040 ----a-w C:\WINDOWS\system32\mkx.dll
2007-09-27 09:25 142,848 ----a-w C:\WINDOWS\system32\mp4.dll
2007-01-22 12:40 36 ----a-w C:\Documents and Settings\Imperator\klextlock.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
\*Note\* empty entries & legit default entries are not shown
REGEDIT4
[HKEY\_CURRENT\_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"eyeBeam SIP Client"="" []
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 15:36]
"z-WrDialer"="C:\Program Files\DialNet\WrDialer.exe" [2007-01-18 12:18]
"AlcoholAutomount"="E:\Programy\Alkohol 120%\bebechy\Alcohol 120\axcmd.exe" [2007-07-02 11:29]
[HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:44 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-04-19 12:26 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 14:42 C:\WINDOWS\SOUNDMAN.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 14:43]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\_03\bin\jusched.exe" [2007-09-25 00:11]
"iaxLite"="C:\Documents and Settings\Imperator\Pulpit\iaxLite.exe" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:44 C:\WINDOWS\system32\rundll32.exe]
"a-winpoet-service"="C:\Program Files\DialNet\winpppoverethernet.exe" [2007-01-18 09:26]
"z-wrdialer"="C:\Program Files\DialNet\wrdialer.exe" [2007-01-18 12:18]
[HKEY\_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44]
R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;C:\WINDOWS\system32\DRIVERS\WrKPoET2000.sys
R3 dsnpfd;DeskSoft Service;C:\WINDOWS\system32\DRIVERS\dsnpfd.sys
R3 FPD;Fine Point Packet Service;\??\C:\WINDOWS\system32\drivers\fpd.sys
R3 WrKPoET2000;WrKPoET2000;\??\C:\Program Files\DialNet\WrKPoET2000.sys
R3 WRSWanDD;WinPoET PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys
\*Newly Created Service\* - CATCHME
\*Newly Created Service\* - PROCEXP90
.
\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [http://www.gmer.net](http://www.gmer.net)
Rootkit scan 2007-12-10 18:43:27
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
.
Completion time: 2007-12-10 18:43:51
.
--- E O F --- QUOTE
pROSZę LOG Z cOMOfIX
**_Złączono Posta_** _: 10.12.2007 (Pon) 18:49_
Witam. Ściągnąłem ComboFix z innej lokalizacji i zadziałał. Log powyżej ![!!](https://forum.dpcdn.pl/uploads/icon_wykrzyknik.gif)
Pozdrawiam kajko
**_Złączono Posta_** _: 10.12.2007 (Pon) 18:51_
Witam i czekam na dalszą POMOC ![!!](https://forum.dpcdn.pl/uploads/icon_wykrzyknik.gif)
Pozdrawiam kajko.
Gutek
(Gutek)
11 Grudzień 2007 19:08
#4