Rootkit


(L Kaska1) #1

Ciągle wyskakuje

Logfile of HijackThis v1.99.1

Scan saved at 21:08, on 2008-07-16

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\WINDOWS\SOINTGR.EXE

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\rhcat1j0e3br\rhcat1j0e3br.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\PROGRA~1\Crawler\CToolbar.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\DOCUME~1\jacek\USTAWI~1\Temp\Rar$EX00.719\HijackThis.exe

C:\Program Files\Symantec\LiveUpdate\AUpdate.exe

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66008

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=66008

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66008

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=66008

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: qndsfmao - {3BB35E2E-9AE6-4FDE-A691-9E5BDBD93044} - C:\WINDOWS\qndsfmao.dll (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM..\Run: [DTemp] C:\SysPrep\Test\DTemp\DTemp.exe

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [sO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE

O4 - HKLM..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM..\Run: [VTTimer] VTTimer.exe

O4 - HKLM..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM..\Run: [No-IP Client 1.42] C:\Program Files\No-IP Client\noipclient.exe

O4 - HKLM..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM..\Run: [hosted] C:\Windows\system32\hosted.exe

O4 - HKLM..\Run: [!xSpeed] C:!xSpeedPro!xSpeedPro.exe reg

O4 - HKLM..\Run: [diagnostic] C:\Windows\system32\diagnostic.exe

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [sMrhcat1j0e3br] C:\Program Files\rhcat1j0e3br\rhcat1j0e3br.exe

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm

O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.pcf.pl/

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://slimak.onet.pl/_m/wirusy/ArcaOnline.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8922579046

O16 - DPF: {70B410C0-BADA-11D4-8308-0080C8D7ED4A} (GameDesire Bridge) - http://67.15.101.3/g_bin/pl/bridge_2_0_0_20.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_28.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_28.cab

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: kvxqmtre - {C0DE8CD2-3A0D-41CD-86EB-847639869BEB} - C:\WINDOWS\kvxqmtre.dll (file missing)

O21 - SSODL: evgratsm - {97D73E37-D58A-466F-94AD-23938E0BA317} - C:\WINDOWS\evgratsm.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Sandra Service (SandraTheSrv) - Unknown owner - C:\Documents and Settings\Właściciel\Pulpit\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe (file missing)

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

jesli cos zle podalam to przepraszam


(Kamil2993) #2

Fix w HiJackThis :

C:\Program Files\rhcat1j0e3br\rhcat1j0e3br.exe

C:\PROGRA~1\Crawler\CToolbar.exe

O3 - Toolbar: qndsfmao - {3BB35E2E-9AE6-4FDE-A691-9E5BDBD93044} - C:\WINDOWS\qndsfmao.dll (

O4 - HKLM..\Run: [hosted] C:\Windows\system32\hosted.exe

O4 - HKLM..\Run: [!xSpeed] C:!xSpeedPro!xSpeedPro.exe reg

O4 - HKLM..\Run: [diagnostic] C:\Windows\system32\diagnostic.exe

O4 - HKLM..\Run: [sMrhcat1j0e3br] C:\Program Files\rhcat1j0e3br\rhcat1j0e3br.exe

O16 - DPF: {70B410C0-BADA-11D4-8308-0080C8D7ED4A} (GameDesire Bridge) - http://67.15.101.3/g_bin/pl/bridge_2_0_0_20.cab

O21 - SSODL: evgratsm - {97D73E37-D58A-466F-94AD-23938E0BA317} - C:\WINDOWS\evgratsm.dll (file missing)

O21 - SSODL: kvxqmtre - {C0DE8CD2-3A0D-41CD-86EB-847639869BEB} - C:\WINDOWS\kvxqmtre.dll (file missing)

Zapodaj jeszcze loga z ComboFix


(Dmirecki) #3

FIX:

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

C:\WINDOWS\qndsfmao.dll

C:\Windows\system32\diagnostic.exe

C:\WINDOWS\kvxqmtre.dll

C:\WINDOWS\evgratsm.dll


Folder::

C:\Program Files\rhcat1j0e3br

Plik -> zapisz jako -> CFScript.txt

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

88953CFScript-createdbyMiekiemoes.gif

Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum + nowy log z HijackThis.

Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: **** Qoobox


(L Kaska1) #4

ComboFix 08-07-15.4 - jacek 2008-07-17 16:52:47.6 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.590 [GMT 2:00]

Running from: C:\Documents and Settings\jacek\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\jacek\Pulpit\CFScript.txt

* Created a new restore point

FILE ::

C:\WINDOWS\evgratsm.dll

C:\WINDOWS\kvxqmtre.dll

C:\WINDOWS\qndsfmao.dll

C:\Windows\system32\diagnostic.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\Documents and Settings\Administrator\Dane aplikacji\rhcat1j0e3br

C:\Documents and Settings\jacek\Dane aplikacji\rhcat1j0e3br

C:\Documents and Settings\paweł\Dane aplikacji\rhcat1j0e3br

C:\hl.exe

C:\kmd.exe

C:\Program Files\rhcat1j0e3br

C:\Program Files\rhcat1j0e3br\database.dat

C:\Program Files\rhcat1j0e3br\license.txt

C:\Program Files\rhcat1j0e3br\MFC71.dll

C:\Program Files\rhcat1j0e3br\MFC71ENU.DLL

C:\Program Files\rhcat1j0e3br\msvcp71.dll

C:\Program Files\rhcat1j0e3br\msvcr71.dll

C:\Program Files\rhcat1j0e3br\rhcat1j0e3br.exe

C:\Program Files\rhcat1j0e3br\rhcat1j0e3br.exe.local

C:\Program Files\rhcat1j0e3br\Uninstall.exe

C:\WINDOWS\evwd.exe

C:\WINDOWS\system32\blphcet1j0e3br.scr

C:\WINDOWS\system32\D.tmp

C:\WINDOWS\system32\kmd.exe

C:\WINDOWS\system32\lphcet1j0e3br.exe

C:\WINDOWS\system32\phcet1j0e3br.bmp

C:\WINDOWS\system32\pphcet1j0e3br.exe

.

((((((((((((((((((((((((( Files Created from 2008-06-17 to 2008-07-17 )))))))))))))))))))))))))))))))

.

2008-07-16 20:15 . 2008-07-16 20:15

2008-07-16 20:15 . 2008-07-16 20:15 0 --a------ C:\WINDOWS\nsreg.dat

2008-07-16 20:13 . 2008-07-17 15:56 94,208 --a------ C:\WINDOWS\system32\1A.tmp

2008-07-16 19:56 . 2008-07-16 19:56

2008-07-16 19:44 . 2008-07-16 20:07 94,208 --a------ C:\WINDOWS\system32\14.tmp

2008-07-16 19:44 . 2008-07-16 20:06 94,208 --a------ C:\WINDOWS\system32\13.tmp

2008-07-16 19:37 . 2008-07-16 19:37

2008-07-16 19:37 . 2008-07-16 19:37

2008-07-16 19:12 . 2008-07-16 19:37 94,208 --a------ C:\WINDOWS\system32\3A2.tmp

2008-07-16 19:12 . 2008-07-16 19:16 94,208 --a------ C:\WINDOWS\system32\389.tmp

2008-07-16 14:40 . 2008-07-16 19:02 94,208 --a------ C:\WINDOWS\system32\371.tmp

2008-07-16 14:40 . 2008-07-16 18:57 94,208 --a------ C:\WINDOWS\system32\36F.tmp

2008-07-16 14:40 . 2008-07-16 18:56 94,208 --a------ C:\WINDOWS\system32\36E.tmp

2008-07-16 14:40 . 2008-07-16 18:56 94,208 --a------ C:\WINDOWS\system32\36D.tmp

2008-07-16 14:40 . 2008-07-16 18:56 94,208 --a------ C:\WINDOWS\system32\36C.tmp

2008-07-16 14:40 . 2008-07-16 18:54 94,208 --a------ C:\WINDOWS\system32\36B.tmp

2008-07-16 14:40 . 2008-07-16 18:12 94,208 --a------ C:\WINDOWS\system32\368.tmp

2008-07-16 14:40 . 2008-07-16 17:56 94,208 --a------ C:\WINDOWS\system32\367.tmp

2008-07-16 14:40 . 2008-07-16 17:55 94,208 --a------ C:\WINDOWS\system32\366.tmp

2008-07-16 11:19 . 2008-07-16 11:19

2008-07-15 15:08 . 2008-07-15 15:08

2008-07-15 15:08 . 2008-07-15 15:08

2008-07-14 15:42 . 2008-07-14 15:42 2,420 --a------ C:\language.PNF

2008-07-11 19:51 . 2008-07-16 14:49

2008-07-10 18:13 . 2008-07-10 18:13

2008-07-10 18:13 . 2005-06-08 10:36 397,312 --a------ C:\hlds.exe

2008-07-10 18:13 . 2006-10-27 08:49 229,376 --a------ C:\Core.dll

2008-07-10 18:13 . 2004-06-29 14:12 221,184 --a------ C:\hltv.exe

2008-07-10 18:13 . 2004-08-13 13:53 211,456 --a------ C:\a3dapi.dll

2008-07-10 18:13 . 2005-06-08 10:36 122,980 --a------ C:\FileSystem_Steam.dll

2008-07-10 18:13 . 2005-09-16 23:53 118,873 --a------ C:\FileSystem_Stdio.dll

2008-07-10 18:13 . 2004-06-29 14:12 90,112 --a------ C:\DemoPlayer.dll

2008-07-10 18:13 . 2004-06-29 14:12 69,632 --a------ C:\dbg.dll

2008-07-10 18:13 . 2004-08-13 13:54 63 --a------ C:\language.inf

2008-07-10 18:12 . 2008-07-10 18:13

2008-07-10 18:12 . 2008-07-10 18:13

2008-07-10 18:12 . 2008-07-10 18:13

2008-07-10 18:12 . 2008-07-10 18:13

2008-07-08 18:14 . 2008-07-17 16:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-07-08 18:14 . 2008-07-08 18:14 1,409 --a------ C:\WINDOWS\QTFont.for

2008-07-05 13:37 . 2008-07-05 13:37

2008-07-02 12:18 . 2008-07-02 12:18

2008-06-29 08:33 . 2008-06-29 08:33

2008-06-27 08:49 . 2008-06-27 08:49

2008-06-27 08:18 . 2003-06-18 16:48 306,688 --a------ C:\WINDOWS\IsUninst.exe

2008-06-27 08:18 . 2003-07-02 04:42 27,904 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS

2008-06-25 17:10 . 2008-06-25 17:10

2008-06-24 07:21 . 2008-07-07 09:51 917 --a------ C:\WINDOWS\GTA-SA_Trn_Settings.ini

2008-06-17 16:34 . 2008-06-17 16:34

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-17 14:53 --------- d-----w C:\Program Files\Crawler

2008-07-17 13:44 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy

2008-07-16 19:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-07-16 12:43 --------- d-----w C:\Documents and Settings\paweł\Dane aplikacji\MegauploadToolbar

2008-07-12 06:11 --------- d-----w C:\Program Files\Valve

2008-07-11 17:22 --------- d-----w C:\Program Files\Warcraft III

2008-07-11 05:15 --------- d-----w C:\Documents and Settings\ada\Dane aplikacji\Skype

2008-07-11 05:15 --------- d-----w C:\Documents and Settings\ada\Dane aplikacji\Hamachi

2008-07-08 07:19 --------- d-----w C:\Program Files\Opera

2008-07-06 18:36 --------- d-----w C:\Documents and Settings\ada\Dane aplikacji\MEGAUPLOADTOOLBAR

2008-07-05 11:37 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-07-04 19:23 --------- d-----w C:\Program Files\Gadu-Gadu

2008-07-02 10:22 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-06-27 06:24 --------- d-----w C:\Program Files\VIA

2008-06-27 05:50 --------- d-----w C:\Program Files\D-Tools

2008-06-27 05:06 --------- d-----w C:\Documents and Settings\jacek\Dane aplikacji\Image Zone Express

2008-06-26 19:58 --------- d-----w C:\Program Files\MegauploadToolbar

2008-06-25 16:00 --------- d-----w C:\Program Files\Norton Security Scan

2008-06-25 15:10 92,728 ----a-w C:\WINDOWS\system32\bass.dll

2008-06-25 12:05 --------- d-----w C:\Documents and Settings\paweł\Dane aplikacji\Hamachi

2008-06-24 12:30 --------- d-----w C:\Program Files\warrock

2008-06-24 10:52 --------- d-----w C:\Program Files\Picasa2

2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 14:15 --------- d-----w C:\Documents and Settings\paweł\Dane aplikacji\Tibia

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-19 19:25 --------- d-----w C:\Program Files\PhotoScape

2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-09 13:38 --------- d-----w C:\Program Files\RonOTS Client

2008-06-03 04:52 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-06-03 04:52 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-05-31 11:29 --------- d-----w C:\Program Files\ArtMoney

2008-05-30 20:09 --------- d-----w C:\Program Files\Tibia4

2008-05-30 07:58 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2008-05-29 03:54 33,824 ----a-w C:\WINDOWS\system32\drivers\oreans32.sys

2008-05-25 16:09 --------- d-----w C:\Documents and Settings\jacek\Dane aplikacji\Tibia

2008-05-25 11:11 674,600 ----a-w C:\WINDOWS\system32\pbsvc.exe

2008-05-25 11:11 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2008-05-25 11:11 22,328 ----a-w C:\Documents and Settings\paweł\Dane aplikacji\PnkBstrK.sys

2008-05-25 09:55 --------- d-----w C:\Program Files\Tibia2

2008-05-24 14:12 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys

2008-05-24 07:18 --------- d-----w C:\Program Files\No-IP

2008-05-22 11:31 --------- d-----w C:\Documents and Settings\ada\Dane aplikacji\Tibia

2008-05-20 03:25 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Pinnacle

2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-05 10:30 64,194 ----a-w C:\WINDOWS\BricoPackUninst.cmd

2008-05-05 10:30 6,116 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd

2008-05-05 10:30 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll

2008-04-26 16:36 5,269,832 ----a-w C:\Firefox Setup 1.5.0.12.exe

2008-04-23 20:05 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll

2008-04-23 07:20 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-03-26 13:07 81,920 ----a-w C:\Documents and Settings\paweł\Dane aplikacji\ezpinst.exe

2008-03-26 13:07 47,360 ----a-w C:\Documents and Settings\paweł\Dane aplikacji\pcouffin.sys

2008-01-31 19:00 2,509,056 ----a-w C:\WINDOWS\inf\isprnt.exe

2007-11-28 07:23 20 ---h--w C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLdu.DAT

2007-06-24 09:42 81,920 ----a-w C:\Documents and Settings\ada\Dane aplikacji\ezpinst.exe

2007-06-24 09:42 47,360 ----a-w C:\Documents and Settings\ada\Dane aplikacji\pcouffin.sys

2006-06-02 11:15 577,536 ----a-w C:\Program Files\stupdaterapp.exe

2006-06-02 11:14 258,048 ----a-w C:\Program Files\stmpres.dll

2006-01-27 12:30 12,785,363 ----a-w C:\Program Files\resource.bin

.



----a-w 1,560,576 2008-03-19 11:22:53 C:\Documents and Settings\paweł\Pulpit\M2 MULTIHACK 1.83 (beta) .exe

[/code]

------- Sigcheck -------

2007-06-13 15:23 976896 e74ef52c79f3347a0b105b0b92bfed38 C:\WINDOWS\explorer.exe

2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2004-08-04 14:00 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2007-06-13 15:23 976896 e74ef52c79f3347a0b105b0b92bfed38 C:\WINDOWS\system32\dllcache\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DTemp"="C:\SysPrep\Test\DTemp\DTemp.exe" [N/A]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 09:11 925696]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"SO5 Integrator Pass Two"="C:\WINDOWS\SOINTGR.EXE" [2000-05-08 05:20 20480]

"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2005-02-25 16:54 131072]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-31 12:10 185896]

"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]

"No-IP Client 1.42"="C:\Program Files\No-IP Client\noipclient.exe" [N/A]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]

"hosted"="C:\Windows\system32\hosted.exe" [N/A]

"!xSpeed"="C:!xSpeedPro!xSpeedPro.exe" [N/A]

"diagnostic"="C:\Windows\system32\diagnostic.exe" [N/A]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 10:41 282624]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [N/A]

"SMrhcat1j0e3br"="C:\Program Files\rhcat1j0e3br\rhcat1j0e3br.exe" [N/A]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]

"VTTimer"="VTTimer.exe" [2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2005-11-01 04:15 163840 C:\WINDOWS\system32\VTTrayp.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]

C:\Documents and Settings\ada\Menu Start\Programy\Autostart\

hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-01-13 14:14:40 624416]

Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-05-15 19:13:10 479232]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\WINDOWS\system32\PnkBstrA.exe"=

"C:\WINDOWS\system32\PnkBstrB.exe"=

"C:\Program Files\Gadu-Gadu\gg.exe"=

"C:\Program Files\Opera\Opera.exe"=

"C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.325\Polish\setup.exe"=

"C:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe"=

"C:\Program Files\Warcraft III\Frozen Throne.exe"=

"C:\Program Files\32BITFTP\32bitftp.exe"=

"C:\Program Files\BYOND\bin\byond.exe"=

"C:\Program Files\Valve\cs\hl.exe"=

"C:\Program Files\Warcraft III\Warcraft III.exe"=

"C:\Metin2_PLwwwwwwwww\metin2.bin"=

"C:\Program Files\Codemasters\Worms 4 Mayhem\Worms 4 Mayhem.exe"=

"C:\Program Files\Skype\Phone\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"16302:TCP"= 16302:TCP:BitComet 16302 TCP

"16302:UDP"= 16302:UDP:BitComet 16302 UDP

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 11:38]

R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 11:39]

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-05-29 05:54]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]

R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 18:40]

R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-04 14:00]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Documents and Settings\Właściciel\Pulpit\EVEREST 2006\kerneld.wnt []

S3 MTK;Media Technology Kernel Driver;C:\WINDOWS\system32\Drivers\mtk.sys []

S3 pmxdrv;pmxdrv;C:\WINDOWS\system32\drivers\pmxdrv.sys []

S3 XDva092;XDva092;C:\WINDOWS\system32\XDva092.sys []

S3 XDva121;XDva121;C:\WINDOWS\system32\XDva121.sys []

.

Contents of the 'Scheduled Tasks' folder

"2008-07-13 16:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"

  • C:\Program Files\Norton Security Scan\Nss.exe

.

  • ORPHANS REMOVED - - - -

Toolbar-{3BB35E2E-9AE6-4FDE-A691-9E5BDBD93044} - C:\WINDOWS\qndsfmao.dll

SSODL-kvxqmtre-{C0DE8CD2-3A0D-41CD-86EB-847639869BEB} - C:\WINDOWS\kvxqmtre.dll

SSODL-evgratsm-{97D73E37-D58A-466F-94AD-23938E0BA317} - C:\WINDOWS\evgratsm.dll

Logfile of HijackThis v1.99.1

Scan saved at 17:08, on 2008-07-17

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\SOINTGR.EXE

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\PROGRA~1\Crawler\CToolbar.exe

C:\Program Files\BitComet\BitComet.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\jacek\USTAWI~1\Temp\Rar$EX00.953\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66008

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=66008

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: qndsfmao - {3BB35E2E-9AE6-4FDE-A691-9E5BDBD93044} - C:\WINDOWS\qndsfmao.dll (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM..\Run: [DTemp] C:\SysPrep\Test\DTemp\DTemp.exe

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [sO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE

O4 - HKLM..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM..\Run: [VTTimer] VTTimer.exe

O4 - HKLM..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM..\Run: [No-IP Client 1.42] C:\Program Files\No-IP Client\noipclient.exe

O4 - HKLM..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM..\Run: [hosted] C:\Windows\system32\hosted.exe

O4 - HKLM..\Run: [!xSpeed] C:!xSpeedPro!xSpeedPro.exe reg

O4 - HKLM..\Run: [diagnostic] C:\Windows\system32\diagnostic.exe

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM..\Run: [sMrhcat1j0e3br] C:\Program Files\rhcat1j0e3br\rhcat1j0e3br.exe

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm

O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.pcf.pl/

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://slimak.onet.pl/_m/wirusy/ArcaOnline.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8922579046

O16 - DPF: {70B410C0-BADA-11D4-8308-0080C8D7ED4A} (GameDesire Bridge) - http://67.15.101.3/g_bin/pl/bridge_2_0_0_20.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_28.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_28.cab

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: kvxqmtre - {C0DE8CD2-3A0D-41CD-86EB-847639869BEB} - C:\WINDOWS\kvxqmtre.dll (file missing)

O21 - SSODL: evgratsm - {97D73E37-D58A-466F-94AD-23938E0BA317} - C:\WINDOWS\evgratsm.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Sandra Service (SandraTheSrv) - Unknown owner - C:\Documents and Settings\Właściciel\Pulpit\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe (file missing)

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


(Leon$) #5

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri ... iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

:slight_smile:


(L Kaska1) #6

ComboFix 08-07-15.4 - jacek 2008-07-17 20:34:34.7 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.475 [GMT 2:00]

Running from: C:\Documents and Settings\jacek\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\jacek\Pulpit\CFScript.txt

* Created a new restore point

FILE ::

C:\WINDOWS\system32\13.tmp

C:\WINDOWS\system32\14.tmp

C:\WINDOWS\system32\1A.tmp

C:\WINDOWS\system32\366.tmp

C:\WINDOWS\system32\367.tmp

C:\WINDOWS\system32\368.tmp

C:\WINDOWS\system32\36B.tmp

C:\WINDOWS\system32\36C.tmp

C:\WINDOWS\system32\36D.tmp

C:\WINDOWS\system32\36E.tmp

C:\WINDOWS\system32\36F.tmp

C:\WINDOWS\system32\371.tmp

C:\WINDOWS\system32\389.tmp

C:\WINDOWS\system32\3A2.tmp

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\13.tmp

C:\WINDOWS\system32\14.tmp

C:\WINDOWS\system32\1A.tmp

C:\WINDOWS\system32\366.tmp

C:\WINDOWS\system32\367.tmp

C:\WINDOWS\system32\368.tmp

C:\WINDOWS\system32\36B.tmp

C:\WINDOWS\system32\36C.tmp

C:\WINDOWS\system32\36D.tmp

C:\WINDOWS\system32\36E.tmp

C:\WINDOWS\system32\36F.tmp

C:\WINDOWS\system32\371.tmp

C:\WINDOWS\system32\389.tmp

C:\WINDOWS\system32\3A2.tmp

.

---- Previous Run -------

.

C:\Documents and Settings\Administrator\Dane aplikacji\rhcat1j0e3br

C:\Documents and Settings\jacek\Dane aplikacji\rhcat1j0e3br

C:\Documents and Settings\paweł\Dane aplikacji\rhcat1j0e3br

C:\hl.exe

C:\kmd.exe

C:\Program Files\rhcat1j0e3br

C:\Program Files\rhcat1j0e3br\database.dat

C:\Program Files\rhcat1j0e3br\license.txt

C:\Program Files\rhcat1j0e3br\MFC71.dll

C:\Program Files\rhcat1j0e3br\MFC71ENU.DLL

C:\Program Files\rhcat1j0e3br\msvcp71.dll

C:\Program Files\rhcat1j0e3br\msvcr71.dll

C:\Program Files\rhcat1j0e3br\rhcat1j0e3br.exe

C:\Program Files\rhcat1j0e3br\rhcat1j0e3br.exe.local

C:\Program Files\rhcat1j0e3br\Uninstall.exe

C:\WINDOWS\evwd.exe

C:\WINDOWS\system32\blphcet1j0e3br.scr

C:\WINDOWS\system32\D.tmp

C:\WINDOWS\system32\kmd.exe

C:\WINDOWS\system32\lphcet1j0e3br.exe

C:\WINDOWS\system32\phcet1j0e3br.bmp

C:\WINDOWS\system32\pphcet1j0e3br.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_EVERESTDRIVER

-------\Legacy_MTK

-------\Legacy_XDVA092

-------\Legacy_XDVA121

-------\Service_EverestDriver

-------\Service_MTK

-------\Service_pmxdrv

-------\Service_XDva092

-------\Service_XDva121

((((((((((((((((((((((((( Files Created from 2008-06-17 to 2008-07-17 )))))))))))))))))))))))))))))))

.


(Leon$) #7

to nie jest cały log jak nie znajdziesz to uruchom Combofix dwuklikiem i daj powstały log

:slight_smile:


(L Kaska1) #8

Mam nadzieję że teraz cały!

Dzięki! !!

ComboFix 08-07-15.4 - jacek 2008-07-18 15:59:44.9 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.454 [GMT 2:00]

Running from: C:\Documents and Settings\jacek\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\jacek\Pulpit\CFScript.txt

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2008-06-18 to 2008-07-18 )))))))))))))))))))))))))))))))

.

2008-07-16 20:15 . 2008-07-16 20:15

2008-07-16 20:15 . 2008-07-16 20:15 0 --a------ C:\WINDOWS\nsreg.dat

2008-07-16 19:56 . 2008-07-16 19:56

2008-07-16 19:37 . 2008-07-16 19:37

2008-07-16 19:37 . 2008-07-16 19:37

2008-07-16 11:19 . 2008-07-16 11:19

2008-07-15 15:08 . 2008-07-15 15:08

2008-07-15 15:08 . 2008-07-15 15:08

2008-07-14 15:42 . 2008-07-14 15:42 2,420 --a------ C:\language.PNF

2008-07-11 19:51 . 2008-07-18 09:34

2008-07-10 18:13 . 2008-07-10 18:13

2008-07-10 18:13 . 2005-06-08 10:36 397,312 --a------ C:\hlds.exe

2008-07-10 18:13 . 2006-10-27 08:49 229,376 --a------ C:\Core.dll

2008-07-10 18:13 . 2004-06-29 14:12 221,184 --a------ C:\hltv.exe

2008-07-10 18:13 . 2004-08-13 13:53 211,456 --a------ C:\a3dapi.dll

2008-07-10 18:13 . 2005-06-08 10:36 122,980 --a------ C:\FileSystem_Steam.dll

2008-07-10 18:13 . 2005-09-16 23:53 118,873 --a------ C:\FileSystem_Stdio.dll

2008-07-10 18:13 . 2004-06-29 14:12 90,112 --a------ C:\DemoPlayer.dll

2008-07-10 18:13 . 2004-06-29 14:12 69,632 --a------ C:\dbg.dll

2008-07-10 18:13 . 2004-08-13 13:54 63 --a------ C:\language.inf

2008-07-10 18:12 . 2008-07-10 18:13

2008-07-10 18:12 . 2008-07-10 18:13

2008-07-10 18:12 . 2008-07-10 18:13

2008-07-10 18:12 . 2008-07-10 18:13

2008-07-08 18:14 . 2008-07-17 16:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-07-08 18:14 . 2008-07-08 18:14 1,409 --a------ C:\WINDOWS\QTFont.for

2008-07-05 13:37 . 2008-07-05 13:37

2008-07-02 12:18 . 2008-07-02 12:18

2008-06-29 08:33 . 2008-06-29 08:33

2008-06-27 08:49 . 2008-06-27 08:49

2008-06-27 08:18 . 2003-06-18 16:48 306,688 --a------ C:\WINDOWS\IsUninst.exe

2008-06-27 08:18 . 2003-07-02 04:42 27,904 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS

2008-06-25 17:10 . 2008-06-25 17:10

2008-06-24 07:21 . 2008-07-07 09:51 917 --a------ C:\WINDOWS\GTA-SA_Trn_Settings.ini

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-18 13:53 --------- d-----w C:\Program Files\Crawler

2008-07-18 13:07 --------- d-----w C:\Program Files\warrock

2008-07-18 11:31 --------- d-----w C:\Documents and Settings\paweł\Dane aplikacji\MegauploadToolbar

2008-07-17 18:06 --------- d-----w C:\Documents and Settings\ada\Dane aplikacji\Skype

2008-07-17 18:05 --------- d-----w C:\Documents and Settings\ada\Dane aplikacji\Hamachi

2008-07-17 13:44 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search Destroy

2008-07-16 19:18 --------- d-----w C:\Program Files\Spybot - Search Destroy

2008-07-12 06:11 --------- d-----w C:\Program Files\Valve

2008-07-11 17:22 --------- d-----w C:\Program Files\Warcraft III

2008-07-08 07:19 --------- d-----w C:\Program Files\Opera

2008-07-06 18:36 --------- d-----w C:\Documents and Settings\ada\Dane aplikacji\MEGAUPLOADTOOLBAR

2008-07-05 11:37 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-07-04 19:23 --------- d-----w C:\Program Files\Gadu-Gadu

2008-07-02 10:22 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-06-27 06:24 --------- d-----w C:\Program Files\VIA

2008-06-27 05:50 --------- d-----w C:\Program Files\D-Tools

2008-06-27 05:06 --------- d-----w C:\Documents and Settings\jacek\Dane aplikacji\Image Zone Express

2008-06-26 19:58 --------- d-----w C:\Program Files\MegauploadToolbar

2008-06-25 16:00 --------- d-----w C:\Program Files\Norton Security Scan

2008-06-25 15:10 92,728 ----a-w C:\WINDOWS\system32\bass.dll

2008-06-25 12:05 --------- d-----w C:\Documents and Settings\paweł\Dane aplikacji\Hamachi

2008-06-24 10:52 --------- d-----w C:\Program Files\Picasa2

2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 14:15 --------- d-----w C:\Documents and Settings\paweł\Dane aplikacji\Tibia

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-19 19:25 --------- d-----w C:\Program Files\PhotoScape

2008-06-17 14:34 --------- d-----w C:\Program Files\Pointstone

2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-09 13:38 --------- d-----w C:\Program Files\RonOTS Client

2008-06-03 04:52 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-06-03 04:52 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-05-31 11:29 --------- d-----w C:\Program Files\ArtMoney

2008-05-30 20:09 --------- d-----w C:\Program Files\Tibia4

2008-05-30 07:58 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2008-05-29 03:54 33,824 ----a-w C:\WINDOWS\system32\drivers\oreans32.sys

2008-05-25 16:09 --------- d-----w C:\Documents and Settings\jacek\Dane aplikacji\Tibia

2008-05-25 11:11 674,600 ----a-w C:\WINDOWS\system32\pbsvc.exe

2008-05-25 11:11 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2008-05-25 11:11 22,328 ----a-w C:\Documents and Settings\paweł\Dane aplikacji\PnkBstrK.sys

2008-05-25 09:55 --------- d-----w C:\Program Files\Tibia2

2008-05-24 14:12 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys

2008-05-24 07:18 --------- d-----w C:\Program Files\No-IP

2008-05-22 11:31 --------- d-----w C:\Documents and Settings\ada\Dane aplikacji\Tibia

2008-05-20 03:25 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Pinnacle

2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-05 10:30 64,194 ----a-w C:\WINDOWS\BricoPackUninst.cmd

2008-05-05 10:30 6,116 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd

2008-05-05 10:30 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll

2008-04-26 16:36 5,269,832 ----a-w C:\Firefox Setup 1.5.0.12.exe

2008-04-23 20:05 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll

2008-04-23 07:20 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-03-26 13:07 81,920 ----a-w C:\Documents and Settings\paweł\Dane aplikacji\ezpinst.exe

2008-03-26 13:07 47,360 ----a-w C:\Documents and Settings\paweł\Dane aplikacji\pcouffin.sys

2008-01-31 19:00 2,509,056 ----a-w C:\WINDOWS\inf\isprnt.exe

2007-11-28 07:23 20 ---h--w C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLdu.DAT

2007-06-24 09:42 81,920 ----a-w C:\Documents and Settings\ada\Dane aplikacji\ezpinst.exe

2007-06-24 09:42 47,360 ----a-w C:\Documents and Settings\ada\Dane aplikacji\pcouffin.sys

2006-06-02 11:15 577,536 ----a-w C:\Program Files\stupdaterapp.exe

2006-06-02 11:14 258,048 ----a-w C:\Program Files\stmpres.dll

2006-01-27 12:30 12,785,363 ----a-w C:\Program Files\resource.bin

.



----a-w 1,560,576 2008-03-19 11:22:53 C:\Documents and Settings\paweł\Pulpit\M2 MULTIHACK 1.83 (beta) .exe

[/code]

------- Sigcheck -------

2007-06-13 15:23 976896 e74ef52c79f3347a0b105b0b92bfed38 C:\WINDOWS\explorer.exe

2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2004-08-04 14:00 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2007-06-13 15:23 976896 e74ef52c79f3347a0b105b0b92bfed38 C:\WINDOWS\system32\dllcache\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 09:11 925696]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"SO5 Integrator Pass Two"="C:\WINDOWS\SOINTGR.EXE" [2000-05-08 05:20 20480]

"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2005-02-25 16:54 131072]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-31 12:10 185896]

"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 10:41 282624]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [N/A]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]

"VTTimer"="VTTimer.exe" [2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2005-11-01 04:15 163840 C:\WINDOWS\system32\VTTrayp.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]

C:\Documents and Settings\ada\Menu Start\Programy\Autostart\

hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-01-13 14:14:40 624416]

Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-05-15 19:13:10 479232]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\WINDOWS\system32\PnkBstrA.exe"=

"C:\WINDOWS\system32\PnkBstrB.exe"=

"C:\Program Files\Gadu-Gadu\gg.exe"=

"C:\Program Files\Opera\Opera.exe"=

"C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.325\Polish\setup.exe"=

"C:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe"=

"C:\Program Files\Warcraft III\Frozen Throne.exe"=

"C:\Program Files\32BITFTP\32bitftp.exe"=

"C:\Program Files\BYOND\bin\byond.exe"=

"C:\Program Files\Valve\cs\hl.exe"=

"C:\Program Files\Warcraft III\Warcraft III.exe"=

"C:\Metin2_PLwwwwwwwww\metin2.bin"=

"C:\Program Files\Codemasters\Worms 4 Mayhem\Worms 4 Mayhem.exe"=

"C:\Program Files\Skype\Phone\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"16302:TCP"= 16302:TCP:BitComet 16302 TCP

"16302:UDP"= 16302:UDP:BitComet 16302 UDP

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 11:38]

R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 11:39]

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-05-29 05:54]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]

R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 18:40]

R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-04 14:00]

.

Contents of the 'Scheduled Tasks' folder

"2008-07-13 16:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"

  • C:\Program Files\Norton Security Scan\Nss.exe

.

  • ORPHANS REMOVED - - - -

Toolbar-{3BB35E2E-9AE6-4FDE-A691-9E5BDBD93044} - C:\WINDOWS\qndsfmao.dll

SSODL-kvxqmtre-{C0DE8CD2-3A0D-41CD-86EB-847639869BEB} - C:\WINDOWS\kvxqmtre.dll

SSODL-evgratsm-{97D73E37-D58A-466F-94AD-23938E0BA317} - C:\WINDOWS\evgratsm.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-18 16:00:41

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe

  • C:\WINDOWS\TRAYHOOK.dll

PROCESS: C:\WINDOWS\explorer.exe

  • C:\WINDOWS\TRAYHOOK.dll

.

Completion time: 2008-07-18 16:02:31

ComboFix-quarantined-files.txt 2008-07-18 14:02:01

Pre-Run: 212,081,594,368 bajtów wolnych

Post-Run: 212,067,807,232 bajtów wolnych

206 --- E O F --- 2008-07-12 04:29:01


(huber2t) #9

Log wyglada na czysty

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!