Spowolniony Komputer/Internet. Log HiJackThis

Yoooj · 19 Październik 2008 16:39

Oto log :

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:36:07, on 2008-10-19 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\conime.exe C:\Users\ppp\Desktop\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: 78.46.45.81 L2authd.lineage2.com O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM…\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM…\Run: [TBPanel] C:\Program Files\VDOTool\TBPanel.exe /A O4 - HKLM…\Run: [bearShare] “C:\Program Files\BearShare\BearShare.exe” /pause O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” O4 - HKLM…\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe” O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start O4 - HKLM…\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\PL\Programs\Registration.exe /title=“CorelDRAW Graphics Suite 12” /date=103108 serial=DR12WRS-8796594-FHE lang=PL O4 - HKCU…\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU…\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\daemon.exe” -autorun O4 - HKCU…\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKCU…\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O13 - Gopher Prefix: O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe – End of file - 5182 bytes

Może mi się wydaje, ale jeśli ktoś chciałby nabić sobie posta, a przy tym powiedzieć mi czy wszystko jest w porządku to byłbym wdzięczny. Pozdrawiam

djarta · 19 Październik 2008 16:53

Czysto.

Daj log z -----> ComboFix (niżej na stronie linku).

================

K.

Yoooj · 19 Październik 2008 18:03

ComboFix 08-10-18.03 - ppp 2008-10-19 19:46:50.1 - NTFSx86

Uruchomiony z: C:\Users\ppp\Desktop\ComboFix.exe

* Utworzono nowy punkt przywracania

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\myglobalsearch

C:\Program Files\myglobalsearch\bar\History\search

.

((((((((((((((((((((((((( Pliki utworzone od 2008-09-19 do 2008-10-19 )))))))))))))))))))))))))))))))

.

2008-10-18 10:26 . 2008-10-18 10:26 0 --a------ C:\Windows\System32\msexcr.ini

2008-10-17 21:51 . 2008-10-17 21:51 0 -ra------ C:\logwmemory.bin

2008-10-17 21:50 . 2008-10-17 21:50

2008-10-17 21:43 . 2008-10-17 21:48

2008-10-17 17:49 . 2008-10-17 17:49

2008-10-16 21:53 . 2008-10-16 21:53

2008-10-16 17:53 . 2008-10-16 17:53

2008-10-16 17:52 . 2008-10-16 17:52

2008-10-14 19:06 . 2008-10-14 19:06 98,304 --a------ C:\Windows\System32\CmdLineExt.dll

2008-10-14 19:01 . 2008-10-14 19:01

2008-10-10 17:08 . 2008-10-10 17:08 106,496 --a------ C:\Windows\DIIUnin.exe

2008-10-10 17:08 . 2008-10-10 17:18 26,076 --a------ C:\Windows\DIIUnin.dat

2008-10-10 17:08 . 2008-10-10 17:08 2,829 --a------ C:\Windows\DIIUnin.pif

2008-10-01 22:32 . 2008-10-01 22:32

2008-09-30 22:15 . 2008-09-30 22:15

2008-09-30 21:49 . 2008-09-30 21:49 394 --a------ C:\Windows\capture.ini

2008-09-30 21:21 . 2008-10-16 21:54

2008-09-30 21:14 . 2008-09-30 21:14

2008-09-30 21:09 . 2008-09-30 21:09

2008-09-30 21:09 . 2008-09-30 22:15 2,516 --ahs---- C:\Windows\System32\KGyGaAvL.sys

2008-09-30 13:54 . 2008-09-30 13:55

2008-09-24 12:00 . 2008-09-24 12:00

2008-09-24 11:59 . 2008-10-19 00:51

2008-09-21 22:38 . 2008-09-21 22:38

2008-09-21 21:51 . 2004-08-18 03:34 442,368 --a------ C:\Windows\System32\vp6vfw.dll

2008-09-21 21:47 . 2008-09-21 21:48

2008-09-21 21:47 . 2008-07-28 17:19 116,736 --a------ C:\Windows\System32\drivers\mcdbus.sys

2008-09-21 21:09 . 2008-09-21 21:33

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-19 16:30 --------- d-----w C:\Users\ppp\AppData\Roaming\Azureus

2008-10-18 18:58 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-10-15 06:28 --------- d-----w C:\Program Files\Windows Mail

2008-10-02 03:49 827,392 ----a-w C:\Windows\System32\wininet.dll

2008-09-30 19:12 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-09-22 19:57 --------- d-----w C:\Users\ppp\AppData\Roaming\Skype

2008-09-22 17:58 --------- d-----w C:\Users\ppp\AppData\Roaming\skypePM

2008-09-20 20:49 --------- d-----w C:\Program Files\IP Monitor

2008-09-19 16:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-09-19 15:41 --------- d-----w C:\Users\ppp\AppData\Roaming\OpenOffice.org2

2008-09-18 07:59 --------- d-----w C:\ProgramData\Avery

2008-09-18 07:29 --------- d-----w C:\Users\ppp\AppData\Roaming\mojosoft

2008-09-18 05:09 3,601,464 ----a-w C:\Windows\System32\ntkrnlpa.exe

2008-09-18 05:09 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe

2008-09-18 02:16 2,032,640 ----a-w C:\Windows\System32\win32k.sys

2008-09-17 10:54 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll

2008-09-15 20:35 --------- d-----w C:\ProgramData\Skype

2008-09-15 20:35 --------- d-----w C:\Program Files\Skype

2008-09-15 20:35 --------- d-----w C:\Program Files\Common Files\Skype

2008-09-11 15:45 --------- d-----w C:\Users\ppp\AppData\Roaming\SPORE

2008-08-30 17:48 --------- d-----w C:\Users\ppp\AppData\Roaming\Tibia

2008-08-30 11:39 --------- d-----w C:\Users\ppp\AppData\Roaming\WNR

2008-08-27 01:06 288,768 ----a-w C:\Windows\system32\drivers\srv.sys

2008-08-24 08:20 --------- d-----w C:\Program Files\BearShare Applications

2008-08-24 08:20 --------- d-----w C:\Program Files\BearShare

2008-08-21 19:47 21,840 ----a-w C:\Windows\System32\SIntfNT.dll

2008-08-21 19:47 17,212 ----a-w C:\Windows\System32\SIntf32.dll

2008-08-21 19:47 12,067 ----a-w C:\Windows\System32\SIntf16.dll

2008-08-21 11:37 --------- d-----w C:\Program Files\Hotspot Shield

2008-08-15 18:32 253,696 ----a-w C:\Windows\hppunin.exe

2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll

2008-07-31 08:41 68,616 ----a-w C:\Windows\System32\XAPOFX1_1.dll

2008-07-31 08:41 238,088 ----a-w C:\Windows\System32\xactengine3_2.dll

2008-07-31 08:40 509,448 ----a-w C:\Windows\System32\XAudio2_2.dll

2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll

2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe

2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll

2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll

2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll

2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll

2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll

2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll

2008-06-19 07:58 174 --sha-w C:\Program Files\desktop.ini

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe” [2008-01-19 1233920]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 2127296]

“ehTray.exe”=“C:\Windows\ehome\ehTray.exe” [2008-01-19 125952]

“DAEMON Tools Lite”=“C:\Program Files\DAEMON Tools Lite\daemon.exe” [2008-07-24 490952]

“ISUSPM Startup”=“C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe” [2004-06-16 221184]

“WMPNSCFG”=“C:\Program Files\Windows Media Player\WMPNSCFG.exe” [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“TBPanel”=“C:\Program Files\VDOTool\TBPanel.exe” [2008-01-29 2157096]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 144784]

“NvSvc”=“C:\Windows\system32\nvsvc.dll” [2008-01-08 86016]

“NvCplDaemon”=“C:\Windows\system32\NvCpl.dll” [2008-01-08 8530464]

“NvMediaCenter”=“C:\Windows\system32\NvMcTray.dll” [2008-01-08 81920]

“avgnt”=“C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” [2008-07-18 266497]

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2008-06-12 34672]

“ISUSScheduler”=“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” [2004-06-16 81920]

“CorelDRAW Graphics Suite 11b”=“C:\Program Files\Corel\Corel Graphics 12\Languages\PL\Programs\Registration.exe” [2004-06-23 733184]

“RtHDVCpl”=“RtHDVCpl.exe” [2007-09-19 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

“EnableUIADesktopToggle”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

“TCP Query User{6D7D31DB-896D-44E6-BF0C-35CABCCBCA14}C:\program files\flashget\flashget.exe”= UDP:C:\program files\flashget\flashget.exe:FlashGet

“UDP Query User{43424A8B-CC32-4E6E-9C78-DFDCD7C9DC6F}C:\program files\flashget\flashget.exe”= TCP:C:\program files\flashget\flashget.exe:FlashGet

“TCP Query User{1253C18D-9FD8-4A87-A5C5-8308F1899D9F}C:\program files\gadu-gadu\gg.exe”= UDP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny

“UDP Query User{9CD125E2-198F-4ACC-8EFA-A5F8471F9EB5}C:\program files\gadu-gadu\gg.exe”= TCP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny

“TCP Query User{656A1623-9D14-451C-94FF-515D64911A3A}D:\wonderland online\main.exe”= UDP:D:\wonderland online\main.exe:Main

“UDP Query User{1F3FC144-17C8-4CBF-9F31-E6F551FC2767}D:\wonderland online\main.exe”= TCP:D:\wonderland online\main.exe:Main

“TCP Query User{CB2157E7-110A-4693-B2D1-2D7C7CEC2D69}C:\program files\internet explorer\iexplore.exe”= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

“UDP Query User{FE52C241-D155-4357-B5D5-AF220DE88A38}C:\program files\internet explorer\iexplore.exe”= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

“TCP Query User{50D69129-7B2A-460E-A9F8-904325F4C1FB}C:\wonderland online\main.exe”= UDP:C:\wonderland online\main.exe:Main

“UDP Query User{5A00AAB6-506A-48C8-9EFD-E93FE6123206}C:\wonderland online\main.exe”= TCP:C:\wonderland online\main.exe:Main

“TCP Query User{3D5EB8AA-A625-4D42-B10B-234F8974C457}C:\program files\bearshare\bearshare.exe”= UDP:C:\program files\bearshare\bearshare.exe:BearShare

“UDP Query User{4EE008BC-D006-430F-80E5-33DB67D2DF28}C:\program files\bearshare\bearshare.exe”= TCP:C:\program files\bearshare\bearshare.exe:BearShare

“TCP Query User{C5B02B6E-E1A7-4257-98AC-FD343DBA741D}C:\program files\bearshare applications\bearshare\bearshare.exe”= UDP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare

“UDP Query User{59ECF281-43DB-4F1C-BAA0-B5379959AE79}C:\program files\bearshare applications\bearshare\bearshare.exe”= TCP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare

“TCP Query User{B68BAD81-E747-4366-A5F4-953E5F15B201}C:\program files\mozilla firefox\firefox.exe”= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox

“UDP Query User{4803DE8E-FC4A-4981-B44F-A2CBC8D5CE31}C:\program files\mozilla firefox\firefox.exe”= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

“TCP Query User{732AEF0E-9533-4FBA-BE42-C56D2413DA14}D:\bb\game.exe”= UDP:D:\bb\game.exe:BBTanks Launcher

“UDP Query User{7F23B0D5-D706-4223-92FC-CACC988A5660}D:\bb\game.exe”= TCP:D:\bb\game.exe:BBTanks Launcher

“TCP Query User{61D3A4C1-1902-469D-9205-071A8A9F5E7E}C:\downloads\bots_downloader_us_6-13-2008.exe”= UDP:C:\downloads\bots_downloader_us_6-13-2008.exe:BOTS_downloader_us_6-13-2008

“UDP Query User{1105446E-8F91-4F1A-9C02-63E3D96B03AE}C:\downloads\bots_downloader_us_6-13-2008.exe”= TCP:C:\downloads\bots_downloader_us_6-13-2008.exe:BOTS_downloader_us_6-13-2008

“TCP Query User{A62C8519-71D4-4DE5-AE36-EAA2DED712E4}D:\bots\bots.dat”= UDP:D:\bots\bots.dat:Bout_d

“UDP Query User{BFD9276F-A423-4A83-9558-5E9B82338497}D:\bots\bots.dat”= TCP:D:\bots\bots.dat:Bout_d

“TCP Query User{B6CB7BCF-C780-4EF3-99FE-E8E69703B2D6}C:\downloads\2moons_downloader_us_6-19-2008.exe”= UDP:C:\downloads\2moons_downloader_us_6-19-2008.exe:2moons_downloader_us_6-19-2008

“UDP Query User{0A058FD0-BD6D-4950-8B3A-618744A0ECA6}C:\downloads\2moons_downloader_us_6-19-2008.exe”= TCP:C:\downloads\2moons_downloader_us_6-19-2008.exe:2moons_downloader_us_6-19-2008

“TCP Query User{A7EFF518-5B1D-432F-A6CF-09B143987896}D:\goa\gunbound\gunbound.gme”= UDP:D:\goa\gunbound\gunbound.gme:GunBound

“UDP Query User{F91A2E20-1716-4DC4-86C9-F8760956F2D1}D:\goa\gunbound\gunbound.gme”= TCP:D:\goa\gunbound\gunbound.gme:GunBound

“TCP Query User{E7574C17-7660-4DFD-9C88-A3380D3D1D54}D:\freestylers crew\fgunz\theduel.exe”= UDP:D:\freestylers crew\fgunz\theduel.exe:Freestyle GunZ

“UDP Query User{2175933A-B6AA-4AE9-8166-54BAAE50183E}D:\freestylers crew\fgunz\theduel.exe”= TCP:D:\freestylers crew\fgunz\theduel.exe:Freestyle GunZ

“TCP Query User{3414EB0A-8B67-4B16-B1F1-ADF391883D20}D:\windslayer\windslayer.exe”= UDP:D:\windslayer\windslayer.exe:WindSlayer

“UDP Query User{4B2863C2-5695-4B4B-9CA3-CB79C6DBF5FA}D:\windslayer\windslayer.exe”= TCP:D:\windslayer\windslayer.exe:WindSlayer

“TCP Query User{7176C0F3-B7DB-4C10-9989-5327F837C611}C:\windows\system32\java.exe”= UDP:C:\windows\system32\java.exe:Java Platform SE binary

“UDP Query User{8F44DDB7-A83E-4C57-AC75-A294AEC0A76C}C:\windows\system32\java.exe”= TCP:C:\windows\system32\java.exe:Java Platform SE binary

“TCP Query User{6654963B-686C-4EEE-B70D-47802E405B6D}C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe”= UDP:C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server

“UDP Query User{0640F3EE-B59A-4323-85EA-F1051483068E}C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe”= TCP:C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server

“TCP Query User{DF6E2596-AD6B-416E-B20D-CE32A221DC76}C:\program files\little fighter 2.5 - v2.0\lf2.5\lf2.5.exe”= UDP:C:\program files\little fighter 2.5 - v2.0\lf2.5\lf2.5.exe:lf2.5

“UDP Query User{63017F66-1EFF-40F2-9D42-8D0DCB02E008}C:\program files\little fighter 2.5 - v2.0\lf2.5\lf2.5.exe”= TCP:C:\program files\little fighter 2.5 - v2.0\lf2.5\lf2.5.exe:lf2.5

“TCP Query User{DA8C1517-40C7-4D71-A2B0-150D84B2F5AF}C:\program files\vuze\azureus.exe”= UDP:C:\program files\vuze\azureus.exe:Azureus

“UDP Query User{F207561F-1D63-4CCB-AD8B-FCC975645565}C:\program files\vuze\azureus.exe”= TCP:C:\program files\vuze\azureus.exe:Azureus

“TCP Query User{37C22091-ECB7-4BFE-9A36-9C2508F8B8DA}D:\neverwinternights\nwn\nwmain.exe”= UDP:D:\neverwinternights\nwn\nwmain.exe:Neverwinter Nights

“UDP Query User{8E7BAD26-6893-41D5-96DA-1A5F42646A85}D:\neverwinternights\nwn\nwmain.exe”= TCP:D:\neverwinternights\nwn\nwmain.exe:Neverwinter Nights

“TCP Query User{C07095D9-99B3-4AC2-B270-D061A9A76ED2}C:\users\ppp\documents\god\god.exe”= UDP:C:\users\ppp\documents\god\god.exe:god.exe

“UDP Query User{0550145D-B30D-4A0E-ADCC-8B0B08F2E669}C:\users\ppp\documents\god\god.exe”= TCP:C:\users\ppp\documents\god\god.exe:god.exe

“TCP Query User{B7BFD13F-D061-439A-8413-5DB816F16B8C}D:\sacred underworld\gameserver.exe”= UDP:D:\sacred underworld\gameserver.exe:Sacred Gameserver

“UDP Query User{14EBD64F-CC7E-4A86-A881-993337DFA909}D:\sacred underworld\gameserver.exe”= TCP:D:\sacred underworld\gameserver.exe:Sacred Gameserver

“TCP Query User{9B6FF8E1-3582-4476-A464-FFC536A018B5}C:\users\ppp\desktop\mwodownloader.exe”= UDP:C:\users\ppp\desktop\mwodownloader.exe:mwodownloader.exe

“UDP Query User{32CA7484-63D7-44AB-9426-21CE4C94D335}C:\users\ppp\desktop\mwodownloader.exe”= TCP:C:\users\ppp\desktop\mwodownloader.exe:mwodownloader.exe

“TCP Query User{2AF212DF-4FEC-4E8B-B52C-7AB9555D4120}D:\sierra\arcanum\arcanum (2).exe”= UDP:D:\sierra\arcanum\arcanum (2).exe:Arcanum

“UDP Query User{AED7B6CC-F76F-4894-B844-EA2DDB379835}D:\sierra\arcanum\arcanum (2).exe”= TCP:D:\sierra\arcanum\arcanum (2).exe:Arcanum

“{7EC9F35C-FDA7-4669-9E2A-9DD17D38E079}”= C:\Program Files\Skype\Phone\Skype.exe:Skype

“TCP Query User{63EB4690-8963-4DF4-A98C-4E46AFC3D289}C:\program files\vuze\azureus.exe”= UDP:C:\program files\vuze\azureus.exe:Azureus

“UDP Query User{03560833-3220-4A92-8382-053A4AB4D4E0}C:\program files\vuze\azureus.exe”= TCP:C:\program files\vuze\azureus.exe:Azureus

“{62C5CCF0-83C8-4EAE-9BDB-139FDC0BB8D5}”= UDP:C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe:Proxy Switcher

“{B88FE933-1083-43FC-B52E-81942211E7CD}”= TCP:C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe:Proxy Switcher

“{BDC9B4A5-60B0-4B5A-8E56-F46024970A27}”= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

“{636E75CD-57A0-44FA-9463-31CE3923A733}”= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

“TCP Query User{30B77B6A-6523-4EE5-AE51-7F2742F4BB4F}C:\program files\utorrent\utorrent.exe”= UDP:C:\program files\utorrent\utorrent.exe:µTorrent

“UDP Query User{B2C9AB0E-989E-47CE-AB28-32BC7752B3BA}C:\program files\utorrent\utorrent.exe”= TCP:C:\program files\utorrent\utorrent.exe:µTorrent

“TCP Query User{4AB85619-BCA3-4D71-83AB-CE2822BC6543}C:\soldat\soldat.exe”= UDP:C:\soldat\soldat.exe:Soldat

“UDP Query User{D77765B3-1041-424A-89C1-560350F4BED0}C:\soldat\soldat.exe”= TCP:C:\soldat\soldat.exe:Soldat

[HKLM~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

“DoNotAllowExceptions”= 0 (0x0)

R3 lredbooo;lredbooo;C:\Users\ppp\AppData\Local\Temp\lredbooo.sys []

R3 XDva189;XDva189;C:\Windows\system32\XDva189.sys []

R3 XDva193;XDva193;C:\Windows\system32\XDva193.sys []

S0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\Windows\System32\drivers\sfsync03.sys [2005-10-13 15:46]

S3 tapvpn;TAP VPN Adapter;C:\Windows\system32\DRIVERS\tapvpn.sys [2008-01-23 23:25]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7f96a13c-6c67-11dd-be3b-001d7dc7ba6f}]

\shell\AutoRun\command - F:_AUTORUN\AUTORUN.EXE

\shell\readme\command - notepad czytajto.txt

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{85115ce6-86e9-11dd-b200-000999123456}]

\shell\AutoRun\command - G:\LRSplash.exe

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

Zawartość folderu ‘Zaplanowane zadania’

2008-10-19 C:\Windows\Tasks\User_Feed_Synchronization-{82748A27-BAE4-4996-B3BC-821D02800214}.job

C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]

.

- - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-BearShare - C:\Program Files\BearShare\BearShare.exe

HKLM-Run-Emurayden PSX Emulator - (no file)

.

------- Skan uzupełniający -------

.

FireFox -: Profile - C:\Users\ppp\AppData\Roaming\Mozilla\Firefox\Profiles\2n3ounsw.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://search.bearshare.com/pl/

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-19 19:49:29

Windows 6.0.6001 Service Pack 1 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

**************************************************************************

.

Czas ukończenia: 2008-10-19 19:51:39

ComboFix-quarantined-files.txt 2008-10-19 17:50:37

Przed: 12 633 612 288 bajtów wolnych

Po: 12,451,184,640 bajtów wolnych

227 — E O F — 2008-10-15 06:22:56

spandaupol · 20 Październik 2008 07:58

wklej do notatnika:

Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe

Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum.

Loga wklej na www.wklejto.pl lub http://www.wklej.org/ a w poście daj linka

Yoooj · 21 Październik 2008 16:17

Zrobiłem to co powiedziałeś po czym komputer sie zresetował i wyskoczył błąd ‘‘Uszkodzony plik rejestru’’ naszczęście miałem płytkę Vista i udało się naprawić problem --.–’’. Proszę o nie podawanie mi tak ryzykownych sposobów, ponieważ komputer jest mi potrzebny ‘‘jeszcze’’.

spandaupol · 21 Październik 2008 16:34

Wpisy które podałem do usunięcia są według mnie prawidłowe. Nie usuwaliśmy żadnego pliku rejestru

Yoooj · 21 Październik 2008 17:03

Nie wątpie, ale sobie tego nie wymysliłem ;p.

spandaupol · 21 Październik 2008 17:11

Masz Vistę 64bity Niestety Combofix na tym systemie może powodować błędy, nie zwróciłem wcześniej na to uwagi?

Dla pewności czy coś jeszcze nie zostało

Wyłącz i włącz przywracanie systemu na wszystkich dyskach

Przeczyść system oraz rejestr CCleaner

Przeskanuj obszar Mój komputer Kaspersky Online Scanner Uruchom pod IE daj raport na forum

lub Dr.WEB CureIt!