Sysguard.exe

Dla specjalistów Bezpieczeństwo
#1

Cześć,

Dopadł mnie ten wirus. ESET nic nie wykrywa, komputer już chodzi wolniej, wyskakują jakieś okienka - tragedia. Jak sobie z tym poradzić?

Log z HijackThis’a:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:34:10, on 2009-07-06

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Boot mode: Normal


Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\windows\system32\spoolsv.exe

C:\windows\Explorer.EXE

C:\windows\system32\RUNDLL32.EXE

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe

C:\Program Files\Razer\DeathAdder\razerhid.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\windows\system32\ctfmon.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe

C:\Documents and Settings\Maciek\Menu Start\Programy\Autostart\smgr32.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Razer\DeathAdder\razertra.exe

C:\Program Files\Razer\DeathAdder\razerofa.exe

C:\windows\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\windows\system32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\TightVNC-Jaadu\WinVNC.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe

C:\Program Files\mIRC\mirc.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe

C:\Program Files\foobar2000\foobar2000.exe

C:\windows\RTHDCPL.EXE

c:\windows\ld12.exe

C:\windows\system32\svchost.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://codecs.r8.org/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O1 - Hosts: ::1 localhost

O1 - Hosts: 209.44.111.62 surety.microsoft.com

O1 - Hosts: 209.44.111.62 aware-protect.com

O1 - Hosts: 209.44.111.62 www.aware-protect.com

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: BHO - {8567EDFA-408C-43e9-B929-4C25C04F5003} - C:\windows\system32\iehelper.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sysldtray] c:\windows\ld12.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun

O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"

O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe

O4 - HKCU\..\Run: [RGSC] D:\GTA\Rockstar Games Social Club\RGSCLauncher.exe /silent

O4 - HKCU\..\Run: [LowRiskFileTypes] C:\windows\sysguard.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: smgr32.exe

O4 - Global Startup: Air Mouse.lnk = C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Pobierz za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Utw?z Ulubione dla urz?dzenia przeno?ego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219083104828

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC-Jaadu\WinVNC.exe


--

End of file - 13647 bytes

Log z ComboFix’a:

ComboFix 09-07-05.01 - Maciek 2009-07-06 3:17.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.986 [GMT 2:00]

Uruchomiony z: c:\documents and settings\Maciek\Pulpit\ComboFix.exe

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

* Rezydentny antywirus jest aktywny



UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA 

.


((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.


c:\documents and settings\Maciek\Ustawienia lokalne\Temporary Internet Files\PLauncher.exe

c:\windows\010112010146118114.dat

c:\windows\0101120101464849.dat

c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

c:\windows\Downloaded Program Files\PurpleBean.exe

c:\windows\Installer\733f0.msi

c:\windows\Installer\7a1639.msi

c:\windows\ld12.exe

c:\windows\system32\iehelper.dll

c:\windows\system32\micr0st.dll

c:\windows\system32\msvcsv60.dll

c:\windows\system32\wbem\proquota.exe


c:\windows\system32\proquota.exe - brakowało pliku

Plik odzyskano z - c:\system volume information\_restore{F5A0E974-D6F1-49B8-B8AA-53B888F90450}\RP353\A0093156.exe


.

((((((((((((((((((((((((( Pliki utworzone od 2009-06-06 do 2009-07-06 )))))))))))))))))))))))))))))))

.


2009-07-06 01:20 . 2008-04-14 20:51 50688 ----a-w- c:\windows\system32\proquota.exe

2009-07-06 00:33 . 2009-07-06 00:33 -------- d-----w- c:\program files\Trend Micro

2009-07-05 23:23 . 2009-07-05 23:23 71552 ---ha-w- c:\windows\system32\mlfcache.dat

2009-07-03 23:25 . 2009-07-03 23:39 -------- d-----w- c:\program files\AGEIA Technologies

2009-07-03 23:25 . 2009-07-03 23:25 -------- d-----w- c:\windows\system32\AGEIA

2009-07-03 23:25 . 2009-07-03 23:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-07-02 14:00 . 2009-07-02 14:00 -------- d-----w- c:\program files\BDE5Setup

2009-07-02 14:00 . 2009-07-02 14:00 -------- d-----w- c:\program files\Borland

2009-07-02 14:00 . 2009-07-02 14:02 -------- d-----w- C:\WinKalk

2009-07-01 19:22 . 2009-07-01 19:22 -------- d-sh--w- c:\windows\ftpcache

2009-07-01 17:20 . 2009-07-01 17:28 -------- d-----w- c:\documents and settings\Maciek\Ustawienia lokalne\Dane aplikacji\Rockstar Games

2009-07-01 17:17 . 2009-07-01 17:26 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE

2009-07-01 17:17 . 2009-07-01 17:17 -------- d-----w- c:\windows\system32\xlive

2009-06-30 21:32 . 2006-11-14 13:28 86016 ----a-w- c:\windows\system32\cttele.dll

2009-06-30 21:32 . 2008-03-20 13:35 2560 ----a-w- c:\windows\CTXFIRES.DLL

2009-06-25 11:06 . 2009-06-25 11:06 -------- d-----w- c:\program files\ALLPlayer

2009-06-23 19:21 . 2009-06-23 19:21 -------- d-----w- c:\program files\iPod

2009-06-23 19:21 . 2009-06-23 19:22 -------- d-----w- c:\program files\iTunes

2009-06-23 19:21 . 2009-06-23 19:22 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-06-23 19:19 . 2009-06-23 19:19 -------- d-----w- c:\program files\QuickTime

2009-06-17 14:32 . 2009-06-17 14:32 -------- d-----w- c:\program files\Real Alternative

2009-06-16 21:37 . 2009-06-17 08:46 -------- d-----w- c:\program files\Super DVD Ripper

2009-06-08 14:51 . 2009-06-08 14:51 -------- d-----w- c:\program files\Gameforge4D


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-05 21:59 . 2008-10-29 13:49 -------- d-----w- c:\documents and settings\Maciek\Dane aplikacji\mIRC

2009-07-05 21:59 . 2008-12-11 12:32 -------- d-----w- c:\program files\mIRC

2009-07-05 15:21 . 2009-01-02 16:51 -------- d-----w- c:\documents and settings\Maciek\Dane aplikacji\Creative

2009-07-05 14:52 . 2008-08-19 18:49 -------- d-----w- c:\documents and settings\Maciek\Dane aplikacji\Skype

2009-07-05 13:36 . 2008-11-22 16:53 -------- d-----w- c:\documents and settings\Maciek\Dane aplikacji\foobar2000

2009-07-05 12:14 . 2009-03-27 19:40 16 ----a-w- c:\windows\msocreg32.dat

2009-07-05 12:11 . 2008-08-22 21:11 -------- d-----w- c:\documents and settings\Maciek\Dane aplikacji\skypePM

2009-07-03 18:57 . 2008-08-23 20:09 -------- d-----w- c:\documents and settings\Maciek\Dane aplikacji\uTorrent

2009-07-02 03:05 . 2009-02-25 16:27 2885632 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

2009-07-01 19:21 . 2008-08-18 17:55 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-06-25 11:06 . 2008-11-22 20:07 -------- d-----w- c:\program files\NAPI-PROJEKT

2009-06-25 10:59 . 2008-10-24 15:06 -------- d-----w- c:\program files\thriXXX

2009-06-23 19:21 . 2008-08-19 18:50 -------- d-----w- c:\program files\Common Files\Apple

2009-06-23 19:17 . 2008-08-19 18:50 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Apple

2009-06-14 02:56 . 2008-11-02 21:39 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help

2009-06-05 11:57 . 2009-06-05 11:57 75048 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

2009-06-05 09:42 . 2009-03-14 21:57 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll

2009-06-05 09:42 . 2008-08-19 18:50 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2009-05-30 16:26 . 2009-05-30 16:26 -------- d-----w- c:\program files\Unity

2009-05-29 08:16 . 2008-08-18 18:38 95088 ----a-w- c:\documents and settings\Maciek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-05-24 10:30 . 2008-08-19 18:48 -------- d-----w- c:\program files\Tibia

2009-05-14 21:31 . 2008-11-22 16:52 -------- d-----w- c:\program files\foobar2000

2009-05-13 09:35 . 2009-05-13 09:35 4608 ----a-w- c:\windows\system32\w95inf32.dll

2009-05-13 09:35 . 2009-05-13 09:35 2272 ----a-w- c:\windows\system32\w95inf16.dll

2009-05-10 12:42 . 2008-08-23 13:33 137992 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-05-10 12:41 . 2008-08-23 13:33 201816 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-05-10 00:22 . 2009-05-10 00:11 -------- d-----w- c:\program files\Yahoo!

2009-05-10 00:02 . 2009-05-10 00:02 -------- d-----w- c:\documents and settings\Maciek\Dane aplikacji\Launchy

2009-05-10 00:02 . 2009-05-10 00:01 -------- d-----w- c:\program files\Launchy

2009-05-07 15:34 . 2008-04-14 20:50 347648 ----a-w- c:\windows\system32\localspl.dll

2009-05-07 11:25 . 2009-05-07 11:25 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Logitech

2009-04-29 04:47 . 2008-03-01 14:02 827392 ----a-w- c:\windows\system32\wininet.dll

2009-04-29 04:47 . 2008-05-02 06:47 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll

2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll

2009-04-19 19:51 . 2008-04-14 19:35 1847424 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 17:40 . 2001-10-26 16:15 90620 ----a-w- c:\windows\system32\perfc015.dat

2009-04-15 17:40 . 2001-10-26 16:15 503726 ----a-w- c:\windows\system32\perfh015.dat

2009-04-15 14:54 . 2008-04-14 20:50 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2004-10-01 13:00 . 2008-08-18 19:21 40960 ----a-w- c:\program files\Uninstall_CDS.exe

.


((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2008-10-09 200136]

"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]

"SetDefaultMIDI"="MIDIDef.exe" - c:\windows\system32\MIDIDEF.EXE [2008-03-20 31232]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]

"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]

"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-17 44032]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-04-29 124928]


c:\documents and settings\Maciek\Menu Start\Programy\Autostart\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

smgr32.exe [2009-3-19 39424]


c:\documents and settings\All Users\Menu Start\Programy\Autostart\

Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2009-2-16 269824]


[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^America Online 9.0 Tray Icon.lnk]

path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\America Online 9.0 Tray Icon.lnk

backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup


[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Launchy.lnk]

path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Launchy.lnk

backup=c:\windows\pss\Launchy.lnkCommon Startup


[HKLM\~\startupfolder\C:^Documents and Settings^Maciek^Menu Start^Programy^Autostart^smgr32.exe]

path=c:\documents and settings\Maciek\Menu Start\Programy\Autostart\smgr32.exe

backup=c:\windows\pss\smgr32.exeStartup


[HKLM\~\startupfolder\C:^Documents and Settings^Maciek^Menu Start^Programy^Autostart^Yahoo! Widgets.lnk]

path=c:\documents and settings\Maciek\Menu Start\Programy\Autostart\Yahoo! Widgets.lnk

backup=c:\windows\pss\Yahoo! Widgets.lnkStartup


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Tlen.pl\\tlen.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=

"c:\\Program Files\\ApexDC++\\ApexDC.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=

"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=

"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=

"c:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"=

"c:\\Program Files\\FlashGet\\flashget.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"d:\\COD\\iw3mp.exe"=

"d:\\ME\\Binaries\\MirrorsEdge.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"14473:TCP"= 14473:TCP:BitComet 14473 TCP

"14473:UDP"= 14473:UDP:BitComet 14473 UDP


R0 AFPAnsi;G-DATA UkrywaczAnsi;c:\windows\system32\drivers\AFPAnsi.sys [2009-03-27 31776]

R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]

R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\PfModNT.sys [2008-03-20 15896]

R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2009-05-05 22784]

S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS [2008-03-20 98328]

S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.SYS [2008-03-20 171032]

S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS [2008-03-20 528920]

S3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\system32\drivers\CTEAPSFX.SYS [2008-03-20 163352]

S3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\system32\drivers\CTEDSPFX.SYS [2008-03-20 259096]

S3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\system32\drivers\CTEDSPIO.SYS [2008-03-20 134168]

S3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\system32\drivers\CTEDSPSY.SYS [2008-03-20 309784]

S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS [2008-03-20 99352]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.SYS [2008-03-20 1324056]

S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.SYS [2008-03-20 72728]

S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS [2008-03-20 534040]

.

Zawartość folderu 'Zaplanowane zadania'


2009-01-05 c:\windows\Tasks\14 Wonderwall (live 2nd July 2005 Ci.job

- d:\mjuzik\Oasis\Lord Don't Slow Me Down\14 Wonderwall (live 2nd July 2005 Ci.mp3 [2008-09-13 07:53]


2009-06-27 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]

.

- - - - USUNIĘTO PUSTE WPISY - - - -


BHO-{8567EDFA-408C-43e9-B929-4C25C04F5003} - c:\windows\system32\iehelper.dll

HKCU-Run-RGSC - d:\gta\Rockstar Games Social Club\RGSCLauncher.exe

HKCU-Run-LowRiskFileTypes - c:\windows\sysguard.exe



.

------- Skan uzupełniający -------

.

uStart Page = about:blank

uInternet Connection Wizard,ShellNext = hxxp://codecs.r8.org/

IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm

IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm

IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Pobierz wszystkie VIdeo za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: Pobierz za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

FF - ProfilePath - c:\documents and settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\oie6t5qm.default\

FF - prefs.js: browser.search.selectedEngine - Allegro

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - plugin: c:\documents and settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

.


**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-06 03:20

Windows 5.1.2600 Dodatek Service Pack 3 NTFS


skanowanie ukrytych procesów ...  


skanowanie ukrytych wpisów autostartu ...


skanowanie ukrytych plików ...  


skanowanie pomyślnie ukończone

ukryte pliki: 0


**************************************************************************

.

Czas ukończenia: 2009-07-06 3:21

ComboFix-quarantined-files.txt 2009-07-06 01:21


Przed: 7 773 077 504 bajtów wolnych

Po: 8 416 825 344 bajtów wolnych


249 --- E O F --- 2009-06-14 02:56

[/code]

Z góry dzięki

#2

Jest tutaj jeszcze jedna rzecz na usunięcie, ale wklej dodatkowo log z OTL

http://oldtimer.geekstogo.com/OTL.exe

Log wklejasz na www.wklej.org a w poście link, nie przez code.

#3

http://www.wklej.org/id/116873/

Proszę.

#4

W OTL wklej

Klikasz Run Fix, potem Clean Up.

Wyłącz na chwilę przywracanie systemu.

http://support.microsoft.com/kb/310405/pll

Wykonaj pełny skan Malwarebytes Anti-Malware, jeśli coś znajdzie - usuń i wklej log.

http://dobreprogramy.pl/index.php?dz=2& … ntiMalware

Przeczyść dysk i rejestr CCleaner’em

http://dobreprogramy.pl/index.php?dz=2&id=1125&CCleaner

#5

Log z Malwarebytes:

http://www.wklej.org/id/116951/

Jeszcze został CCleaner :slight_smile:

#6

Nic już nie powinno być.

Czy kliknąłeś CleanUp w OTL? Bo wciąż widać folder Qoobox.

Jak nie wyparuje to Start => Uruchom => wpisz Combofix /u lub ręcznie usuń folder C:\Qoobox i instalkę Combofix z dysku.

#7

Usunięte, dzięki za pomoc.