Trojan.Win32.Small.bxh

over20 · 22 Kwiecień 2009 08:09

Cze mam problem z trojanem Trojan.Win32.Small.bxh zrobiłem loga hijackthisem i proszę o dalsze wskazówki jak go usunąć

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:01:57, on 2009-04-22

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe

C:\WINDOWS\system32\NWTRAY.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\V0420Mon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Tlen.pl\tlen.exe

C:\Program Files\Nowe Gadu-Gadu\gg.exe

C:\Program Files\PDFCreator\PDFCreator.exe

C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\AutoCAD 2006\acad.exe

C:\Documents and Settings\Stawiarski M\Ustawienia lokalne\Temp\AdskCleanup.0001

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wyborcza.pl/0,0.html?p=013

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: pdfforge Toolbar - {b922d405-6d13-4a2b-ae89-08a030da4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: (no name) - {e312764e-7706-43f1-8dab-fcdd2b1e416d} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll

O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll

O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe”

O4 - HKLM…\Run: [HPWS myPrintMileage Agent] C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe

O4 - HKLM…\Run: [NWTRAY] NWTRAY.EXE

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”

O4 - HKLM…\Run: [V0420Mon.exe] C:\WINDOWS\V0420Mon.exe

O4 - HKLM…\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O8 - Extra context menu item: dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://c:\PROGRA~1\Office\Office12\EXCEL.EXE/3000

O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Office\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O11 - Options group: [java_sun] Java (Sun)

O17 - HKLM\System\CCS\Services\Tcpip…{F3C652E2-084D-43B7-BDAD-2D37D215F406}: NameServer = 10.0.0.138

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

O23 - Service: Usługa inteligentnego transferu w tle (BITS) - Unknown owner - C:\WINDOWS\

O23 - Service: Usługa Google Update (gupdate1c9a920495ba8) (gupdate1c9a920495ba8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

O23 - Service: Aktualizacje automatyczne (wuauserv) - Unknown owner - C:\WINDOWS\

–

End of file - 6360 bytes

niezDarek · 22 Kwiecień 2009 08:47

usuń:

w HijackThis zaznacz wskazane pozycje i kliknij na Fix checked

Podaj jeszcze log z Combofix.

over20 · 22 Kwiecień 2009 10:19

LOG z COMBOFIX

ComboFix 09-04-22.A2 - … 2009-04-22 12:08.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2037.1550 [GMT 2:00] Uruchomiony z: d:… poczta\ComboFix.exe AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) FW: Kaspersky Anti-Virus *disabled* . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\seneka.sys c:\windows\system32\drivers\senekaynsxydrw.sys c:\windows\system32\senekafpxmphqx.dll c:\windows\system32\senekamqwyjoeh.dll c:\windows\system32\senekaqbacxyvb.db c:\windows\system32\senekarhoyxjiw.dat c:\windows\system32\senekarowputfu.dll c:\windows\system32\senekartbubomu.dll c:\windows\system32\senekaulqbmqno.dat c:\windows\system32\twain32 c:\windows\system32\twain32\local.ds c:\windows\system32\twain32\user.ds c:\windows\system32\twex.exe . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_SENEKA ((((((((((((((((((((((((( Pliki utworzone od 2009-03-22 do 2009-04-22 ))))))))))))))))))))))))))))))) . 2009-04-22 08:21 . 2008-12-11 06:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys 2009-04-22 08:21 . 2009-04-03 09:18 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys 2009-04-22 08:21 . 2008-12-18 10:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys 2009-04-22 08:21 . 2009-04-22 10:17 -------- d—a-w c:\documents and settings\All Users\Dane aplikacji\TEMP 2009-04-22 08:21 . 2008-12-10 09:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys 2009-04-22 08:21 . 2009-04-22 08:21 -------- d-----w c:\documents and settings\Stawiarski M\Dane aplikacji\PC Tools 2009-04-22 08:21 . 2009-04-22 08:21 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\PC Tools 2009-04-22 07:37 . 2009-04-22 07:37 -------- d-----w C:!KillBox 2009-04-22 04:17 . 2009-04-22 04:17 -------- d-----w c:\documents and settings\Stawiarski M\Dane aplikacji\Search Settings 2009-04-22 04:16 . 2009-04-22 04:16 -------- d-----w c:\documents and settings\Stawiarski M\Dane aplikacji\pdfforge 2009-04-21 05:48 . 2001-10-28 15:42 116224 ----a-w c:\windows\system32\pdfcmnnt.dll 2009-04-21 05:48 . 1998-06-23 23:00 137000 ----a-w c:\windows\system32\MSMAPI32.OCX 2009-04-21 05:48 . 1998-07-05 23:00 23552 ----a-w c:\windows\system32\MSMPIDE.DLL 2009-04-20 04:44 . 2009-04-20 04:54 632 ----a-w c:\windows\CoD.INI 2009-04-20 04:12 . 2009-04-20 04:12 635 ----a-w c:\windows\Rtcw.INI 2009-04-18 05:43 . 2009-04-22 10:17 89448 ----a-w c:\windows\system32\drivers\6621b595.sys 2009-04-16 07:51 . 2009-04-16 07:51 410984 ----a-w c:\windows\system32\deploytk.dll 2009-04-16 07:22 . 2009-04-16 07:22 -------- d-----w c:\documents and settings\Stawiarski M\Dane aplikacji\Creative 2009-04-16 07:06 . 2008-04-13 22:15 60032 ----a-w c:\windows\system32\drivers\USBAUDIO.sys 2009-04-10 10:03 . 2009-04-10 10:06 -------- d-----w c:\windows\system32\Adobe 2009-04-08 04:26 . 2009-04-08 12:24 155 ----a-w c:\windows\system32\SelfDel.bat 2009-04-06 04:51 . 1998-11-13 11:10 307200 ----a-w c:\windows\IsUn0415.exe 2009-04-05 05:14 . 2009-04-05 05:14 -------- d-----w c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google 2009-03-31 06:42 . 2009-04-17 06:00 176 ----a-w c:\windows\wcx_ftp.ini 2009-03-30 09:18 . 2009-03-30 09:18 -------- d-----w c:\windows\Downloaded Installations 2009-03-29 06:43 . 2009-03-29 06:43 361344 ----a-w c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL 2009-03-29 06:35 . 2008-04-15 12:00 221184 ----a-w c:\windows\system32\wmpns.dll 2009-03-29 06:34 . 2009-03-29 06:34 -------- d-----w c:\windows\system32\drivers\UMDF 2009-03-29 06:34 . 2009-03-29 06:34 -------- d-----w c:\windows\system32\LogFiles 2009-03-29 06:18 . 2009-03-29 06:18 -------- d-----w c:\windows\Sun 2009-03-27 09:19 . 2009-03-27 09:20 -------- d-----w C:\VueScan 2009-03-27 05:20 . 2009-03-27 05:20 766 ----a-w c:\windows\system32\uCF2000.ico . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-22 10:17 . 2009-03-04 06:31 85280 --sha-w c:\windows\system32\drivers\fidbox2.dat 2009-04-22 10:14 . 2009-03-04 06:31 3173664 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-04-22 10:13 . 2009-03-04 06:31 56036 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-04-22 10:13 . 2009-03-04 06:31 10040 --sha-w c:\windows\system32\drivers\fidbox2.idx 2009-04-22 10:00 . 2009-04-22 08:21 -------- d-----w c:\program files\Common Files\PC Tools 2009-04-22 10:00 . 2009-03-04 06:31 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab 2009-04-22 09:48 . 2009-04-21 05:49 -------- d-----w c:\program files\pdfforge Toolbar 2009-04-22 09:17 . 2009-03-20 05:51 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Google Updater 2009-04-22 08:36 . 2009-04-22 08:21 -------- d-----w c:\program files\Spyware Doctor 2009-04-22 08:01 . 2009-04-22 08:01 -------- d-----w c:\program files\Trend Micro 2009-04-22 07:29 . 2009-03-19 10:25 -------- d-----w c:\documents and settings\Stawiarski M\Dane aplikacji\Skype 2009-04-22 05:25 . 2009-03-08 06:30 -------- d-----w c:\program files\SolidWorks 2009-04-21 05:50 . 2009-04-21 05:48 -------- d-----w c:\program files\PDFCreator 2009-04-16 08:36 . 2008-05-21 15:20 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2009-04-16 07:51 . 2009-03-04 11:14 -------- d-----w c:\program files\Java 2009-04-16 07:28 . 2009-04-16 07:28 -------- d-----w c:\program files\INTERIAPL 2009-04-16 07:17 . 2009-04-16 07:17 -------- d-----w c:\program files\Creative 2009-04-16 07:17 . 2009-03-04 06:24 -------- d–h--w c:\program files\InstallShield Installation Information 2009-04-15 04:13 . 2009-04-09 09:47 -------- d-----w c:\program files\Pity 2008 2009-04-15 04:13 . 2009-04-09 10:05 -------- d-----w c:\program files\PITy2008 2009-04-08 10:17 . 2009-03-20 05:51 -------- d-----w c:\program files\Google 2009-04-06 04:57 . 2008-05-21 15:21 -------- d-----w c:\program files\Common Files\Adobe 2009-03-30 09:18 . 2009-03-30 09:18 -------- d-----w c:\program files\FCC Software AB 2009-03-29 06:43 . 2008-05-16 16:54 361344 ----a-w c:\windows\system32\drivers\TCPIP.SYS 2009-03-29 06:43 . 2008-05-16 16:54 361344 ----a-w c:\windows\system32\dllcache\TCPIP.SYS 2009-03-29 06:34 . 2009-03-29 06:34 -------- d-----w c:\program files\Windows Media Connect 2 2009-03-29 05:17 . 2008-05-16 16:54 86364 ----a-w c:\windows\system32\perfc015.dat 2009-03-29 05:17 . 2008-05-16 16:54 494522 ----a-w c:\windows\system32\perfh015.dat 2009-03-26 08:42 . 2009-03-04 06:30 112496 ----a-w c:\documents and settings\Stawiarski M\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2009-03-26 06:18 . 2009-03-26 06:18 -------- d-----w c:\program files\Total Video Converter 2009-03-19 10:25 . 2009-03-19 10:25 -------- d-----r c:\program files\Skype 2009-03-19 10:25 . 2009-03-19 10:25 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype 2009-03-19 07:21 . 2009-03-04 11:15 -------- d-----w c:\documents and settings\Stawiarski M\Dane aplikacji\Winamp 2009-03-19 07:21 . 2009-03-04 11:15 -------- d-----w c:\program files\Winamp 2009-03-17 06:44 . 2009-03-08 06:35 -------- d-----w c:\documents and settings\Stawiarski M\Dane aplikacji\SolidWorks 2009-03-16 07:48 . 2009-03-16 07:44 -------- d-----w c:\documents and settings\Stawiarski M\Dane aplikacji\U3 2009-03-16 07:44 . 2009-03-16 07:44 -------- d-----w c:\documents and settings\Stawiarski M\Dane aplikacji\Ahead 2009-03-13 11:07 . 2009-03-13 11:06 -------- d-----w c:\program files\Aide PDF to DXF Converter 2009-03-12 09:35 . 2009-03-12 09:35 -------- d-----w c:\program files\Poradnik Mechanika 2009-03-12 09:34 . 2009-03-12 09:35 724992 ----a-w c:\windows\iun6002.exe 2009-03-10 07:06 . 2009-03-04 06:46 -------- d-----w c:\program files\Hewlett-Packard 2009-03-10 06:55 . 2009-03-10 06:55 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\PC Drivers HeadQuarters 2009-03-10 06:55 . 2009-03-10 06:55 -------- d-----w c:\program files\PC Drivers HeadQuarters 2009-03-09 06:05 . 2009-03-09 06:05 -------- d-----w c:\documents and settings\Stawiarski M\Dane aplikacji\AdobeUM 2009-03-09 05:53 . 2009-03-09 05:49 -------- d-----w c:\program files\AllerCalc 2009-03-09 05:31 . 2009-03-08 06:55 -------- d-----w c:\program files\Common Files\Acronis 2009-03-08 06:56 . 2009-03-08 06:56 -------- d-----w c:\documents and settings\LocalService\Dane aplikacji\Acronis 2009-03-08 06:55 . 2009-03-08 06:55 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Acronis 2009-03-08 06:55 . 2009-03-08 06:55 44384 ----a-w c:\windows\system32\drivers\tifsfilt.sys 2009-03-08 06:55 . 2009-03-08 06:55 441760 ----a-w c:\windows\system32\drivers\timntr.sys 2009-03-08 06:55 . 2009-03-08 06:55 129248 ----a-w c:\windows\system32\drivers\snapman.sys 2009-03-08 06:55 . 2009-03-08 06:55 368736 ----a-w c:\windows\system32\drivers\tdrpman.sys 2009-03-08 06:55 . 2009-03-08 06:55 -------- d-----w c:\program files\Acronis 2009-03-08 06:36 . 2009-03-08 06:36 -------- d-----w c:\documents and settings\Stawiarski M\Dane aplikacji\SolidWorks 2008 2009-03-08 06:33 . 2009-03-08 06:30 -------- d-----w c:\program files\Common Files\SolidWorks Shared 2009-03-08 06:30 . 2009-03-08 06:30 -------- d-----w c:\program files\Common Files\eDrawings2008 2009-03-08 06:30 . 2009-03-08 06:30 -------- d-----w c:\program files\AGEIA Technologies 2009-03-08 06:30 . 2009-03-08 06:30 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\SolidWorks 2009-03-08 06:27 . 2009-03-08 06:27 -------- d-----w c:\program files\MSBuild 2009-03-08 06:27 . 2009-03-08 06:27 201488 ----a-w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat 2009-03-08 06:24 . 2009-03-08 06:24 -------- d-----w c:\program files\Reference Assemblies 2009-03-08 06:23 . 2009-03-08 06:23 -------- d-----w c:\program files\MSECache 2009-03-06 06:41 . 2009-03-06 06:41 -------- d-----w c:\program files\Ahead 2009-03-06 06:41 . 2009-03-06 06:41 -------- d-----w c:\program files\Common Files\Ahead 2009-03-06 06:39 . 2009-03-06 06:03 -------- d-----w c:\documents and settings\Stawiarski M\Dane aplikacji\Autodesk 2009-03-06 06:04 . 2009-03-04 06:09 137 ----a-w c:\documents and settings\Stawiarski M\Ustawienia lokalne\Dane aplikacji\fusioncache.dat 2009-03-06 06:04 . 2009-03-06 05:58 -------- d-----w c:\program files\Common Files\Autodesk Shared 2009-03-06 06:04 . 2009-03-06 06:03 -------- d-----w c:\program files\AutoCAD 2006 2009-03-06 06:04 . 2009-03-06 06:04 -------- d-----w c:\program files\AnswerWorks 4.0 2009-03-06 06:03 . 2009-03-06 06:03 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Autodesk 2009-03-06 05:58 . 2009-03-06 05:58 -------- d-----w c:\program files\Autodesk 2009-03-05 06:20 . 2008-05-16 17:17 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-03-04 12:58 . 2009-03-04 11:26 -------- d-----w c:\documents and settings\Stawiarski M\Dane aplikacji\Nowe Gadu-Gadu 2009-03-04 11:26 . 2009-03-04 11:26 -------- d-----w c:\program files\Nowe Gadu-Gadu 2009-03-04 11:20 . 2009-03-04 11:20 -------- d-----w c:\documents and settings\Stawiarski M\Dane aplikacji\Tlen.pl 2009-03-04 11:20 . 2009-03-04 11:20 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Tlen.pl 2009-03-04 11:19 . 2009-03-04 11:19 -------- d-----w c:\program files\Tlen.pl 2009-03-04 11:17 . 2009-03-04 11:17 -------- d-----w c:\program files\IrfanView 2009-03-04 11:14 . 2009-03-04 11:14 -------- d-----w c:\program files\Common Files\Java 2009-03-04 08:33 . 2009-03-04 06:31 89601 ----a-w c:\windows\system32\drivers\klick.dat 2009-03-04 08:33 . 2009-03-04 06:31 101287 ----a-w c:\windows\system32\drivers\klin.dat 2009-03-04 08:33 . 2007-03-03 20:39 112144 ----a-w c:\windows\system32\drivers\kl1.sys 2009-03-04 06:31 . 2009-03-04 06:31 -------- d-----w c:\program files\Kaspersky Lab 2009-03-04 06:24 . 2009-03-04 06:24 -------- d-----w c:\program files\Common Files\Fujitsu Siemens Computers 2009-03-04 06:24 . 2009-03-04 06:24 -------- d-----w c:\program files\Fujitsu Siemens Computers 2009-03-04 06:24 . 2009-03-04 06:24 516 ----a-w C:\RHDSetup.log 2009-03-04 06:24 . 2009-03-04 06:24 -------- d-----w c:\program files\Realtek 2009-03-04 06:24 . 2009-03-04 06:24 315392 ----a-w c:\windows\HideWin.exe 2009-03-04 06:23 . 2009-03-04 06:23 -------- d-----w c:\program files\Common Files\InstallShield 2009-03-04 06:11 . 2009-03-04 06:11 12 ----a-w c:\windows\system32\drivers\FSC__PI__ESPRIMO P5720 __FUJITSU SIEMENS_D2581-A1__Version 6.00 R1.12.2581.A1_FSC - 60000_6.00 R1.12.2581.A1 .MRK 2009-03-04 06:11 . 2008-05-16 16:48 1307 ----a-w C:\lang.txt 2008-05-16 17:29 . 2008-05-16 17:29 138 ----a-w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\fusioncache.dat . ------- Sigcheck ------- [-] 2009-03-29 06:43 361344 8E036EEC565910417EA020CE0962AA24 c:\windows\system32\dllcache\TCPIP.SYS [-] 2009-03-29 06:43 361344 8E036EEC565910417EA020CE0962AA24 c:\windows\system32\drivers\TCPIP.SYS . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2008-04-15 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2008-03-21 166424] “HPWS myPrintMileage Agent”=“c:\program files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe” [2004-10-31 102400] “SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-04-16 148888] “ISTray”=“c:\program files\Spyware Doctor\pctsTray.exe” [2008-12-08 1173384] “RTHDCPL”=“RTHDCPL.EXE” - c:\windows\RTHDCPL.exe [2007-06-13 16377344] “NWTRAY”=“NWTRAY.EXE” - c:\windows\system32\nwtray.exe [2001-12-18 28672] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-15 15360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0 [HKLM~\startupfolder\c:^documents and settings^all users^menu start^programy^autostart^adobe gamma loader.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM~\startupfolder\c:^documents and settings^all users^menu start^programy^autostart^pdfcreator.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\PDFCreator.lnk backup=c:\windows\pss\PDFCreator.lnkCommon Startup [HKLM~\startupfolder\c:^documents and settings^all users^menu start^programy^autostart^przyspieszenie uruchomienia programu autocad.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Przyspieszenie uruchomienia programu AutoCAD.lnk backup=c:\windows\pss\Przyspieszenie uruchomienia programu AutoCAD.lnkCommon Startup [HKLM~\startupfolder\c:^documents and settings^stawiarski m^menu start^programy^autostart^aparat harmonogramu zadań solidworks.lnk] path=c:\documents and settings\Stawiarski M\Menu Start\Programy\Autostart\Aparat Harmonogramu zadań SolidWorks.lnk backup=c:\windows\pss\Aparat Harmonogramu zadań SolidWorks.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] “AntiVirusDisableNotify”=dword:00000001 “UpdatesDisableNotify”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] “DisableMonitoring”=dword:00000001 [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile] “EnableFirewall”= 0 (0x0) [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\Network Diagnostic\xpnetdiag.exe”= “%windir%\system32\sessmgr.exe”= “c:\Program Files\Office\Office12\OUTLOOK.EXE”= “c:\Program Files\Skype\Phone\Skype.exe”= R2 gupdate1c9a920495ba8;Usługa Google Update (gupdate1c9a920495ba8);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-20 133104] S0 pctcore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-04-03 130936] S2 sdauxservice;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752] S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-04-04 24344] S3 v0420vid;Live! Cam Vista IM (VF0420);c:\windows\system32\DRIVERS\V0420Vid.sys [2007-05-31 99648] — Inne Usługi/Sterowniki w Pamięci — *Deregistered* - mchinjdrv [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{03c0f569-11ec-11de-a459-001999432e70}] \Shell\AutoRun\command - ur0.com \Shell\open\Command - ur0.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{03c0f56a-11ec-11de-a459-001999432e70}] \Shell\AutoRun\command - I:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{03c0f56b-11ec-11de-a459-001999432e70}] \Shell\AutoRun\command - J:\2.bat \Shell\open\Command - J:\2.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{3599f4c3-137f-11de-a45b-001999432e70}] \Shell\AutoRun\command - I:\yh.cmd \Shell\open\Command - I:\yh.cmd . Zawartość folderu ‘Zaplanowane zadania’ 2009-04-22 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-20 05:51] 2009-04-22 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-20 05:52] . . ------- Skan uzupełniający ------- . IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\Office\Office12\EXCEL.EXE/3000 TCP: {F3C652E2-084D-43B7-BDAD-2D37D215F406} = 10.0.0.138 FF - ProfilePath - c:\documents and settings\Stawiarski M\Dane aplikacji\Mozilla\Firefox\Profiles\1euxhxhf.default\ FF - component: c:\program files\Mozilla Firefox\extensions{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - component: c:\program files\Mozilla Firefox\extensions{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-22 12:17 Windows 5.1.2600 Dodatek Service Pack 3 NTFS detected NTDLL code modification: ZwClose skanowanie ukrytych procesów … skanowanie ukrytych wpisów autostartu … skanowanie ukrytych plików … skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\6621b595] “ImagePath”="\SystemRoot\System32\drivers\6621b595.sys" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > ‘winlogon.exe’(1120) c:\windows\system32\klogon.dll - - - - - - - > ‘Explorer.exe’(3328) c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\scrchpg.dll c:\windows\system32\NOVNPNT.DLL c:\windows\system32\MAPBASE.dll c:\windows\system32\NWSHLXNT.dll c:\windows\system32\NLS\ENGLISH\NWSHLXNR.DLL c:\windows\system32\NLS\ENGLISH\NOVNPNTR.DLL c:\windows\system32\wpdshext.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\Audiodev.dll c:\windows\system32\WMVCore.DLL c:\windows\system32\WMASF.DLL c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Spyware Doctor\pctsSvc.exe c:\program files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Czas ukończenia: 2009-04-22 12:19 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-04-22 10:19 Przed: 7 571 640 320 bajtów wolnych Po: 7 881 973 760 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /noexecute=optin /fastdetect 296

– Dodane 23.04.2009 (Cz) 8:54 –

No tego Trojan.Win32.Small.bxh usunęło a tera Kasperski pokazuje :

Wykryto ------- Stan Obiekt ---- ------ wykryto: riskware Invader Uruchomiony proces: C:\WINDOWS\system32\winlogon.exe wykryto: riskware Invader Uruchomiony proces: C:\WINDOWS\system32\taskmgr.exe wykryto: riskware Invader Uruchomiony proces: C:\WINDOWS\system32\services.exe wykryto: riskware Invader Uruchomiony proces: C:\WINDOWS\system32\wscntfy.exe wykryto: riskware Invader Uruchomiony proces: C:\WINDOWS\system32\control.exe wykryto: riskware Invader Uruchomiony proces: C:\WINDOWS\system32\svchost.exe wykryto: riskware Invader Uruchomiony proces: C:\WINDOWS\System32\svchost.exe wykryto: riskware Invader Uruchomiony proces: C:\WINDOWS\explorer.exe wykryto: riskware Invader Uruchomiony proces: C:\Program Files\AutoCAD 2006\acad.exe wykryto: riskware Invader Uruchomiony proces: C:\WINDOWS\system32\spoolsv.exe wykryto: riskware Invader Uruchomiony proces: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpwseng0.exe wykryto: riskware Invader Uruchomiony proces: C:\Program Files\Java\jre6\bin\jusched.exe wykryto: riskware Invader Uruchomiony proces: C:\Program Files\Java\jre6\bin\javaws.exe wykryto: riskware Invader Uruchomiony proces: C:\WINDOWS\Explorer.EXE wykryto: riskware Invader Uruchomiony proces: C:\Program Files\Trend Micro\HijackThis\HijackThis.exe wykryto: riskware Invader Uruchomiony proces: C:\Program Files\Mozilla Firefox\firefox.exe wykryto: riskware Invader Uruchomiony proces: C:\Program Files\Aide PDF to DXF Converter\pdc.exe wykryto: riskware Invader Uruchomiony proces: C:\Program Files\PDFCreator\PDFCreator.exe wykryto: riskware Invader Uruchomiony proces: C:\WINDOWS\system32\rundll32.exe wykryto: riskware Invader Uruchomiony proces: C:\WINDOWS\regedit.exe

Tu jest log z HijackThis

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:35:01, on 2009-04-23 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe C:\WINDOWS\system32\NWTRAY.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Tlen.pl\tlen.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\AutoCAD 2006\acad.exe C:\Documents and Settings\Stawiarski M\Ustawienia lokalne\Temp\AdskCleanup.0001 C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\HPWSTBX.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [HPWS myPrintMileage Agent] C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe O4 - HKLM…\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe” O4 - HKLM…\Run: [iSTray] “C:\Program Files\Spyware Doctor\pctsTray.exe” O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe” O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O8 - Extra context menu item: dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://c:\PROGRA~1\Office\Office12\EXCEL.EXE/3000 O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Office\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O11 - Options group: [java_sun] Java (Sun) O17 - HKLM\System\CCS\Services\Tcpip…{F3C652E2-084D-43B7-BDAD-2D37D215F406}: NameServer = 10.0.0.138 O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe O23 - Service: Usługa inteligentnego transferu w tle (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Usługa Google Update (gupdate1c9a920495ba8) (gupdate1c9a920495ba8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: Aktualizacje automatyczne (wuauserv) - Unknown owner - C:\WINDOWS\ – End of file - 6524 bytes

i jeszcze ComboFix

ComboFix 09-04-22.A2 - Stawiarski M 2009-04-23 8:42.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2037.1420 [GMT 2:00] Uruchomiony z: d:\stawiarski poczta\ComboFix.exe AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) FW: Kaspersky Anti-Virus *disabled* . ((((((((((((((((((((((((( Pliki utworzone od 2009-03-23 do 2009-04-23 ))))))))))))))))))))))))))))))) . 2009-04-22 08:21 . 2008-12-11 06:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys 2009-04-22 08:21 . 2009-04-03 09:18 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys 2009-04-22 08:21 . 2008-12-18 10:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys 2009-04-22 08:21 . 2009-04-23 06:39 -------- d—a-w c:\documents and settings\All Users\Dane aplikacji\TEMP 2009-04-22 08:21 . 2008-12-10 09:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys 2009-04-22 08:21 . 2009-04-22 08:21 -------- d-----w c:\documents and settings\Stawiarski M\Dane aplikacji\PC Tools 2009-04-22 08:21 . 2009-04-22 08:21 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\PC Tools 2009-04-22 07:37 . 2009-04-22 07:37 -------- d-----w C:!KillBox 2009-04-22 04:17 . 2009-04-22 04:17 -------- d-----w c:\documents and settings\Stawiarski M\Dane aplikacji\Search Settings 2009-04-22 04:16 . 2009-04-22 04:16 -------- d-----w c:\documents and settings\Stawiarski M\Dane aplikacji\pdfforge 2009-04-21 05:48 . 2001-10-28 15:42 116224 ----a-w c:\windows\system32\pdfcmnnt.dll 2009-04-21 05:48 . 1998-06-23 23:00 137000 ----a-w c:\windows\system32\MSMAPI32.OCX 2009-04-21 05:48 . 1998-07-05 23:00 23552 ----a-w c:\windows\system32\MSMPIDE.DLL 2009-04-20 04:44 . 2009-04-20 04:54 632 ----a-w c:\windows\CoD.INI 2009-04-20 04:12 . 2009-04-20 04:12 635 ----a-w c:\windows\Rtcw.INI 2009-04-18 05:43 . 2009-04-23 06:52 89448 ----a-w c:\windows\system32\drivers\6621b595.sys 2009-04-16 07:51 . 2009-04-16 07:51 410984 ----a-w c:\windows\system32\deploytk.dll 2009-04-16 07:22 . 2009-04-16 07:22 -------- d-----w c:\documents and settings\Stawiarski M\Dane aplikacji\Creative 2009-04-16 07:06 . 2008-04-13 22:15 60032 ----a-w c:\windows\system32\drivers\USBAUDIO.sys 2009-04-10 10:03 . 2009-04-10 10:06 -------- d-----w c:\windows\system32\Adobe 2009-04-08 04:26 . 2009-04-08 12:24 155 ----a-w c:\windows\system32\SelfDel.bat 2009-04-06 04:51 . 1998-11-13 11:10 307200 ----a-w c:\windows\IsUn0415.exe 2009-04-05 05:14 . 2009-04-05 05:14 -------- d-----w c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google 2009-03-31 06:42 . 2009-04-17 06:00 176 ----a-w c:\windows\wcx_ftp.ini 2009-03-30 09:18 . 2009-03-30 09:18 -------- d-----w c:\windows\Downloaded Installations 2009-03-29 06:43 . 2009-03-29 06:43 361344 ----a-w c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL 2009-03-29 06:35 . 2008-04-15 12:00 221184 ----a-w c:\windows\system32\wmpns.dll 2009-03-29 06:34 . 2009-03-29 06:34 -------- d-----w c:\windows\system32\drivers\UMDF 2009-03-29 06:34 . 2009-03-29 06:34 -------- d-----w c:\windows\system32\LogFiles 2009-03-29 06:18 . 2009-03-29 06:18 -------- d-----w c:\windows\Sun 2009-03-27 09:19 . 2009-03-27 09:20 -------- d-----w C:\VueScan 2009-03-27 05:20 . 2009-03-27 05:20 766 ----a-w c:\windows\system32\uCF2000.ico . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-23 06:52 . 2009-03-04 06:31 3653920 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-04-23 06:52 . 2009-03-04 06:31 99872 --sha-w c:\windows\system32\drivers\fidbox2.dat 2009-04-23 06:46 . 2009-03-04 06:31 11408 --sha-w c:\windows\system32\drivers\fidbox2.idx 2009-04-23 06:45 . 2009-03-04 06:31 62468 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-04-23 04:12 . 2009-03-04 06:31 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab 2009-04-22 10:00 . 2009-04-22 08:21 -------- d-----w c:\program files\Common Files\PC Tools 2009-04-22 09:48 . 2009-04-21 05:49 -------- d-----w c:\program files\pdfforge Toolbar 2009-04-22 09:17 . 2009-03-20 05:51 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Google Updater 2009-04-22 08:36 . 2009-04-22 08:21 -------- d-----w c:\program files\Spyware Doctor 2009-04-22 08:01 . 2009-04-22 08:01 -------- d-----w c:\program files\Trend Micro 2009-04-22 07:29 . 2009-03-19 10:25 -------- d-----w c:\documents and settings\Stawiarski M\Dane aplikacji\Skype 2009-04-22 05:25 . 2009-03-08 06:30 -------- d-----w c:\program files\SolidWorks 2009-04-21 05:50 . 2009-04-21 05:48 -------- d-----w c:\program files\PDFCreator 2009-04-16 08:36 . 2008-05-21 15:20 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2009-04-16 07:51 . 2009-03-04 11:14 -------- d-----w c:\program files\Java 2009-04-16 07:28 . 2009-04-16 07:28 -------- d-----w c:\program files\INTERIAPL 2009-04-16 07:17 . 2009-04-16 07:17 -------- d-----w c:\program files\Creative 2009-04-16 07:17 . 2009-03-04 06:24 -------- d–h--w c:\program files\InstallShield Installation Information 2009-04-15 04:13 . 2009-04-09 09:47 -------- d-----w c:\program files\Pity 2008 2009-04-15 04:13 . 2009-04-09 10:05 -------- d-----w c:\program files\PITy2008 2009-04-08 10:17 . 2009-03-20 05:51 -------- d-----w c:\program files\Google 2009-04-06 04:57 . 2008-05-21 15:21 -------- d-----w c:\program files\Common Files\Adobe 2009-03-30 09:18 . 2009-03-30 09:18 -------- d-----w c:\program files\FCC Software AB 2009-03-29 06:43 . 2008-05-16 16:54 361344 ----a-w c:\windows\system32\drivers\TCPIP.SYS 2009-03-29 06:43 . 2008-05-16 16:54 361344 ----a-w c:\windows\system32\dllcache\TCPIP.SYS 2009-03-29 06:34 . 2009-03-29 06:34 -------- d-----w c:\program files\Windows Media Connect 2 2009-03-29 05:17 . 2008-05-16 16:54 86364 ----a-w c:\windows\system32\perfc015.dat 2009-03-29 05:17 . 2008-05-16 16:54 494522 ----a-w c:\windows\system32\perfh015.dat 2009-03-26 08:42 . 2009-03-04 06:30 112496 ----a-w c:\documents and settings\Stawiarski M\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2009-03-26 06:18 . 2009-03-26 06:18 -------- d-----w c:\program files\Total Video Converter 2009-03-19 10:25 . 2009-03-19 10:25 -------- d-----r c:\program files\Skype 2009-03-19 10:25 . 2009-03-19 10:25 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype 2009-03-19 07:21 . 2009-03-04 11:15 -------- d-----w c:\documents and settings\Stawiarski M\Dane aplikacji\Winamp 2009-03-19 07:21 . 2009-03-04 11:15 -------- d-----w c:\program files\Winamp 2009-03-17 06:44 . 2009-03-08 06:35 -------- d-----w c:\documents and settings\Stawiarski M\Dane aplikacji\SolidWorks 2009-03-16 07:48 . 2009-03-16 07:44 -------- d-----w c:\documents and settings\Stawiarski M\Dane aplikacji\U3 2009-03-16 07:44 . 2009-03-16 07:44 -------- d-----w c:\documents and settings\Stawiarski M\Dane aplikacji\Ahead 2009-03-13 11:07 . 2009-03-13 11:06 -------- d-----w c:\program files\Aide PDF to DXF Converter 2009-03-12 09:35 . 2009-03-12 09:35 -------- d-----w c:\program files\Poradnik Mechanika 2009-03-12 09:34 . 2009-03-12 09:35 724992 ----a-w c:\windows\iun6002.exe 2009-03-10 07:06 . 2009-03-04 06:46 -------- d-----w c:\program files\Hewlett-Packard 2009-03-10 06:55 . 2009-03-10 06:55 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\PC Drivers HeadQuarters 2009-03-10 06:55 . 2009-03-10 06:55 -------- d-----w c:\program files\PC Drivers HeadQuarters 2009-03-09 06:05 . 2009-03-09 06:05 -------- d-----w c:\documents and settings\Stawiarski M\Dane aplikacji\AdobeUM 2009-03-09 05:53 . 2009-03-09 05:49 -------- d-----w c:\program files\AllerCalc 2009-03-09 05:31 . 2009-03-08 06:55 -------- d-----w c:\program files\Common Files\Acronis 2009-03-08 06:56 . 2009-03-08 06:56 -------- d-----w c:\documents and settings\LocalService\Dane aplikacji\Acronis 2009-03-08 06:55 . 2009-03-08 06:55 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Acronis 2009-03-08 06:55 . 2009-03-08 06:55 44384 ----a-w c:\windows\system32\drivers\tifsfilt.sys 2009-03-08 06:55 . 2009-03-08 06:55 441760 ----a-w c:\windows\system32\drivers\timntr.sys 2009-03-08 06:55 . 2009-03-08 06:55 129248 ----a-w c:\windows\system32\drivers\snapman.sys 2009-03-08 06:55 . 2009-03-08 06:55 368736 ----a-w c:\windows\system32\drivers\tdrpman.sys 2009-03-08 06:55 . 2009-03-08 06:55 -------- d-----w c:\program files\Acronis 2009-03-08 06:36 . 2009-03-08 06:36 -------- d-----w c:\documents and settings\Stawiarski M\Dane aplikacji\SolidWorks 2008 2009-03-08 06:33 . 2009-03-08 06:30 -------- d-----w c:\program files\Common Files\SolidWorks Shared 2009-03-08 06:30 . 2009-03-08 06:30 -------- d-----w c:\program files\Common Files\eDrawings2008 2009-03-08 06:30 . 2009-03-08 06:30 -------- d-----w c:\program files\AGEIA Technologies 2009-03-08 06:30 . 2009-03-08 06:30 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\SolidWorks 2009-03-08 06:27 . 2009-03-08 06:27 -------- d-----w c:\program files\MSBuild 2009-03-08 06:27 . 2009-03-08 06:27 201488 ----a-w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat 2009-03-08 06:24 . 2009-03-08 06:24 -------- d-----w c:\program files\Reference Assemblies 2009-03-08 06:23 . 2009-03-08 06:23 -------- d-----w c:\program files\MSECache 2009-03-06 06:41 . 2009-03-06 06:41 -------- d-----w c:\program files\Ahead 2009-03-06 06:41 . 2009-03-06 06:41 -------- d-----w c:\program files\Common Files\Ahead 2009-03-06 06:39 . 2009-03-06 06:03 -------- d-----w c:\documents and settings\Stawiarski M\Dane aplikacji\Autodesk 2009-03-06 06:04 . 2009-03-04 06:09 137 ----a-w c:\documents and settings\Stawiarski M\Ustawienia lokalne\Dane aplikacji\fusioncache.dat 2009-03-06 06:04 . 2009-03-06 05:58 -------- d-----w c:\program files\Common Files\Autodesk Shared 2009-03-06 06:04 . 2009-03-06 06:03 -------- d-----w c:\program files\AutoCAD 2006 2009-03-06 06:04 . 2009-03-06 06:04 -------- d-----w c:\program files\AnswerWorks 4.0 2009-03-06 06:03 . 2009-03-06 06:03 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Autodesk 2009-03-06 05:58 . 2009-03-06 05:58 -------- d-----w c:\program files\Autodesk 2009-03-05 06:20 . 2008-05-16 17:17 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-03-04 12:58 . 2009-03-04 11:26 -------- d-----w c:\documents and settings\Stawiarski M\Dane aplikacji\Nowe Gadu-Gadu 2009-03-04 11:26 . 2009-03-04 11:26 -------- d-----w c:\program files\Nowe Gadu-Gadu 2009-03-04 11:20 . 2009-03-04 11:20 -------- d-----w c:\documents and settings\Stawiarski M\Dane aplikacji\Tlen.pl 2009-03-04 11:20 . 2009-03-04 11:20 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Tlen.pl 2009-03-04 11:19 . 2009-03-04 11:19 -------- d-----w c:\program files\Tlen.pl 2009-03-04 11:17 . 2009-03-04 11:17 -------- d-----w c:\program files\IrfanView 2009-03-04 11:14 . 2009-03-04 11:14 -------- d-----w c:\program files\Common Files\Java 2009-03-04 08:33 . 2009-03-04 06:31 89601 ----a-w c:\windows\system32\drivers\klick.dat 2009-03-04 08:33 . 2009-03-04 06:31 101287 ----a-w c:\windows\system32\drivers\klin.dat 2009-03-04 08:33 . 2007-03-03 20:39 112144 ----a-w c:\windows\system32\drivers\kl1.sys 2009-03-04 06:31 . 2009-03-04 06:31 -------- d-----w c:\program files\Kaspersky Lab 2009-03-04 06:24 . 2009-03-04 06:24 -------- d-----w c:\program files\Common Files\Fujitsu Siemens Computers 2009-03-04 06:24 . 2009-03-04 06:24 -------- d-----w c:\program files\Fujitsu Siemens Computers 2009-03-04 06:24 . 2009-03-04 06:24 516 ----a-w C:\RHDSetup.log 2009-03-04 06:24 . 2009-03-04 06:24 -------- d-----w c:\program files\Realtek 2009-03-04 06:24 . 2009-03-04 06:24 315392 ----a-w c:\windows\HideWin.exe 2009-03-04 06:23 . 2009-03-04 06:23 -------- d-----w c:\program files\Common Files\InstallShield 2009-03-04 06:11 . 2009-03-04 06:11 12 ----a-w c:\windows\system32\drivers\FSC__PI__ESPRIMO P5720 __FUJITSU SIEMENS_D2581-A1__Version 6.00 R1.12.2581.A1_FSC - 60000_6.00 R1.12.2581.A1 .MRK 2009-03-04 06:11 . 2008-05-16 16:48 1307 ----a-w C:\lang.txt 2008-05-16 17:29 . 2008-05-16 17:29 138 ----a-w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\fusioncache.dat . ------- Sigcheck ------- [-] 2009-03-29 06:43 361344 8E036EEC565910417EA020CE0962AA24 c:\windows\system32\dllcache\TCPIP.SYS [-] 2009-03-29 06:43 361344 8E036EEC565910417EA020CE0962AA24 c:\windows\system32\drivers\TCPIP.SYS . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2008-04-15 15360] “Komunikator”=“c:\program files\Tlen.pl\tlen.exe” [2009-01-17 5853672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2008-03-21 166424] “HPWS myPrintMileage Agent”=“c:\program files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe” [2004-10-31 102400] “SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-04-16 148888] “RTHDCPL”=“RTHDCPL.EXE” - c:\windows\RTHDCPL.exe [2007-06-13 16377344] “NWTRAY”=“NWTRAY.EXE” - c:\windows\system32\nwtray.exe [2001-12-18 28672] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-15 15360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0 [HKLM~\startupfolder\c:^documents and settings^all users^menu start^programy^autostart^adobe gamma loader.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM~\startupfolder\c:^documents and settings^all users^menu start^programy^autostart^pdfcreator.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\PDFCreator.lnk backup=c:\windows\pss\PDFCreator.lnkCommon Startup [HKLM~\startupfolder\c:^documents and settings^all users^menu start^programy^autostart^przyspieszenie uruchomienia programu autocad.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Przyspieszenie uruchomienia programu AutoCAD.lnk backup=c:\windows\pss\Przyspieszenie uruchomienia programu AutoCAD.lnkCommon Startup [HKLM~\startupfolder\c:^documents and settings^stawiarski m^menu start^programy^autostart^aparat harmonogramu zadań solidworks.lnk] path=c:\documents and settings\Stawiarski M\Menu Start\Programy\Autostart\Aparat Harmonogramu zadań SolidWorks.lnk backup=c:\windows\pss\Aparat Harmonogramu zadań SolidWorks.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] “AntiVirusDisableNotify”=dword:00000001 “UpdatesDisableNotify”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] “DisableMonitoring”=dword:00000001 [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\Network Diagnostic\xpnetdiag.exe”= “%windir%\system32\sessmgr.exe”= “c:\Program Files\Office\Office12\OUTLOOK.EXE”= “c:\Program Files\Skype\Phone\Skype.exe”= “c:\Program Files\Tlen.pl\tlen.exe”= R2 gupdate1c9a920495ba8;Usługa Google Update (gupdate1c9a920495ba8);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-20 133104] R3 sdauxservice;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752] S0 pctcore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-04-03 130936] S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-04-04 24344] S3 v0420vid;Live! Cam Vista IM (VF0420);c:\windows\system32\DRIVERS\V0420Vid.sys [2007-05-31 99648] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{03c0f569-11ec-11de-a459-001999432e70}] \Shell\AutoRun\command - ur0.com \Shell\open\Command - ur0.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{03c0f56a-11ec-11de-a459-001999432e70}] \Shell\AutoRun\command - I:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{03c0f56b-11ec-11de-a459-001999432e70}] \Shell\AutoRun\command - J:\2.bat \Shell\open\Command - J:\2.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{3599f4c3-137f-11de-a45b-001999432e70}] \Shell\AutoRun\command - I:\yh.cmd \Shell\open\Command - I:\yh.cmd . Zawartość folderu ‘Zaplanowane zadania’ 2009-04-23 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-20 05:51] 2009-04-23 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-20 05:52] . . ------- Skan uzupełniający ------- . IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\Office\Office12\EXCEL.EXE/3000 TCP: {F3C652E2-084D-43B7-BDAD-2D37D215F406} = 10.0.0.138 FF - ProfilePath - c:\documents and settings\Stawiarski M\Dane aplikacji\Mozilla\Firefox\Profiles\1euxhxhf.default\ FF - component: c:\program files\Mozilla Firefox\extensions{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - component: c:\program files\Mozilla Firefox\extensions{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-23 08:52 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów … skanowanie ukrytych wpisów autostartu … skanowanie ukrytych plików … skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\6621b595] “ImagePath”="\SystemRoot\System32\drivers\6621b595.sys" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\s-1-5-21-4228208204-2684636828-2764481345-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{b80ae19e-2379-11dd-b6f7-806d6172696f}] @SACL= “BaseClass”=“Drive” [HKEY_USERS\s-1-5-21-4228208204-2684636828-2764481345-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{b80ae19f-2379-11dd-b6f7-806d6172696f}] @SACL= “BaseClass”=“Drive” [HKEY_USERS\s-1-5-21-4228208204-2684636828-2764481345-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{b80ae1a0-2379-11dd-b6f7-806d6172696f}] @SACL= “BaseClass”=“Drive” . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > ‘winlogon.exe’(1116) c:\windows\system32\klogon.dll - - - - - - - > ‘Explorer.exe’(1640) c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\scrchpg.dll c:\windows\system32\NOVNPNT.DLL c:\windows\system32\MAPBASE.dll c:\windows\system32\NWSHLXNT.dll c:\windows\system32\NLS\ENGLISH\NWSHLXNR.DLL c:\windows\system32\NLS\ENGLISH\NOVNPNTR.DLL c:\windows\system32\wpdshext.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\Audiodev.dll c:\windows\system32\WMVCore.DLL c:\windows\system32\WMASF.DLL c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\program files\Tlen.pl\hook.dll c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Czas ukończenia: 2009-04-23 8:54 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-04-23 06:54 ComboFix2.txt 2009-04-22 10:19 Przed: 7 099 113 472 bajtów wolnych Po: 7 081 316 352 bajtów wolnych 278