Krotko o problemie:
Zniknął Mi folder, dosłownie, wcale nie śmieszne :-/
opcja --> Pokaz Ukryte Foldery - nie działa…
skan z Norton nic nie wykrywa…
nie mam żadnego Punktu Przywracania systemu…
Podejrzewam związek z Windows Update, chociaż jaki to ma związek ? Tylko to zainstalowałem a na drugi dzień folder poszedł w piach…
HELP !
*********************************** Log z ComboFixa: **********************************************
ComboFix 08-11-12.01 - Mc Cubeo 2008-11-13 17:41:43.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1045.18.1174 [GMT 1:00]
Uruchomiony z: d:\sciagniete z neta\ComboFix.exe
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
-------\Service_iprip
((((((((((((((((((((((((( Pliki utworzone od 2008-10-13 do 2008-11-13 )))))))))))))))))))))))))))))))
2008-11-12 17:40 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 17:40 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 17:40 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-10 18:44 . 2008-11-11 18:45 107,888 --a------ c:\windows\System32\CmdLineExt.dll
2008-11-10 18:20 . 2008-11-10 18:20
2008-11-06 20:46 . 2008-11-06 20:46
2008-11-06 20:46 . 2008-11-06 20:46 410,976 --a------ c:\windows\System32\deploytk.dll
2008-11-05 13:11 . 2008-11-05 13:11
2008-11-05 11:48 . 2008-11-05 11:48
2008-11-05 11:48 . 2008-11-05 11:48
2008-11-05 11:23 . 2008-11-05 11:23 33,846 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp Shorten Codec.bmp
2008-11-05 11:23 . 2008-11-05 11:23 33,846 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp Musepack Codec.bmp
2008-11-05 11:23 . 2008-11-05 11:23 33,846 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp Midi Decoder.bmp
2008-11-05 11:23 . 2008-11-05 11:23 3,409 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp Shorten Codec.dat
2008-11-05 11:23 . 2008-11-05 11:23 3,281 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp Musepack Codec.dat
2008-11-05 11:23 . 2008-11-05 11:23 2,647 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp Midi Decoder.dat
2008-11-05 11:18 . 2008-11-05 11:18 33,846 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.bmp
2008-11-05 11:18 . 2008-11-05 11:18 33,846 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp WavPack Codec.bmp
2008-11-05 11:18 . 2008-11-05 11:18 33,846 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.bmp
2008-11-05 11:18 . 2008-11-05 11:18 3,182 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
2008-11-05 11:18 . 2008-11-05 11:18 3,105 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2008-11-05 11:18 . 2008-11-05 11:18 3,006 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp WavPack Codec.dat
2008-11-05 11:17 . 2008-11-05 11:17 33,846 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.bmp
2008-11-05 11:17 . 2008-11-05 11:17 11,471 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
2008-11-05 11:14 . 2008-11-05 11:13 33,846 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.bmp
2008-11-05 11:14 . 2008-11-05 11:14 33,846 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp m4a Codec.bmp
2008-11-05 11:14 . 2008-11-05 11:14 33,846 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp FLAC Codec.bmp
2008-11-05 11:14 . 2008-11-05 11:14 3,623 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
2008-11-05 11:14 . 2008-11-05 11:14 3,063 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
2008-11-05 11:14 . 2008-11-05 11:14 2,985 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2008-11-03 13:33 . 2008-11-03 13:56
2008-11-03 13:33 . 2008-11-03 13:33 124,464 --a------ c:\windows\System32\drivers\SYMEVENT.SYS
2008-11-03 13:33 . 2008-11-03 13:32 25,136 -ra------ c:\windows\System32\drivers\SymIMV.sys
2008-11-03 13:33 . 2008-11-03 13:33 10,635 --a------ c:\windows\System32\drivers\SYMEVENT.CAT
2008-11-03 13:33 . 2008-11-03 13:33 806 --a------ c:\windows\System32\drivers\SYMEVENT.INF
2008-11-03 13:32 . 2008-11-13 17:15
2008-11-03 13:32 . 2008-11-03 13:33
2008-11-03 13:32 . 2008-11-03 13:33
2008-11-03 13:27 . 2008-11-03 13:27
2008-11-03 13:27 . 2008-11-03 13:27
2008-11-03 13:27 . 2008-11-03 13:27
2008-11-02 14:47 . 2008-11-04 14:17
2008-10-29 18:50 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 18:50 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-29 18:49 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-26 14:07 . 2008-10-26 14:07
2008-10-25 17:08 . 2008-10-25 17:08
2008-10-19 20:26 . 2008-10-19 20:26
2008-10-18 20:13 . 2008-10-18 20:13
2008-10-17 16:17 . 2008-10-26 13:59
2008-10-17 16:17 . 2008-10-26 13:59
2008-10-17 16:17 . 2008-10-26 13:59
2008-10-15 09:14 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-10-15 09:14 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2008-10-15 09:14 . 2008-08-27 02:06 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-10-14 17:02 . 2008-11-03 11:00
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
2008-11-13 16:14 --------- d-----w c:\users\Mc Cubeo\AppData\Roaming\uTorrent
2008-11-13 15:42 --------- d–h--w c:\program files\InstallShield Installation Information
2008-11-13 15:42 --------- d-----w c:\program files\Mc Cubeo
2008-11-07 11:25 --------- d-----w c:\users\Mc Cubeo\AppData\Roaming\Any Video Converter
2008-11-05 18:02 --------- d-----w c:\program files\ATI Technologies
2008-11-05 10:22 653,176 ----a-w c:\windows\System32\SpoonUninstall.exe
2008-11-02 13:13 --------- d-----w c:\users\Mc Cubeo\AppData\Roaming\GHISLER
2008-10-26 13:07 --------- d-----w c:\program files\Windows Live
2008-10-23 14:40 --------- d-----w c:\users\Mc Cubeo\AppData\Roaming\Nero
2008-10-18 20:23 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-15 08:24 --------- d-----w c:\program files\Windows Mail
2008-10-12 14:46 --------- d-----w c:\programdata\Nero
2008-10-12 14:34 --------- d-----w c:\program files\Common Files\Nero
2008-10-12 11:17 --------- d-----w c:\program files\Common Files\Ahead
2008-10-11 16:27 --------- d-----w c:\programdata\Nokia
2008-10-11 16:23 --------- d-----w c:\programdata\Installations
2008-10-11 16:23 --------- d-----w c:\program files\Nokia
2008-10-11 16:23 --------- d-----w c:\program files\Common Files\Nokia
2008-10-11 15:38 --------- d-----w c:\users\Mc Cubeo\AppData\Roaming\Winamp
2008-10-11 08:20 --------- d-----w c:\program files\MSXML 4.0
2008-10-09 17:47 --------- d-----w c:\users\Mc Cubeo\AppData\Roaming\Gadu-Gadu
2008-10-09 16:05 33 ----a-w c:\windows\system32\drivers\adidsl.cfg
2008-10-09 16:05 --------- d-----w c:\program files\SAGEM
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 16:59 --------- d-----w c:\programdata\Microsoft Help
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-26 17:04 716,272 ----a-w c:\windows\system32\drivers\sptd.sys
2008-09-24 03:09 3,976,192 ----a-w c:\windows\system32\drivers\atikmdag.sys
2008-09-24 02:20 425,984 ----a-w c:\windows\System32\ATIDEMGX.dll
2008-09-24 02:19 159,744 ----a-w c:\windows\System32\atitmmxx.dll
2008-09-24 02:18 43,520 ----a-w c:\windows\System32\ati2edxx.dll
2008-09-24 02:18 327,680 ----a-w c:\windows\System32\atipdlxx.dll
2008-09-24 02:18 270,336 ----a-w c:\windows\System32\Ati2evxx.dll
2008-09-24 02:18 262,144 ----a-w c:\windows\System32\Oemdspif.dll
2008-09-24 02:16 704,512 ----a-w c:\windows\System32\Ati2evxx.exe
2008-09-24 02:08 2,201,088 ----a-w c:\windows\System32\atidxx32.dll
2008-09-24 02:02 3,922,432 ----a-w c:\windows\System32\atiumdag.dll
2008-09-24 01:46 10,428,416 ----a-w c:\windows\System32\atioglxx.dll
2008-09-24 01:41 4,690,432 ----a-w c:\windows\System32\atiumdva.dll
2008-09-24 01:27 50,688 ----a-w c:\windows\System32\amdpcom32.dll
2008-09-24 01:27 50,176 ----a-w c:\windows\System32\atiadlxx.dll
2008-09-24 01:10 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2008-09-20 17:10 --------- d-----w c:\programdata\Apple Computer
2008-09-20 15:31 --------- d-----w c:\users\Mc Cubeo\AppData\Roaming\dBpoweramp
2008-09-19 14:53 41,752 ----a-w c:\windows\system32\drivers\InCDRm.sys
2008-09-19 14:53 40,216 ----a-w c:\windows\system32\drivers\InCDPass.sys
2008-09-19 14:53 19,352 ----a-w c:\windows\system32\drivers\InCDRec.sys
2008-09-19 14:53 129,560 ----a-w c:\windows\system32\drivers\InCDFs.sys
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-14 19:57 --------- d-----w c:\programdata\InstallShield
2008-09-08 08:11 81,920 ----a-w c:\users\Mc Cubeo\AppData\Roaming\ezpinst.exe
2008-09-08 08:11 47,360 ----a-w c:\users\Mc Cubeo\AppData\Roaming\pcouffin.sys
2008-07-24 15:58 174 --sha-w c:\program files\desktop.ini
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-09-19 15:53 98328 --a------ c:\program files\Mc Cubeo\Nero 9\Nero 9\InCD\NBHshx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ehTray.exe”=“c:\windows\ehome\ehTray.exe” [2008-01-18 125952]
“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe” [2008-01-18 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“RtHDVCpl”=“RtHDVCpl.exe” [2008-01-17 c:\windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableUIADesktopToggle”= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.l3fhg”= mp3fhg.acm
“msacm.divxa32”= divxa32.acm
“VIDC.X264”= x264vfw.dll
“VIDC.HFYU”= huffyuv.dll
“vidc.i263”= i263_32.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
“AntiVirusOverride”=dword:00000001
“AntiSpywareOverride”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3428010566-3538395600-4151627148-1001]
“EnableNotificationsRef”=dword:00000004
[HKLM~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“{35498E76-AACB-43D5-89DF-43BF8C249E28}”= UDP:c:\program files\Mc Cubeo\Torrent\uTorrent.exe:µTorrent (TCP-In)
“{B172E8F6-1901-4E83-96BF-D49D517F6F31}”= TCP:c:\program files\Mc Cubeo\Torrent\uTorrent.exe:µTorrent (UDP-In)
“TCP Query User{78C5EA29-2195-451E-8912-DF7A5C904C1D}c:\program files\nokia\nokia software updater\nsu_ui_client.exe”= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
“UDP Query User{933F4253-32EC-435F-A901-555073CBB725}c:\program files\nokia\nokia software updater\nsu_ui_client.exe”= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
“TCP Query User{77CDB3CB-0E70-42EF-9DE4-F1081D0BFBB4}c:\program files\common files\nokia\service layer\a\nsl_host_process.exe”= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
“UDP Query User{9EC2D144-B011-4AD7-957D-55C944D655D8}c:\program files\common files\nokia\service layer\a\nsl_host_process.exe”= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
“TCP Query User{2C2FA7A1-36D8-4EAA-93DC-9E54CCD543EA}c:\windows\system32\java.exe”= UDP:c:\windows\system32\java.exe:Java Platform SE binary
“UDP Query User{9582E7D3-B1A2-446C-9719-E70D83EE47B8}c:\windows\system32\java.exe”= TCP:c:\windows\system32\java.exe:Java Platform SE binary
“TCP Query User{32485349-FEB0-443B-B028-F05F15BFBF4F}c:\program files\mc cubeo\firefox\firefox.exe”= UDP:c:\program files\mc cubeo\firefox\firefox.exe:Firefox
“UDP Query User{91A9EE8D-4B9E-4F9A-A478-45DD5497A4EB}c:\program files\mc cubeo\firefox\firefox.exe”= TCP:c:\program files\mc cubeo\firefox\firefox.exe:Firefox
“TCP Query User{438D6196-BCE4-4EAE-9E35-9B93BF416F15}c:\program files\common files\nokia\service layer\a\nsl_host_process.exe”= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
“UDP Query User{F5AC13B0-2D26-463D-9BC5-33162DC72561}c:\program files\common files\nokia\service layer\a\nsl_host_process.exe”= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
“TCP Query User{63CC6CFE-6245-4DDD-940B-E3F1C6BC440A}c:\program files\nokia\nokia software updater\nsu_ui_client.exe”= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
“UDP Query User{EF678DE9-4FA1-433F-9B1F-863BA8C985B2}c:\program files\nokia\nokia software updater\nsu_ui_client.exe”= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
“TCP Query User{77D1475F-3A2C-475B-A6DD-A25213B9D58A}c:\program files\mc cubeo\chrome specforce\specforce.exe”= UDP:c:\program files\mc cubeo\chrome specforce\specforce.exe:SpecForce
“UDP Query User{DA6B452F-7875-46DF-B0CC-568A763240ED}c:\program files\mc cubeo\chrome specforce\specforce.exe”= TCP:c:\program files\mc cubeo\chrome specforce\specforce.exe:SpecForce
“TCP Query User{B9FE2495-5389-4090-863F-4B6A3311688F}c:\program files\mc cubeo\dawn of magic\dawnofmagic.exe”= UDP:c:\program files\mc cubeo\dawn of magic\dawnofmagic.exe:DawnOfMagic
“UDP Query User{775502B9-F73F-498C-89AB-20E57ED6A3F3}c:\program files\mc cubeo\dawn of magic\dawnofmagic.exe”= TCP:c:\program files\mc cubeo\dawn of magic\dawnofmagic.exe:DawnOfMagic
[HKLM~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Configurable\System]
“Rip-Listener-1”= TCP:520|%SystemRoot%\System32\svchost.exe|Svc=iprip:@iprip.dll,-200|
[HKLM~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
“SNMP-1”= TCP:%SystemRoot%\system32\snmp.exe|Svc=SNMP:@%SystemRoot%\system32\snmp.exe,-5|
[HKLM~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
“EnableFirewall”= 0 (0x0)
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\Drivers\NIS\1001000.021\BHDrvx86.sys [2008-11-05 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\Drivers\NIS\1001000.021\ccHPx86.sys [2008-11-03 362544]
R1 IDSVix86;IDSVix86;c:\programdata\Norton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081110.001\IDSvix86.sys [2008-11-03 289840]
R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-09-24 3976192]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys [2007-01-04 104344]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\NIS\1000000.07D\SYMNDISV.SYS [2008-11-03 40496]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys [2007-01-04 69656]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rsmsvcs REG_MULTI_SZ ntmssvc
ipripsvc REG_MULTI_SZ iprip
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
“c:\program files\Common Files\LightScribe\LSRunOnce.exe”
Zawartość folderu ‘Zaplanowane zadania’
2008-07-24 c:\windows\Tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
------- Skan uzupełniający -------
FireFox -: Profile - c:\users\Mc Cubeo\AppData\Roaming\Mozilla\Firefox\Profiles\bt2f1i0c.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl/
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mc Cubeo\Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mc Cubeo\Firefox\plugins\npnul32.dll
FF -: plugin - c:\program files\Mc Cubeo\Firefox\plugins\nppl3260.dll
FF -: plugin - c:\program files\Mc Cubeo\Firefox\plugins\nprpjplug.dll
FF -: plugin - c:\program files\Mc Cubeo\Quick Time\Plugins\npqtplugin.dll
FF -: plugin - c:\program files\Mc Cubeo\Quick Time\Plugins\npqtplugin2.dll
FF -: plugin - c:\program files\Mc Cubeo\Quick Time\Plugins\npqtplugin3.dll
FF -: plugin - c:\program files\Mc Cubeo\Quick Time\Plugins\npqtplugin4.dll
FF -: plugin - c:\program files\Mc Cubeo\Quick Time\Plugins\npqtplugin5.dll
FF -: plugin - c:\program files\Mc Cubeo\Quick Time\Plugins\npqtplugin6.dll
FF -: plugin - c:\program files\Mc Cubeo\Quick Time\Plugins\npqtplugin7.dll
FF -: plugin - c:\program files\Mc Cubeo\Real Alternative\browser\plugins\nppl3260.dll
FF -: plugin - c:\program files\Mc Cubeo\Real Alternative\browser\plugins\nprpjplug.dll
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-13 17:46:35
Windows 6.0.6001 Service Pack 1 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
------------------------ Pozostałe uruchomione procesy ------------------------
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Mc Cubeo\Nero 9\Nero 9\InCD\NBHRegInCDSrv.exe
c:\program files\Mc Cubeo\Norton 2009\Engine\16.0.0.125\ccSvcHst.exe
c:\windows\System32\TCPSVCS.EXE
c:\windows\System32\snmp.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\WerFault.exe
**************************************************************************
Czas ukończenia: 2008-11-13 17:48:35 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2008-11-13 16:48:24
Przed: 69 607 694 336 bajtów wolnych
Po: 69,394,305,024 bajtów wolnych
257 — E O F — 2008-11-12 16:42:04
********************************** Log z HiJacka:*************************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:39, on 2008-11-13
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\Explorer.exe
C:\Program Files\Mc Cubeo\Norton 2009\Engine\16.1.0.33\ccSvcHst.exe
C:\Program Files\Mc Cubeo\Firefox\firefox.exe
C:\Program Files\Mc Cubeo\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Mc Cubeo\Norton 2009\Engine\16.1.0.33\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Mc Cubeo\Norton 2009\Engine\16.1.0.33\IPSBHO.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Mc Cubeo\Norton 2009\Engine\16.1.0.33\coIEPlg.dll
O4 - HKLM…\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKCU…\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU…\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-20…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘USŁUGA SIECIOWA’)
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip…{89569757-1400-4ECF-9D36-845FE202C590}: NameServer = 83.238.255.76 213.241.79.37
O20 - AppInit_DLLs:
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Mc Cubeo\Nero 9\Nero 9\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Mc Cubeo\Norton 2009\Engine\16.1.0.33\ccSvcHst.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
End of file - 4610 bytes
Help