Usuniete foldery (?)

Mc_Cubeo · 13 Listopad 2008 17:04

Krotko o problemie:

Zniknął Mi folder, dosłownie, wcale nie śmieszne :-/

opcja --> Pokaz Ukryte Foldery - nie działa…

skan z Norton nic nie wykrywa…

nie mam żadnego Punktu Przywracania systemu…

Podejrzewam związek z Windows Update, chociaż jaki to ma związek ? Tylko to zainstalowałem a na drugi dzień folder poszedł w piach…

HELP !

*********************************** Log z ComboFixa: **********************************************

ComboFix 08-11-12.01 - Mc Cubeo 2008-11-13 17:41:43.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1045.18.1174 [GMT 1:00]

Uruchomiony z: d:\sciagniete z neta\ComboFix.exe

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

-------\Service_iprip

((((((((((((((((((((((((( Pliki utworzone od 2008-10-13 do 2008-11-13 )))))))))))))))))))))))))))))))

2008-11-12 17:40 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll

2008-11-12 17:40 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll

2008-11-12 17:40 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys

2008-11-10 18:44 . 2008-11-11 18:45 107,888 --a------ c:\windows\System32\CmdLineExt.dll

2008-11-10 18:20 . 2008-11-10 18:20

2008-11-06 20:46 . 2008-11-06 20:46

2008-11-06 20:46 . 2008-11-06 20:46 410,976 --a------ c:\windows\System32\deploytk.dll

2008-11-05 13:11 . 2008-11-05 13:11

2008-11-05 11:48 . 2008-11-05 11:48

2008-11-05 11:23 . 2008-11-05 11:23 33,846 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp Shorten Codec.bmp

2008-11-05 11:23 . 2008-11-05 11:23 33,846 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp Musepack Codec.bmp

2008-11-05 11:23 . 2008-11-05 11:23 33,846 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp Midi Decoder.bmp

2008-11-05 11:23 . 2008-11-05 11:23 3,409 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp Shorten Codec.dat

2008-11-05 11:23 . 2008-11-05 11:23 3,281 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp Musepack Codec.dat

2008-11-05 11:23 . 2008-11-05 11:23 2,647 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp Midi Decoder.dat

2008-11-05 11:18 . 2008-11-05 11:18 33,846 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.bmp

2008-11-05 11:18 . 2008-11-05 11:18 33,846 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp WavPack Codec.bmp

2008-11-05 11:18 . 2008-11-05 11:18 33,846 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.bmp

2008-11-05 11:18 . 2008-11-05 11:18 3,182 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat

2008-11-05 11:18 . 2008-11-05 11:18 3,105 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat

2008-11-05 11:18 . 2008-11-05 11:18 3,006 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp WavPack Codec.dat

2008-11-05 11:17 . 2008-11-05 11:17 33,846 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.bmp

2008-11-05 11:17 . 2008-11-05 11:17 11,471 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat

2008-11-05 11:14 . 2008-11-05 11:13 33,846 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.bmp

2008-11-05 11:14 . 2008-11-05 11:14 33,846 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp m4a Codec.bmp

2008-11-05 11:14 . 2008-11-05 11:14 33,846 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp FLAC Codec.bmp

2008-11-05 11:14 . 2008-11-05 11:14 3,623 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp m4a Codec.dat

2008-11-05 11:14 . 2008-11-05 11:14 3,063 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat

2008-11-05 11:14 . 2008-11-05 11:14 2,985 --a------ c:\windows\System32\SpoonUninstall-dBpoweramp FLAC Codec.dat

2008-11-03 13:33 . 2008-11-03 13:56

2008-11-03 13:33 . 2008-11-03 13:33 124,464 --a------ c:\windows\System32\drivers\SYMEVENT.SYS

2008-11-03 13:33 . 2008-11-03 13:32 25,136 -ra------ c:\windows\System32\drivers\SymIMV.sys

2008-11-03 13:33 . 2008-11-03 13:33 10,635 --a------ c:\windows\System32\drivers\SYMEVENT.CAT

2008-11-03 13:33 . 2008-11-03 13:33 806 --a------ c:\windows\System32\drivers\SYMEVENT.INF

2008-11-03 13:32 . 2008-11-13 17:15

2008-11-03 13:32 . 2008-11-03 13:33

2008-11-03 13:27 . 2008-11-03 13:27

2008-11-02 14:47 . 2008-11-04 14:17

2008-10-29 18:50 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll

2008-10-29 18:50 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll

2008-10-29 18:49 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll

2008-10-26 14:07 . 2008-10-26 14:07

2008-10-25 17:08 . 2008-10-25 17:08

2008-10-19 20:26 . 2008-10-19 20:26

2008-10-18 20:13 . 2008-10-18 20:13

2008-10-17 16:17 . 2008-10-26 13:59

2008-10-15 09:14 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe

2008-10-15 09:14 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe

2008-10-15 09:14 . 2008-08-27 02:06 288,768 --a------ c:\windows\System32\drivers\srv.sys

2008-10-14 17:02 . 2008-11-03 11:00

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-11-13 16:14 --------- d-----w c:\users\Mc Cubeo\AppData\Roaming\uTorrent

2008-11-13 15:42 --------- d–h--w c:\program files\InstallShield Installation Information

2008-11-13 15:42 --------- d-----w c:\program files\Mc Cubeo

2008-11-07 11:25 --------- d-----w c:\users\Mc Cubeo\AppData\Roaming\Any Video Converter

2008-11-05 18:02 --------- d-----w c:\program files\ATI Technologies

2008-11-05 10:22 653,176 ----a-w c:\windows\System32\SpoonUninstall.exe

2008-11-02 13:13 --------- d-----w c:\users\Mc Cubeo\AppData\Roaming\GHISLER

2008-10-26 13:07 --------- d-----w c:\program files\Windows Live

2008-10-23 14:40 --------- d-----w c:\users\Mc Cubeo\AppData\Roaming\Nero

2008-10-18 20:23 --------- d-----w c:\program files\Common Files\InstallShield

2008-10-15 08:24 --------- d-----w c:\program files\Windows Mail

2008-10-12 14:46 --------- d-----w c:\programdata\Nero

2008-10-12 14:34 --------- d-----w c:\program files\Common Files\Nero

2008-10-12 11:17 --------- d-----w c:\program files\Common Files\Ahead

2008-10-11 16:27 --------- d-----w c:\programdata\Nokia

2008-10-11 16:23 --------- d-----w c:\programdata\Installations

2008-10-11 16:23 --------- d-----w c:\program files\Nokia

2008-10-11 16:23 --------- d-----w c:\program files\Common Files\Nokia

2008-10-11 15:38 --------- d-----w c:\users\Mc Cubeo\AppData\Roaming\Winamp

2008-10-11 08:20 --------- d-----w c:\program files\MSXML 4.0

2008-10-09 17:47 --------- d-----w c:\users\Mc Cubeo\AppData\Roaming\Gadu-Gadu

2008-10-09 16:05 33 ----a-w c:\windows\system32\drivers\adidsl.cfg

2008-10-09 16:05 --------- d-----w c:\program files\SAGEM

2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll

2008-09-30 16:59 --------- d-----w c:\programdata\Microsoft Help

2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll

2008-09-26 17:04 716,272 ----a-w c:\windows\system32\drivers\sptd.sys

2008-09-24 03:09 3,976,192 ----a-w c:\windows\system32\drivers\atikmdag.sys

2008-09-24 02:20 425,984 ----a-w c:\windows\System32\ATIDEMGX.dll

2008-09-24 02:19 159,744 ----a-w c:\windows\System32\atitmmxx.dll

2008-09-24 02:18 43,520 ----a-w c:\windows\System32\ati2edxx.dll

2008-09-24 02:18 327,680 ----a-w c:\windows\System32\atipdlxx.dll

2008-09-24 02:18 270,336 ----a-w c:\windows\System32\Ati2evxx.dll

2008-09-24 02:18 262,144 ----a-w c:\windows\System32\Oemdspif.dll

2008-09-24 02:16 704,512 ----a-w c:\windows\System32\Ati2evxx.exe

2008-09-24 02:08 2,201,088 ----a-w c:\windows\System32\atidxx32.dll

2008-09-24 02:02 3,922,432 ----a-w c:\windows\System32\atiumdag.dll

2008-09-24 01:46 10,428,416 ----a-w c:\windows\System32\atioglxx.dll

2008-09-24 01:41 4,690,432 ----a-w c:\windows\System32\atiumdva.dll

2008-09-24 01:27 50,688 ----a-w c:\windows\System32\amdpcom32.dll

2008-09-24 01:27 50,176 ----a-w c:\windows\System32\atiadlxx.dll

2008-09-24 01:10 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll

2008-09-20 17:10 --------- d-----w c:\programdata\Apple Computer

2008-09-20 15:31 --------- d-----w c:\users\Mc Cubeo\AppData\Roaming\dBpoweramp

2008-09-19 14:53 41,752 ----a-w c:\windows\system32\drivers\InCDRm.sys

2008-09-19 14:53 40,216 ----a-w c:\windows\system32\drivers\InCDPass.sys

2008-09-19 14:53 19,352 ----a-w c:\windows\system32\drivers\InCDRec.sys

2008-09-19 14:53 129,560 ----a-w c:\windows\system32\drivers\InCDFs.sys

2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys

2008-09-14 19:57 --------- d-----w c:\programdata\InstallShield

2008-09-08 08:11 81,920 ----a-w c:\users\Mc Cubeo\AppData\Roaming\ezpinst.exe

2008-09-08 08:11 47,360 ----a-w c:\users\Mc Cubeo\AppData\Roaming\pcouffin.sys

2008-07-24 15:58 174 --sha-w c:\program files\desktop.ini

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]

@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"

[HKEY_CLASSES_ROOT\CLSID{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]

2008-09-19 15:53 98328 --a------ c:\program files\Mc Cubeo\Nero 9\Nero 9\InCD\NBHshx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ehTray.exe”=“c:\windows\ehome\ehTray.exe” [2008-01-18 125952]

“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe” [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“RtHDVCpl”=“RtHDVCpl.exe” [2008-01-17 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

“EnableUIADesktopToggle”= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

“AppInit_DLLs”=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“msacm.l3fhg”= mp3fhg.acm

“msacm.divxa32”= divxa32.acm

“VIDC.X264”= x264vfw.dll

“VIDC.HFYU”= huffyuv.dll

“vidc.i263”= i263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

“AntiVirusOverride”=dword:00000001

“AntiSpywareOverride”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3428010566-3538395600-4151627148-1001]

“EnableNotificationsRef”=dword:00000004

[HKLM~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

“{35498E76-AACB-43D5-89DF-43BF8C249E28}”= UDP:c:\program files\Mc Cubeo\Torrent\uTorrent.exe:µTorrent (TCP-In)

“{B172E8F6-1901-4E83-96BF-D49D517F6F31}”= TCP:c:\program files\Mc Cubeo\Torrent\uTorrent.exe:µTorrent (UDP-In)

“TCP Query User{78C5EA29-2195-451E-8912-DF7A5C904C1D}c:\program files\nokia\nokia software updater\nsu_ui_client.exe”= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater

“UDP Query User{933F4253-32EC-435F-A901-555073CBB725}c:\program files\nokia\nokia software updater\nsu_ui_client.exe”= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater

“TCP Query User{77CDB3CB-0E70-42EF-9DE4-F1081D0BFBB4}c:\program files\common files\nokia\service layer\a\nsl_host_process.exe”= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process

“UDP Query User{9EC2D144-B011-4AD7-957D-55C944D655D8}c:\program files\common files\nokia\service layer\a\nsl_host_process.exe”= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process

“TCP Query User{2C2FA7A1-36D8-4EAA-93DC-9E54CCD543EA}c:\windows\system32\java.exe”= UDP:c:\windows\system32\java.exe:Java Platform SE binary

“UDP Query User{9582E7D3-B1A2-446C-9719-E70D83EE47B8}c:\windows\system32\java.exe”= TCP:c:\windows\system32\java.exe:Java Platform SE binary

“TCP Query User{32485349-FEB0-443B-B028-F05F15BFBF4F}c:\program files\mc cubeo\firefox\firefox.exe”= UDP:c:\program files\mc cubeo\firefox\firefox.exe:Firefox

“UDP Query User{91A9EE8D-4B9E-4F9A-A478-45DD5497A4EB}c:\program files\mc cubeo\firefox\firefox.exe”= TCP:c:\program files\mc cubeo\firefox\firefox.exe:Firefox

“TCP Query User{438D6196-BCE4-4EAE-9E35-9B93BF416F15}c:\program files\common files\nokia\service layer\a\nsl_host_process.exe”= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process

“UDP Query User{F5AC13B0-2D26-463D-9BC5-33162DC72561}c:\program files\common files\nokia\service layer\a\nsl_host_process.exe”= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process

“TCP Query User{63CC6CFE-6245-4DDD-940B-E3F1C6BC440A}c:\program files\nokia\nokia software updater\nsu_ui_client.exe”= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater

“UDP Query User{EF678DE9-4FA1-433F-9B1F-863BA8C985B2}c:\program files\nokia\nokia software updater\nsu_ui_client.exe”= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater

“TCP Query User{77D1475F-3A2C-475B-A6DD-A25213B9D58A}c:\program files\mc cubeo\chrome specforce\specforce.exe”= UDP:c:\program files\mc cubeo\chrome specforce\specforce.exe:SpecForce

“UDP Query User{DA6B452F-7875-46DF-B0CC-568A763240ED}c:\program files\mc cubeo\chrome specforce\specforce.exe”= TCP:c:\program files\mc cubeo\chrome specforce\specforce.exe:SpecForce

“TCP Query User{B9FE2495-5389-4090-863F-4B6A3311688F}c:\program files\mc cubeo\dawn of magic\dawnofmagic.exe”= UDP:c:\program files\mc cubeo\dawn of magic\dawnofmagic.exe:DawnOfMagic

“UDP Query User{775502B9-F73F-498C-89AB-20E57ED6A3F3}c:\program files\mc cubeo\dawn of magic\dawnofmagic.exe”= TCP:c:\program files\mc cubeo\dawn of magic\dawnofmagic.exe:DawnOfMagic

[HKLM~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Configurable\System]

“Rip-Listener-1”= TCP:520|%SystemRoot%\System32\svchost.exe|Svc=iprip:@iprip.dll,-200|

[HKLM~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

“SNMP-1”= TCP:%SystemRoot%\system32\snmp.exe|Svc=SNMP:@%SystemRoot%\system32\snmp.exe,-5|

[HKLM~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

“EnableFirewall”= 0 (0x0)

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\Drivers\NIS\1001000.021\BHDrvx86.sys [2008-11-05 255536]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\Drivers\NIS\1001000.021\ccHPx86.sys [2008-11-03 362544]

R1 IDSVix86;IDSVix86;c:\programdata\Norton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081110.001\IDSvix86.sys [2008-11-03 289840]

R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-09-24 3976192]

R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys [2007-01-04 104344]

R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\NIS\1000000.07D\SYMNDISV.SYS [2008-11-03 40496]

S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys [2007-01-04 69656]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

rsmsvcs REG_MULTI_SZ ntmssvc

ipripsvc REG_MULTI_SZ iprip

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

“c:\program files\Common Files\LightScribe\LSRunOnce.exe”

Zawartość folderu ‘Zaplanowane zadania’

2008-07-24 c:\windows\Tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job

c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

------- Skan uzupełniający -------

FireFox -: Profile - c:\users\Mc Cubeo\AppData\Roaming\Mozilla\Firefox\Profiles\bt2f1i0c.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl/

FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll

FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll

FF -: plugin - c:\program files\Mc Cubeo\Firefox\plugins\npdeploytk.dll

FF -: plugin - c:\program files\Mc Cubeo\Firefox\plugins\npnul32.dll

FF -: plugin - c:\program files\Mc Cubeo\Firefox\plugins\nppl3260.dll

FF -: plugin - c:\program files\Mc Cubeo\Firefox\plugins\nprpjplug.dll

FF -: plugin - c:\program files\Mc Cubeo\Quick Time\Plugins\npqtplugin.dll

FF -: plugin - c:\program files\Mc Cubeo\Quick Time\Plugins\npqtplugin2.dll

FF -: plugin - c:\program files\Mc Cubeo\Quick Time\Plugins\npqtplugin3.dll

FF -: plugin - c:\program files\Mc Cubeo\Quick Time\Plugins\npqtplugin4.dll

FF -: plugin - c:\program files\Mc Cubeo\Quick Time\Plugins\npqtplugin5.dll

FF -: plugin - c:\program files\Mc Cubeo\Quick Time\Plugins\npqtplugin6.dll

FF -: plugin - c:\program files\Mc Cubeo\Quick Time\Plugins\npqtplugin7.dll

FF -: plugin - c:\program files\Mc Cubeo\Real Alternative\browser\plugins\nppl3260.dll

FF -: plugin - c:\program files\Mc Cubeo\Real Alternative\browser\plugins\nprpjplug.dll

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-13 17:46:35

Windows 6.0.6001 Service Pack 1 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

------------------------ Pozostałe uruchomione procesy ------------------------

c:\windows\System32\Ati2evxx.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\Ati2evxx.exe

c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\program files\Mc Cubeo\Nero 9\Nero 9\InCD\NBHRegInCDSrv.exe

c:\program files\Mc Cubeo\Norton 2009\Engine\16.0.0.125\ccSvcHst.exe

c:\windows\System32\TCPSVCS.EXE

c:\windows\System32\snmp.exe

c:\windows\System32\WUDFHost.exe

c:\windows\System32\conime.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\System32\WerFault.exe

**************************************************************************

Czas ukończenia: 2008-11-13 17:48:35 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2008-11-13 16:48:24

Przed: 69 607 694 336 bajtów wolnych

Po: 69,394,305,024 bajtów wolnych

257 — E O F — 2008-11-12 16:42:04

********************************** Log z HiJacka:*************************************************************

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:13:39, on 2008-11-13

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\conime.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\Explorer.exe

C:\Program Files\Mc Cubeo\Norton 2009\Engine\16.1.0.33\ccSvcHst.exe

C:\Program Files\Mc Cubeo\Firefox\firefox.exe

C:\Program Files\Mc Cubeo\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Mc Cubeo\Norton 2009\Engine\16.1.0.33\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Mc Cubeo\Norton 2009\Engine\16.1.0.33\IPSBHO.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Mc Cubeo\Norton 2009\Engine\16.1.0.33\coIEPlg.dll

O4 - HKLM…\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKCU…\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU…\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘USŁUGA SIECIOWA’)

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll

O13 - Gopher Prefix:

O17 - HKLM\System\CCS\Services\Tcpip…{89569757-1400-4ECF-9D36-845FE202C590}: NameServer = 83.238.255.76 213.241.79.37

O20 - AppInit_DLLs:

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Mc Cubeo\Nero 9\Nero 9\InCD\NBHRegInCDSrv.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Mc Cubeo\Norton 2009\Engine\16.1.0.33\ccSvcHst.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

End of file - 4610 bytes

Help

medjohnsc · 13 Listopad 2008 17:40

Po pierwsze to logi wklejaj na http://www.wklej.org

Po drugie, spróbuj odzyskać ten folder programami:

http://dobreprogramy.pl/index.php?dz=2& … ofessional

http://dobreprogramy.pl/index.php?dz=2& … a+1.09.194

Mc_Cubeo · 13 Listopad 2008 17:50

Nie stresuj się.

Jestem tu Nowy…

Skanuje PC File Recorverem…

Nic nie działa…

Żaden z wymienionych programów nie zadziałał…