omboFix 08-06-30.2 - NTN 2008-07-01 19:05:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1250.1.1045.18.207 [GMT 1:00]
Running from: C:\Documents and Settings\NTN\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\system32\loadsftpf.dat
.
((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.
2008-07-01 18:13 . 2008-07-01 18:13
2008-07-01 18:13 . 2008-07-01 18:13
2008-06-30 21:16 . 2008-06-30 21:22
2008-06-29 10:28 . 2008-06-29 10:28 85,504 --a------ C:\WINDOWS\twain_16.dll
2008-06-29 10:14 . 2008-06-30 22:40 32,120 --a------ C:\WINDOWS\system32\wpx2.cpx
2008-06-29 10:10 . 2008-06-29 10:10 109,056 --a------ C:\WINDOWS\system32\wpx5.cpx
2008-06-29 10:10 . 2008-06-29 10:10 20,552 --a------ C:\WINDOWS\system32\wpx7.cpx
2008-06-29 00:08 . 2008-06-29 00:08 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-06-13 12:55 . 2008-06-13 12:55
2008-06-13 12:55 . 2008-06-13 12:55 0 --a------ C:\WINDOWS\iPlayer.INI
2008-06-09 21:06 . 2008-06-09 21:06
2008-06-09 21:06 . 2008-06-09 21:06
2008-06-09 21:06 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-09 21:05 . 2008-06-09 21:06
2008-06-09 21:05 . 2008-06-09 21:05
2008-06-09 20:37 . 2008-06-09 20:37
2008-06-09 20:37 . 2003-03-18 20:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-06-09 07:52 . 2008-06-09 07:52
2008-06-09 07:52 . 2008-06-28 22:36 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-09 07:49 . 2008-06-16 12:33
2008-06-09 07:48 . 2008-06-09 07:48
2008-06-09 07:48 . 2008-06-09 07:50
2008-06-09 07:48 . 2008-06-09 07:48
2008-06-09 07:48 . 2008-06-09 07:48 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-06-09 07:47 . 2008-06-09 07:52
2008-06-09 07:47 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2008-06-09 07:46 . 2008-06-09 07:46
2008-06-09 07:46 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-06-09 07:46 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-06-05 21:08 . 2002-08-29 01:32 21,760 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-05 21:00 . 2008-06-05 21:00
2008-06-05 21:00 . 2008-06-05 21:00 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-06-05 21:00 . 2008-06-05 21:00 125,690 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-06-05 21:00 . 2008-06-20 23:04 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-06-05 21:00 . 2008-06-05 21:00 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-06-04 09:30 . 2008-06-04 09:30
2008-06-04 09:23 . 2008-06-29 18:09
2008-06-04 09:22 . 2008-06-04 09:23
2008-06-04 09:22 . 2008-07-01 17:23
2008-06-04 09:22 . 2008-06-04 09:22 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-06-04 09:20 . 2008-06-04 09:20
2008-06-04 09:20 . 2008-06-04 09:20
2008-06-04 09:20 . 2008-07-01 18:49
2008-06-04 09:20 . 2008-06-04 09:20
2008-06-03 22:55 . 2008-07-01 18:13
2008-06-03 22:55 . 2008-06-03 22:55
2008-06-03 22:55 . 2008-06-03 22:55
2008-06-03 22:55 . 2008-06-03 23:09
2008-06-03 22:55 . 2008-06-03 22:55
2008-06-03 22:55 . 2008-06-03 22:55
2008-06-03 22:55 . 2008-06-03 22:55
2008-06-03 22:55 . 2008-06-03 22:55
2008-06-03 22:55 . 2008-06-09 21:06
2008-06-03 22:55 . 2008-06-13 12:55
2008-06-03 22:55 . 2008-06-29 00:08
2008-06-03 22:55 . 2008-06-03 23:10
2008-06-03 22:54 . 2008-07-01 19:00
2008-06-03 22:54 . 2008-06-03 22:54
2008-06-03 22:54 . 2008-06-03 22:55
2008-06-03 22:54 . 2008-06-03 23:12
2008-06-03 22:54 . 2008-06-04 09:22
2008-06-03 22:54 . 2008-06-03 23:12
2008-06-03 22:54 . 2008-06-03 23:22
2008-06-03 22:54 . 2003-04-16 13:00 1,901,593 --a–c— C:\WINDOWS\system32\dllcache\NT5.CAT
2008-06-03 22:54 . 2003-04-16 13:00 1,086,182 -ra------ C:\WINDOWS\SET3.tmp
2008-06-03 22:54 . 2003-04-16 13:00 486,272 --a–c— C:\WINDOWS\system32\dllcache\NT5INF.CAT
2008-06-03 22:54 . 2003-04-16 13:00 13,923 -ra------ C:\WINDOWS\SET7.tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 06:46 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-06-04 20:50 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-03 22:52 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-06-03 22:52 --------- d-----w C:\Program Files\AvRack
2008-06-03 22:51 --------- d-----w C:\Documents and Settings\NTN\Dane aplikacji\InterTrust
2008-06-03 22:46 --------- d-----w C:\Program Files\Creative
2008-06-03 22:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-03 22:29 --------- d-----w C:\Program Files\SubEdit-Player
2008-06-03 22:12 --------- d-----w C:\Program Files\Usługi online
2008-06-03 22:12 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2003-04-16 13:00 13312]
“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2008-02-01 17:26 22014760]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 11:54 2131392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2006-11-23 15:10 56928]
“LanguageShortcut”=“C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [2006-12-05 22:55 54832]
“NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2006-01-12 15:40 155648]
“SecurDisc”=“C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe” [2007-02-12 12:23 1620480]
“InCD”=“C:\Program Files\Nero\Nero 7\InCD\InCD.exe” [2007-02-12 12:19 1050112]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-05-16 00:19 79224]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe” [2008-03-25 04:28 144784]
“SoundMan”=“SOUNDMAN.EXE” [2004-06-18 09:31 67584 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2003-04-16 13:00 13312]
R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-05-16 00:20]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\subsystems]
“Windows”= basempjaf32.dll
*Newly Created Service* - CATCHME
.
HKCU-Run-iexplorer - C:\WINDOWS\iexplorer.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 19:05:58
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\csrss.exe
- C:\WINDOWS\system32\basempjaf32.dll
.
Completion time: 2008-07-01 19:06:23
ComboFix-quarantined-files.txt 2008-07-01 18:06:20
Pre-Run: 27,957,080,064 bajtów wolnych
Post-Run: 28,069,138,432 bajtów wolnych
140
to jest to??
W dniu 01.07.2008 , o godzinie 20:09 został dopisany post przez magneto1
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:09:44, on 2008-07-01
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\NTN\Ustawienia lokalne\Temp\Katalog tymczasowy 1 dla HiJackThis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.eu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM…\Run: [LanguageShortcut] “C:\Program Files\CyberLink\PowerDVD\Language\Language.exe”
O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM…\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM…\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe”
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra ‘Tools’ menuitem: Show Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan … stubie.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/ … leId=21871
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
–
End of file - 6106 bytes
W dniu 01.07.2008 , o godzinie 20:16 został dopisany post przez magneto1
no i co dalej ??? :?: ![-o<
W dniu 01.07.2008 , o godzinie 20:20 został dopisany post przez magneto1
leon, come on
W dniu 01.07.2008 , o godzinie 20:26 został dopisany post przez magneto1
Pomocy!!
W dniu 01.07.2008 , o godzinie 20:29 został dopisany post przez magneto1
Leon$ , ![-o<
W dniu 01.07.2008 , o godzinie 20:30 został dopisany post przez magneto1
co mam dalej robić?? prosze piszciee ![-o<