Wyskakujące okienka ze stronami dla dorosłych

piwoj · 15 Lipiec 2007 08:47

cześć… wyskakuje mi pełno okienek o zbereźnej treści. Być może mój współlokator właził na niedozwolone stronki. Bardzo proszę o pomoc bo komputer jest mi w tej chwili potrzebny. Wklejam log z hijacthis.

Logfile of HijackThis v1.99.1 Scan saved at 10:38:46, on 2007-07-15 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Microsoft Security Adviser\mssadv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\BitLord\BitLord.exe C:\Program Files\Tlen.pl\tlen.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe E:\ściągnięte\Port_Royale_2_PL\Port Royale 2\PR2.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Piotrek.K\USTAWI~1\Temp\Rar$EX00.391\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://torrenty.org/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.onet.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM…\Run: [iMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32 O4 - HKLM…\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [avgnt] “C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” O4 - HKLM…\Run: [HP Software Update] “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe” O4 - HKLM…\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM…\Run: [Microsoft security adviser] C:\Program Files\Microsoft Security Adviser\mssadv.exe O4 - HKLM…\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe O4 - HKLM…\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe O4 - HKLM…\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe O4 - HKLM…\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe O4 - HKLM…\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [bitComet] “C:\Program Files\BitLord\BitLord.exe” O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - HKCU…\Run: [Microsoft security adviser] C:\Program Files\Microsoft Security Adviser\mssadv.exe O4 - HKCU…\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe O4 - HKCU…\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe O4 - HKCU…\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe O4 - HKCU…\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe O4 - HKCU…\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Przyspieszenie uruchomienia programu AutoCAD.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=www.onet.pl O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

arekmalek · 15 Lipiec 2007 20:43

Czysto. Log z combofix proszę :lol:

Złączono Posta : 15.07.2007 (Nie) 21:44

to fixujesz jeszcze

piwoj · 16 Lipiec 2007 00:03

wklejam log z combofix-a

“Piotrek” - 2007-07-16 1:59:17 - ComboFix 07-07-14.6 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\svchost.exe C:\WINDOWS\system32{6E8F891B-0DAC-4B8D-8C73-5114A440864B}.exe C:\WINDOWS\system32\kernel32.exe ((((((((((((((((((((((((( Files Created from 2007-06-15 to 2007-07-15 ))))))))))))))))))))))))))))))) 2007-07-16 01:57 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-15 23:26 2007-07-15 12:50 30,720 --a------ C:\WINDOWS\internt.exe 2007-07-15 12:50 11,721 --a------ C:\WINDOWS\system32\mshlpa.exe 2007-07-15 10:26 2007-07-15 00:36 42,776 --a------ C:\WINDOWS\mssadv.dll 2007-07-15 00:36 11,776 --a------ C:\svchost2.exe 2007-07-15 00:36 2007-07-13 23:40 2007-07-13 22:32 2007-07-09 20:49 2007-07-07 12:53 2007-07-01 01:19 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll 2007-07-01 01:19 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll 2007-07-01 01:19 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll 2007-07-01 01:19 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll 2007-06-30 18:15 2007-06-30 18:15 2007-06-30 18:09 2007-06-30 17:41 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-06-28 00:02 2007-06-25 18:29 2007-06-25 18:25 2007-06-25 18:24 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe 2007-06-25 18:24 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll 2007-06-25 18:24 104,373 -ra------ C:\WINDOWS\system32\atiicdxx.dat 2007-06-25 18:24 2007-06-24 19:11 2007-06-24 16:50 2007-06-24 16:50 2007-06-24 16:50 2007-06-23 13:11 2007-06-23 13:09 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2007-06-23 13:09 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2007-06-23 13:09 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2007-06-23 13:09 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-06-23 13:09 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-06-23 13:09 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2007-06-23 13:09 2007-06-23 13:08 2007-06-23 00:24 2007-06-23 00:15 2007-06-20 23:04 2007-06-20 22:59 2007-06-20 22:59 2007-06-20 22:59 2007-06-20 22:57 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2007-06-20 22:57 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2007-06-20 22:57 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-06-20 17:45 2007-06-20 15:17 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-06-20 15:17 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-06-20 15:17 43,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-06-20 15:17 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-06-20 15:16 2007-06-20 15:15 2007-06-20 07:40 2007-06-19 23:31 2007-06-19 22:29 2007-06-19 15:54 2007-06-19 15:53 2007-06-19 15:53 2007-06-19 15:53 2007-06-19 15:49 2007-06-19 15:32 2007-06-19 15:29 2007-06-19 15:28 10,578 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2007-06-19 13:46 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-06-19 13:44 2007-06-19 13:44 2007-06-19 13:44 2007-06-19 04:40 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-06-19 04:40 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-06-19 04:40 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2007-06-19 04:39 77,312 --a------ C:\WINDOWS\system32\usbui.dll 2007-06-19 04:39 53,504 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys 2007-06-19 04:38 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll 2007-06-19 04:38 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll 2007-06-19 04:38 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll 2007-06-19 04:38 76,288 --a------ C:\WINDOWS\system32\uniime.dll 2007-06-19 04:38 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll 2007-06-19 04:38 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll 2007-06-19 04:37 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-06-19 04:37 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll 2007-06-19 04:37 9,168 --a------ C:\WINDOWS\system\VER.DLL 2007-06-19 04:37 85,532 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-06-19 04:37 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-06-19 04:37 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll 2007-06-19 04:37 8,704 --a------ C:\WINDOWS\system32\batt.dll 2007-06-19 04:37 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2007-06-19 04:37 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll 2007-06-19 04:37 70,144 --a------ C:\WINDOWS\NOTEPAD.EXE 2007-06-19 04:37 70,096 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-06-19 04:37 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll 2007-06-19 04:37 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll 2007-06-19 04:37 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll 2007-06-19 04:37 7,168 --a------ C:\WINDOWS\system32\kbdcz.dll 2007-06-19 04:37 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll 2007-06-19 04:37 69,552 --a------ C:\WINDOWS\system\MMSYSTEM.DLL 2007-06-19 04:37 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-27 18:39:17 -------- d-----w C:\DOCUME~1\Piotrek.K\DANEAP~1\Moje pliki Bitwy o Śródziemie™ II 2007-06-25 16:25:35 79,606 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-25 16:25:35 457,574 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-19 00:08:50 -------- d-----w C:\Program Files\Usługi online 2007-04-19 11:26:00 888,832 ----a-w C:\WINDOWS\system32\nvmobls.dll 2007-04-19 11:26:00 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-04-19 11:26:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-04-19 11:26:00 794,624 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-04-19 11:26:00 7,700,480 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-04-19 11:26:00 581,632 ----a-w C:\WINDOWS\system32\nvhwvid.dll 2007-04-19 11:26:00 5,644,288 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-04-19 11:26:00 5,619,712 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-04-19 11:26:00 5,255,168 ----a-w C:\WINDOWS\system32\nvdispsr.dll 2007-04-19 11:26:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-04-19 11:26:00 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll 2007-04-19 11:26:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-04-19 11:26:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-04-19 11:26:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-04-19 11:26:00 4,543,616 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-04-19 11:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-04-19 11:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-04-19 11:26:00 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll 2007-04-19 11:26:00 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll 2007-04-19 11:26:00 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll 2007-04-19 11:26:00 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll 2007-04-19 11:26:00 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll 2007-04-19 11:26:00 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll 2007-04-19 11:26:00 323,584 ----a-w C:\WINDOWS\system32\nvrshe.dll 2007-04-19 11:26:00 323,584 ----a-w C:\WINDOWS\system32\nvrsar.dll 2007-04-19 11:26:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll 2007-04-19 11:26:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll 2007-04-19 11:26:00 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll 2007-04-19 11:26:00 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll 2007-04-19 11:26:00 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll 2007-04-19 11:26:00 311,296 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-04-19 11:26:00 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll 2007-04-19 11:26:00 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll 2007-04-19 11:26:00 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll 2007-04-19 11:26:00 3,203,072 ----a-w C:\WINDOWS\system32\nvgamesr.dll 2007-04-19 11:26:00 3,035,136 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-04-19 11:26:00 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll 2007-04-19 11:26:00 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll 2007-04-19 11:26:00 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll 2007-04-19 11:26:00 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll 2007-04-19 11:26:00 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll 2007-04-19 11:26:00 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll 2007-04-19 11:26:00 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll 2007-04-19 11:26:00 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-04-19 11:26:00 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll 2007-04-19 11:26:00 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll 2007-04-19 11:26:00 278,528 ----a-w C:\WINDOWS\system32\nvrsfr.dll 2007-04-19 11:26:00 274,432 ----a-w C:\WINDOWS\system32\nvrsit.dll 2007-04-19 11:26:00 274,432 ----a-w C:\WINDOWS\system32\nvrses.dll 2007-04-19 11:26:00 274,432 ----a-w C:\WINDOWS\system32\nvrsel.dll 2007-04-19 11:26:00 270,336 ----a-w C:\WINDOWS\system32\nvrsde.dll 2007-04-19 11:26:00 266,240 ----a-w C:\WINDOWS\system32\nvrspt.dll 2007-04-19 11:26:00 266,240 ----a-w C:\WINDOWS\system32\nvrsnl.dll 2007-04-19 11:26:00 266,240 ----a-w C:\WINDOWS\system32\nvrsesm.dll 2007-04-19 11:26:00 262,144 ----a-w C:\WINDOWS\system32\nvrsru.dll 2007-04-19 11:26:00 262,144 ----a-w C:\WINDOWS\system32\nvrsptb.dll 2007-04-19 11:26:00 262,144 ----a-w C:\WINDOWS\system32\nvrsja.dll 2007-04-19 11:26:00 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll 2007-04-19 11:26:00 253,952 ----a-w C:\WINDOWS\system32\nvrshu.dll 2007-04-19 11:26:00 249,856 ----a-w C:\WINDOWS\system32\nvrstr.dll 2007-04-19 11:26:00 249,856 ----a-w C:\WINDOWS\system32\nvrssl.dll 2007-04-19 11:26:00 249,856 ----a-w C:\WINDOWS\system32\nvrssk.dll 2007-04-19 11:26:00 249,856 ----a-w C:\WINDOWS\system32\nvrspl.dll 2007-04-19 11:26:00 249,856 ----a-w C:\WINDOWS\system32\nvrsno.dll 2007-04-19 11:26:00 245,760 ----a-w C:\WINDOWS\system32\nvrssv.dll 2007-04-19 11:26:00 245,760 ----a-w C:\WINDOWS\system32\nvrsda.dll 2007-04-19 11:26:00 241,664 ----a-w C:\WINDOWS\system32\nvrsfi.dll 2007-04-19 11:26:00 241,664 ----a-w C:\WINDOWS\system32\nvrseng.dll 2007-04-19 11:26:00 241,664 ----a-w C:\WINDOWS\system32\nvrscs.dll 2007-04-19 11:26:00 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll 2007-04-19 11:26:00 221,184 ----a-w C:\WINDOWS\system32\nvrszhc.dll 2007-04-19 11:26:00 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll 2007-04-19 11:26:00 212,992 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-04-19 11:26:00 2,973,696 ----a-w C:\WINDOWS\system32\nvvitvsr.dll 2007-04-19 11:26:00 2,924,544 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-04-19 11:26:00 2,859,008 ----a-w C:\WINDOWS\system32\nvmoblsr.dll 2007-04-19 11:26:00 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll 2007-04-19 11:26:00 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll 2007-04-19 11:26:00 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll 2007-04-19 11:26:00 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll 2007-04-19 11:26:00 159,810 ----a-w C:\WINDOWS\system32\nvsvc32.exe 2007-04-19 11:26:00 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe 2007-04-19 11:26:00 118,784 ----a-w C:\WINDOWS\system32\nvrszht.dll 2007-04-19 11:26:00 1,732,608 ----a-w C:\WINDOWS\system32\nvwssr.dll 2007-04-19 11:26:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll 2007-04-19 11:26:00 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe 2007-04-19 11:26:00 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll 2007-04-19 11:26:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe 2007-04-19 11:26:00 1,236,992 ----a-w C:\WINDOWS\system32\nvwss.dll 2007-04-19 11:26:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll 2007-04-19 11:26:00 1,011,712 ----a-w C:\WINDOWS\system32\nvcpluir.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2004-12-14 11:56 63136 -ra------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] 2007-06-08 15:18 976424 --a------ C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “RTHDCPL”=“RTHDCPL.EXE” [2005-05-04 11:28 C:\WINDOWS\RTHDCPL.EXE] “nwiz”=“nwiz.exe” [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe] “avgnt”=“C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” [2007-04-02 10:35] “DAEMON Tools-1033”=“C:\Program Files\D-Tools\daemon.exe” [2004-08-22 17:05] “QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-06-20 07:40] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-05-15 00:22] “ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” [2005-09-13 00:48] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [2007-03-14 03:43] “HP Software Update”=“C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe” [2003-06-25 11:24] “HP Component Manager”=“C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” [2003-10-23 19:51] “Microsoft security adviser”=“C:\Program Files\Microsoft Security Adviser\mssadv.exe” [2007-07-15 00:36] “msctrl.exe”=“C:\Program Files\Microsoft Security Adviser\msctrl.exe” [] “msavsc.exe”=“C:\Program Files\Microsoft Security Adviser\msavsc.exe” [] “msscan.exe”=“C:\Program Files\Microsoft Security Adviser\msscan.exe” [] “msiemon.exe”=“C:\Program Files\Microsoft Security Adviser\msiemon.exe” [] “msfw.exe”=“C:\Program Files\Microsoft Security Adviser\msfw.exe” [] “mssadv.exe”="" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-06-08 15:18] “BitComet”=“C:\Program Files\BitLord\BitLord.exe” [2005-05-07 02:47] “Komunikator”=“C:\Program Files\Tlen.pl\tlen.exe” [2007-02-12 12:01] “Microsoft security adviser”=“C:\Program Files\Microsoft Security Adviser\mssadv.exe” [2007-07-15 00:36] “msctrl.exe”=“C:\Program Files\Microsoft Security Adviser\msctrl.exe” [] “msavsc.exe”=“C:\Program Files\Microsoft Security Adviser\msavsc.exe” [] “msscan.exe”=“C:\Program Files\Microsoft Security Adviser\msscan.exe” [] “msiemon.exe”=“C:\Program Files\Microsoft Security Adviser\msiemon.exe” [] “msfw.exe”=“C:\Program Files\Microsoft Security Adviser\msfw.exe” [] “mssadv.exe”="" [] “SpyVampire”=“C:\Program Files\SpyVampire\SpyVampire.exe” [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] “DisableTaskMgr”=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] “{54645654-2225-4455-44A1-9F4543D34546}”=“C:\WINDOWS\system32\vbsys2.dll” [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{098db208-1e08-11dc-9dc7-806d6172696f}] AutoRun\command- H:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{c8c44d1c-1e05-11dc-98bc-001485b48f46}] AutoRun\command- EXPLORER.EXE explore\Command- EXPLORER.EXE open\Command- EXPLORER.EXE *Newly Created Service* - WINDOWS_MANAGEMENT_SERVICE ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-16 02:00:42 Windows 5.1.2600 Dodatek Service Pack 2 NTFS detected NTDLL code modification: ZwEnumerateKey, ZwEnumerateValueKey, ZwQueryValueKey, ZwQueryDirectoryFile, ZwQuerySystemInformation scanning hidden processes … scanning hidden autostart entries … HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon System = csgkk.exe HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit = C:\WINDOWS\system32\userinit.exe, scanning hidden files … C:\WINDOWS\system32\csgkk.exe C:\WINDOWS\system32\dmzni.exe scan completed successfully hidden files: 2 ************************************************************************** Completion time: 2007-07-16 2:01:26 C:\ComboFix-quarantined-files.txt … 2007-07-16 02:01 — E O F —

arekmalek · 16 Lipiec 2007 08:49

Jednak trochę robaków jest.

Stosujesz TO, ustawiasz w tym programie znaczki na zielono, netbios może być na żółto.

pliczki i foldery usuwasz w trybie awaryjnym z wyłączonym przywracaniem systemu. Nowy log z combofix :lol:

Joan · 16 Lipiec 2007 12:47

arekmalek ostrzeżenie i zakaz pisania za byle jakie sprawdzanie logów.

Użyj SmitFraudFix z opcji 2 w trybie awaryjnym i po tym nowe logi z HJT i Silent Runners a także raport ze SmitFraudFix – plik c:\rapport.txt.

Skan AVG AntiSpyware 7.5 po update, wklej raport.

nowy log z combofixa koniecznie