Chcesz sprawdzić swój log z Hijackthisa? Wklej go tutaj...

[Szalony Kojot]

Oto logi z ComboFix nie wiem gdzie je umieścić więc daje tutaj:

ComboFix 07-11-08.1 - Azi 2007-11-17 13:11:46.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.409 [GMT 1:00]
Running from: E:ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.

2007-11-17 13:08 51,200 --a------ C:WINDOWSNirCmd.exe
2007-11-15 15:37 <DIR> d-------- Crogram FilesOpera
2007-11-15 15:12 <DIR> d-------- C:WINDOWSDED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2007-11-15 15:12 <DIR> d-------- Cocuments and SettingsAll UsersDane aplikacjiLavasoft
2007-11-15 15:02 <DIR> d--hs---- C:FOUND.002
2007-11-15 14:07 <DIR> dr-h----- Crogram Filesrnamfler
2007-11-15 10:12 <DIR> d--hs---- C:FOUND.001
2007-11-14 08:16 <DIR> d-------- Crogram FilesAshampoo
2007-11-03 19:44 <DIR> d-------- Cocuments and SettingsAll UsersDane aplikacjiDAEMON Tools Pro
2007-11-03 11:50 <DIR> d-------- Crogram FilesDAEMON Tools Pro
2007-11-01 19:35 <DIR> d-------- Crogram FilesDownload Express
2007-11-01 19:35 <DIR> d-------- Cocuments and SettingsDefault UserDane aplikacjiMetaProducts
2007-11-01 19:35 <DIR> d-------- Cocuments and SettingsAziDane aplikacjiMetaProducts
2007-11-01 18:21 <DIR> d-------- Cocuments and SettingsAziDane aplikacjitheimagingfactory
2007-10-30 17:15 <DIR> d-------- Cocuments and SettingsAziDane aplikacjiDAEMON Tools Pro
2007-10-30 17:14 90,112 --a------ Crogr_.dll
2007-10-29 16:43 98,304 --a------ C:WINDOWSsystem32CmdLineExt.dll
2007-10-28 21:20 <DIR> d--h----- C:host
2007-10-28 21:13 663,716 --ah----- C:WINDOWSsvhosted.exe
2007-10-28 18:52 53,248 --a------ C:WINDOWSsystem32suppdll.dll
2007-10-28 18:52 35,363 --a------ C:WINDOWSsystem32windrvNT.sys
2007-10-28 18:50 <DIR> d-------- Cocuments and SettingsAziWINDOWS
2007-10-28 17:48 <DIR> d-------- Cocuments and SettingsAll UsersDane aplikacjiLightScribe
2007-10-28 17:46 <DIR> d-------- Crogram Filesilliminable
2007-10-28 17:46 <DIR> d-------- Cocuments and SettingsAziDane aplikacjiDroppix
2007-10-28 17:46 1,012,736 --a------ C:WINDOWSsystem32vorbis.dll
2007-10-28 17:46 12,800 --a------ C:WINDOWSsystem32ogg.dll
2007-10-28 17:45 <DIR> d-------- Crogram FilesCommon FilesLightScribe
2007-10-28 17:45 <DIR> d-------- Crogram FilesCommon FilesDroppix
2007-10-28 17:45 24,576 --a------ C:WINDOWSsystem32msxml3a.dll
2007-10-28 17:44 <DIR> d-------- Cocuments and SettingsAll UsersDane aplikacjiDroppix
2007-10-28 11:45 <DIR> d-------- Cocuments and SettingsAziDane aplikacjiAutodesk
2007-10-28 11:41 2,297,552 --a------ C:WINDOWSsystem32d3dx9_26.dll
2007-10-28 11:36 169 --a------ C:WINDOWS.dat
2007-10-28 11:25 <DIR> d-------- Crogram FilesCommon FilesAutodesk Shared
2007-10-28 11:24 <DIR> d-------- Cocuments and SettingsAll UsersDane aplikacjiAutodesk
2007-10-18 19:42 <DIR> d-------- Crogram FilesMKVTOAVI
2007-10-18 19:34 <DIR> d-------- Cocuments and SettingsAziDane aplikacjiApple Computer
2007-10-17 08:32 <DIR> d-------- Crogram FilesChameleon Clock
2007-10-17 07:09 <DIR> d-------- Cocuments and SettingsAziDane aplikacjiWinamp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-25 16:44 8,488,960 ----a-w C:WINDOWSsystem32dllcacheshell32.dll
2007-10-16 19:31 --------- d-----w Cocuments and SettingsAziDane aplikacjiThinstall
2007-10-16 19:24 --------- d-----w Cocuments and SettingsAll UsersDane aplikacjiAzureus
2007-10-16 19:23 --------- d-----w Cocuments and SettingsAziDane aplikacjiAzureus
2007-10-16 07:14 --------- d-----w Cocuments and SettingsAll UsersDane aplikacjiSpybot - Search & Destroy
2007-10-15 16:27 --------- d-----w Crogram FilesWindows Media Connect 2
2007-10-14 19:19 685,816 ----a-w C:WINDOWSsystem32driverssptd.sys
2007-10-14 14:43 --------- d-----w Crogram FilesHP
2007-10-08 20:22 --------- d-----w Crogram FilesURUSoft
2007-10-08 19:07 2,321,408 ----a-w C:WINDOWSsystem32TUKernel.exe
2007-10-06 15:37 --------- d-----w Cocuments and SettingsAziDane aplikacjiMyPhoneExplorer
2007-10-06 15:36 --------- d-----w Crogram FilesMyPhoneExplorer
2007-10-06 14:42 --------- d-----w Crogram FilesFar
2007-09-30 16:59 --------- d-----w Cocuments and SettingsAll UsersDane aplikacjiApple Computer
2007-09-30 16:58 --------- d-----w Crogram FilesApple Software Update
2007-09-30 16:58 --------- d-----w Cocuments and SettingsAll UsersDane aplikacjiApple
2007-09-29 21:48 --------- d-----w Cocuments and SettingsAziDane aplikacjiTuneUp Software
2007-09-29 21:47 --------- d-----w Crogram FilesCommon FilesWise Installation Wizard
2007-09-29 21:47 --------- d-----w Cocuments and SettingsAll UsersDane aplikacjiTuneUp Software
2007-09-29 19:15 512,096 ----a-w C:WINDOWSsystem32driversamon.sys
2007-09-29 19:15 298,104 ----a-w C:WINDOWSsystem32imon.dll
2007-09-29 19:15 15,424 ----a-w C:WINDOWSsystem32driversnod32drv.sys
2007-09-29 12:00 --------- d-----w Cocuments and SettingsAziDane aplikacjiCorel
2007-09-29 11:55 --------- d-----w Crogram FilesCommon FilesCorel
2007-09-29 11:12 --------- d-----w Cocuments and SettingsAziDane aplikacjiReallusion
2007-09-29 10:36 940 ---ha-w C:hpothb07.dat
2007-09-27 16:40 68,208 ----a-w C:WINDOWSsystem32driversps7agqwb.sys
2007-09-27 16:40 64,616 ----a-w C:WINDOWSsystem32driverspe3agqwb.sys
2007-09-27 15:28 --------- d-----w Cocuments and SettingsAziDane aplikacjiNero
2007-09-27 15:21 --------- d-----w Crogram FilesNero
2007-09-27 15:21 --------- d-----w Crogram FilesCommon FilesNero
2007-09-27 15:21 --------- d-----w Cocuments and SettingsAll UsersDane aplikacjiNero
2007-09-24 11:29 --------- d-----w Crogram FilesEltima Software
2007-09-24 09:31 --------- d-----w Crogram FilesRex-team
2007-09-23 22:08 --------- d-----w Crogram FilesMacromedia
2007-09-23 22:08 --------- d-----w Crogram FilesCommon FilesMacromedia
2007-08-21 07:18 683,520 ----a-w C:WINDOWSsystem32inetcomm.dll
2007-08-21 07:18 683,520 ----a-w C:WINDOWSsystem32dllcacheinetcomm.dll
2007-08-20 11:01 824,832 ----a-w C:WINDOWSsystem32dllcachewininet.dll
2007-08-20 11:01 671,232 ----a-w C:WINDOWSsystem32dllcachemstime.dll
2007-08-20 11:01 63,488 ------w C:WINDOWSsystem32dllcacheicardie.dll
2007-08-20 11:01 6,058,496 ------w C:WINDOWSsystem32dllcacheieframe.dll
2007-08-20 11:01 52,224 ------w C:WINDOWSsystem32dllcachemsfeedsbs.dll
2007-08-20 11:01 477,696 ----a-w C:WINDOWSsystem32dllcachemshtmled.dll
2007-08-20 11:01 459,264 ------w C:WINDOWSsystem32dllcachemsfeeds.dll
2007-08-20 11:01 44,544 ----a-w C:WINDOWSsystem32dllcacheiernonce.dll
2007-08-20 11:01 384,512 ----a-w C:WINDOWSsystem32dllcacheiedkcs32.dll
2007-08-20 11:01 383,488 ------w C:WINDOWSsystem32dllcacheieapfltr.dll
2007-08-20 11:01 3,584,512 ----a-w C:WINDOWSsystem32dllcachemshtml.dll
2007-08-20 11:01 27,648 ----a-w C:WINDOWSsystem32dllcachejsproxy.dll
2007-08-20 11:01 267,776 ------w C:WINDOWSsystem32dllcacheiertutil.dll
2007-08-20 11:01 232,960 ----a-w C:WINDOWSsystem32dllcachewebcheck.dll
2007-08-20 11:01 230,400 ----a-w C:WINDOWSsystem32dllcacheieaksie.dll
2007-08-20 11:01 214,528 ----a-w C:WINDOWSsystem32dllcachedxtrans.dll
2007-08-20 11:01 193,024 ----a-w C:WINDOWSsystem32dllcachemsrating.dll
2007-08-20 11:01 153,088 ----a-w C:WINDOWSsystem32dllcacheieakeng.dll
2007-08-20 11:01 132,608 ----a-w C:WINDOWSsystem32dllcacheextmgr.dll
2007-08-20 11:01 124,928 ----a-w C:WINDOWSsystem32dllcacheadvpack.dll
2007-08-20 11:01 105,984 ----a-w C:WINDOWSsystem32dllcacheurl.dll
2007-08-20 11:01 102,400 ----a-w C:WINDOWSsystem32dllcacheoccache.dll
2007-08-20 11:01 1,152,000 ----a-w C:WINDOWSsystem32dllcacheurlmon.dll
2007-08-17 11:24 63,488 ----a-w C:WINDOWSsystem32dllcacheie4uinit.exe
2007-08-17 11:24 625,152 ----a-w C:WINDOWSsystem32dllcacheiexplore.exe
2007-08-17 11:24 13,824 ------w C:WINDOWSsystem32dllcacheieudinit.exe
2007-08-17 08:34 161,792 ----a-w C:WINDOWSsystem32dllcacheieakui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"Sony Ericsson PC Suite"="Crogram FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" [2005-10-26 16:17]
"nod32kui"="Crogram FilesEsetnod32kui.exe" [2007-09-29 20:15]
"QuickTime Task"="Erogram FilesQuickTimeqttask.exe" [2007-06-29 05:24]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"TuneUp MemOptimizer"="Erogram FilesTuneUp Utilities 2007MemOptimizer.exe" [2007-04-26 20:50]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 12:00]

Cocuments and SettingsAziMenu StartProgramyAutostart
Adobe Gamma.lnk - Crogram FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2005-03-16 19:16:50]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
"NoResolveSearch"=1 (0x1)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon]
"UIHost"="C:WINDOWSsystem32logonui.exe"

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]
"CTFMON.EXE"=C:WINDOWSsystem32ctfmon.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
"SunJavaUpdateSched"="Crogram FilesJavajre1.6.0_02binjusched.exe"

R0 pe3agqwb;Loki Environment Driver (pe3agqwb);C:WINDOWSsystem32driverspe3agqwb.sys
R0 pe3agqwc;Loki Environment Driver (pe3agqwc);C:WINDOWSsystem32driverspe3agqwc.sys
R0 ps6agqwc;Loki Synchronization Driver (ps6agqwc);C:WINDOWSsystem32driversps6agqwc.sys
R0 ps7agqwb;Loki Synchronization Driver (ps7agqwb);C:WINDOWSsystem32driversps7agqwb.sys
R1 fwdrv;Firewall Driver;C:WINDOWSsystem32driversfwdrv.sys
R1 khips;Kerio HIPS Driver;C:WINDOWSsystem32driverskhips.sys
R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;erogram FilesAshampooAshampoo AntiSpyWare 2AntiSpyWareService.exe
R2 mi-raysat_3dsMax2008_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit;"Drogram FilesAutodesk3ds Max 2008mentalraysatelliteraysat_3dsMax2008_32server.exe"
R2 UxTuneUp;TuneUp Theme Extension;C:WINDOWSSystem32svchost.exe -k netsvcs
R2 windrvNT;windrvNT;??C:WINDOWSsystem32windrvNT.sys
S2 pr2agqwb;Loki Drivers Auto Removal (pr2agqwb);C:WINDOWSsystem32pr2agqwb.exe svc
S2 pr2agqwc;Loki Drivers Auto Removal (pr2agqwc);C:WINDOWSsystem32pr2agqwc.exe svc
S3 musbehco;musbehco;??COCUME~1AziUSTAWI~1Tempmusbehco.sys
S4 Droppix Service;Droppix Service;"Crogram FilesCommon FilesDroppixDxService.exe"
S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;Crogram FilesNeroNero8Nero BackItUpNBService.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"Crogram FilesCommon FilesLightScribeLSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2007-11-10 19:17:14 C:WINDOWSTasks1-Click Maintenance.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 13:16:03
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-17 13:18:01
.
--- E O F ---



I HJ:


Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
Crogram FilesTGTSoftStyleXPStyleXPService.exe
Drogram FilesLavasoftAd-Aware 2007aawservice.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesEsetnod32kui.exe
Erogram FilesTuneUp Utilities 2007MemOptimizer.exe
C:WINDOWSsystem32devldr32.exe
erogram FilesAshampooAshampoo AntiSpyWare 2AntiSpyWareService.exe
Crogram FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
Crogram FilesBonjourmDNSResponder.exe
Crogram FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe
Crogram FilesCommon FilesLightScribeLSSrvc.exe
Drogram FilesAutodesk3ds Max 2008mentalraysatelliteraysat_3dsMax2008_32server.exe
Crogram FilesEsetnod32krn.exe
C:WINDOWSsystem32oodag.exe
C:WINDOWSsystem32svchost.exe
Crogram FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe
Crogram FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe
Crogram FilesMozilla Firefoxfirefox.exe
Cocuments and SettingsAziPulpitIkonkihijackthisHijackThis.exe

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.6.0_02binssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - Crogram FilesTGTSoftStyleXPTGT_BHO.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - CROGRA~1STARDO~1SDIEInt.dll
O4 - HKLM..Run: [Sony Ericsson PC Suite] "Crogram FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" /startoptions
O4 - HKLM..Run: [nod32kui] "Crogram FilesEsetnod32kui.exe" /WAITSERVICE
O4 - HKLM..Run: [QuickTime Task] "Erogram FilesQuickTimeqttask.exe" -atboottime
O4 - HKCU..Run: [TuneUp MemOptimizer] "Erogram FilesTuneUp Utilities 2007MemOptimizer.exe" autostart
O4 - HKCU..Run: [STYLEXP] Crogram FilesTGTSoftStyleXPStyleXP.exe -Hide
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = Crogram FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O8 - Extra context menu item: Download with Star Downloader - Crogram FilesStar Downloadersdie.htm
O10 - Unknown file in Winsock LSP: crogram filesbonjourmdnsnsp.dll
O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - erogram FilesAshampooAshampoo AntiSpyWare 2AntiSpyWareService.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - Drogram FilesLavasoftAd-Aware 2007aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - Crogram FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - Crogram FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - Crogram FilesBonjourmDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - Crogram FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - Crogram FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - Crogram FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - Drogram FilesAutodesk3ds Max 2008mentalraysatelliteraysat_3dsMax2008_32server.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - Crogram FilesEsetnod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:WINDOWSsystem32oodag.exe
O23 - Service: Loki Drivers Auto Removal (pr2agqwb) (pr2agqwb) - Unknown owner - C:WINDOWSsystem32pr2agqwb.exe (file missing)
O23 - Service: Loki Drivers Auto Removal (pr2agqwc) (pr2agqwc) - Unknown owner - C:WINDOWSsystem32pr2agqwc.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - Crogram FilesTGTSoftStyleXPStyleXPService.exe


To co jest to nie mogę usunąć więc usunąłem pliki ...

 

[0wn3r]

Na moje oko, wydaje się być czysty.

 

[kiw kiw bomba]

Czy jest coś tu:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:23:50, on 2007-12-23

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal



Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSExplorer.EXE

C:WINDOWSsystem32spoolsv.exe

c:program filescommon fileslogitechlvmvfmLVPrcSrv.exe

C:WINDOWSMixer.exe

C:Program FilesScanSoftOmniPageSE4.0OpwareSE4.exe

C:WINDOWSsystem32LVCOMSX.EXE

C:Program FilesLogitechVideoCameraAssistant.exe

C:WINDOWSsystem32ElkCtrl.exe

C:Program FilesWinampwinampa.exe

C:Program FilesJavajre1.5.0_03binjusched.exe

C:Program FilesCyberLink DVD SolutionPowerDVDPDVDServ.exe

C:Program FilesEsetnod32kui.exe

C:Program FilesCyberLinkPCM4EverioEverioService.exe

C:WINDOWSsystem32ctfmon.exe

C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe

C:Program FilesGadu-Gadugg.exe

C:Program FilesAdVantageAdVantage.exe

C:Program FilesBitTorrent_DNAdna.exe

C:WINDOWSsystem32RaConfig.exe

C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE

C:Program FilesEsetnod32krn.exe

C:Program FilesCyberLinkShared FilesRichVideo.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32wscntfy.exe

C:WINDOWSsystem32wuauclt.exe

C:Program FilesWinampwinamp.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:WINDOWSsystem32msiexec.exe

C:WINDOWSsystem32rserver30RServer3.exe

C:WINDOWSsystem32rserver30FamItrfc.Exe

C:Program FilesHijackThisHijackThis.exe



R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://www.onet.pl/[/url]

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:Program FilesCanonEasy-WebPrintEWPBrowseLoader.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:Program FilesCanonEasy-WebPrintToolband.dll

O4 - HKLM..Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM..Run: [SSBkgdUpdate] "C:Program FilesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe" -Embedding -boot

O4 - HKLM..Run: [OpwareSE4] "C:Program FilesScanSoftOmniPageSE4.0OpwareSE4.exe"

O4 - HKLM..Run: [LVCOMSX] C:WINDOWSsystem32LVCOMSX.EXE

O4 - HKLM..Run: [LogitechCameraAssistant] C:Program FilesLogitechVideoCameraAssistant.exe

O4 - HKLM..Run: [LogitechVideo[inspector]] C:Program FilesLogitechVideoInstallHelper.exe /inspect

O4 - HKLM..Run: [LogitechCameraService(E)] C:WINDOWSsystem32ElkCtrl.exe /automation

O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe

O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_03binjusched.exe

O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLink DVD SolutionPowerDVDPDVDServ.exe"

O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe

O4 - HKLM..Run: [nod32kui] "C:Program FilesEsetnod32kui.exe" /WAITSERVICE

O4 - HKLM..Run: [EverioService] "C:Program FilesCyberLinkPCM4EverioEverioService.exe"

O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [LDM] C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe

O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray

O4 - HKCU..Run: [AdVantage] "C:Program FilesAdVantageAdVantage.exe"

O4 - HKCU..Run: [BitTorrent DNA] "C:Program FilesBitTorrent_DNAdna.exe"

O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized

O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')

O4 - Global Startup: RaConfig.lnk = C:WINDOWSsystem32RaConfig.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint – Dodaj do listy drukowania - res://C:Program FilesCanonEasy-WebPrintToolband.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint – Drukuj - res://C:Program FilesCanonEasy-WebPrintToolband.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint – Drukuj z dużą szybkością - res://C:Program FilesCanonEasy-WebPrintToolband.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint – Podgląd - res://C:Program FilesCanonEasy-WebPrintToolband.dll/RC_Preview.html

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - [url]http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab[/url]

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:Program FilesLogitechDesktop Messenger8876480ProgramGAPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:program filescommon fileslogitechlvmvfmLVPrcSrv.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:Program FilesEsetnod32krn.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe

O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:WINDOWSsystem32rserver30RServer3.exe



--

End of file - 6687 bytes

 

[Kanciastoporty]

@kiw kiw bomba, jaja se robisz? wklejasz loga juz 3 raz

 

[kiw kiw bomba]

sprawdzam nie tylko swój komputer ;p

 

[0wn3r]

Czysto.

 

[Alliata]

Odp.

Na moje Oko ComboFix znajduje śmierdzące gówno.

C:WINDOWSsvhosted.exe

na same svhost wiadomo ze virus.

C:WINDOWSsystem32TUKernel.exe  To jest robak

C:WINDOWSsystem32pr2agqwb.exe svc

C:WINDOWSsystem32pr2agqwc.exe svc

To jest log Szalonego kojota.

 

[0wn3r]

Co do svhosted.exe nie zauważyłem

A TUKernel.exe to robak

 

[tobiason123]

Mozecie sprawdzić ?

Możecie sprawdzić i moje ?

Logfile of HijackThis v1.99.1

Scan saved at 23:55:12, on 2007-11-24

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)



Running processes:

J:WINDOWSSystem32smss.exe

J:WINDOWSsystem32winlogon.exe

J:WINDOWSsystem32services.exe

J:WINDOWSsystem32lsass.exe

J:WINDOWSsystem32svchost.exe

J:WINDOWSSystem32svchost.exe

J:Program FilesLavasoftAd-Aware 2007aawservice.exe

J:WINDOWSExplorer.EXE

J:WINDOWSsystem32spoolsv.exe

J:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe

J:WINDOWShtpatch.exe

J:Program FilesCommon FilesRealUpdate_OBrealsched.exe

J:WINDOWSsystem32RUNDLL32.EXE

J:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe

J:WINDOWSsystem32ctfmon.exe

J:Program FilesPLANETCommonRaUI.exe

J:Program FilesAviraAntiVir PersonalEdition Classicsched.exe

J:WINDOWSsystem32nvsvc32.exe

K:Programy XPAlcohol 120Alcohol 120StarWindStarWindService.exe

J:WINDOWSsystem32wscntfy.exe

J:WINDOWSsystem32svchost.exe

J:Documents and SettingsKamilPulpitfffotkktttFotkaManager.exe

J:Documents and SettingsKamilPulpitfffotkktttFotkaManager.exe

J:Documents and SettingsKamilPulpitfffotkktttFotkaManager.exe

J:PROGRA~1MOZILL~1FIREFOX.EXE

J:Documents and SettingsKamilPulpitHijackThis.exe



R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://www.google.pl/[/url]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = 

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - K:Programy XPMidpXJadInvokerMidpInvoker.dll

O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)

O4 - HKLM..Run: [HTpatch] J:WINDOWShtpatch.exe

O4 - HKLM..Run: [SiSUSBRG] J:WINDOWSSiSUSBrg.exe

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE J:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE J:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [avgnt] "J:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe" /min

O4 - HKCU..Run: [ctfmon.exe] J:WINDOWSsystem32ctfmon.exe

O4 - Global Startup: PLANET WL-8315 Utility.lnk = J:Program FilesPLANETCommonRaUI.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://K:Programy XPBitCometBitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://K:Programy XPBitCometBitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://K:Programy XPBitCometBitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://J:PROGRA~1MICROS~2Office12EXCEL.EXE/3000

O8 - Extra context menu item: Link to &MidpX - K:Programy XPMidpXJadInvokerExtentjad_wrap.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:Program FilesJavajre1.6.0_03binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:Program FilesJavajre1.6.0_03binssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - J:PROGRA~1MICROS~2Office12ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - J:PROGRA~1MICROS~2Office12ONBttnIE.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - K:Programy XPBitComettoolsBitCometBHO_1.1.9.24.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:PROGRA~1MICROS~2Office12REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:Program FilesMessengermsmsgs.exe

O11 - Options group: [INTERNATIONAL] International*

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - [url]http://www.mks.com.pl/skaner/SkanerOnline.cab[/url]

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]

O17 - HKLMSystemCCSServicesTcpip..{54A78134-0E94-4141-B59B-A26338127C2B}: NameServer = 194.204.159.1 194.204.152.34

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - J:PROGRA~1MICROS~2Office12GR99D3~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - J:Program FilesCommon FilesMicrosoft SharedHelphxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - J:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - J:PROGRA~1COMMON~1MICROS~1OFFICE12MSOXMLMF.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - J:Program FilesLavasoftAd-Aware 2007aawservice.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - J:Program FilesAviraAntiVir PersonalEdition Classicsched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - J:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - K:Programy XPAreschatServer.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - J:WINDOWSsystem32nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - J:Program FilesPC Connectivity SolutionServiceLayer.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - K:Programy XPAlcohol 120Alcohol 120StarWindStarWindService.exe

 

[Alliata]

czysto

Czysto.Jedyne co może być to to :

O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)

ale to nie wirus.To Reklamiarz który na stronach www odpala ci reklamy.Nie jest w ogóle groźny.
zmień IE na Firefoxa albo Opere.

 

[raziel1669]

moglibyście sprawdzić mój log bo podejrzewam trojana lub keyloggera na kompie

Logfile of HijackThis v1.99.1

Scan saved at 22:50:56, on 2007-11-25

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSExplorer.EXE

C:WINDOWSsystem32spoolsv.exe

C:Program FilesEsetnod32kui.exe

C:WINDOWSsystem32ctfmon.exe

C:Program FilesuTorrentutorrent.exe

C:Program FilesRALINKCommonRaUI.exe

C:Program FilesEsetnod32krn.exe

C:WINDOWSsystem32nvsvc32.exe

C:Program FilesAgnitumOutpost Firewalloutpost.exe

C:Program FilesWinampwinamp.exe

C:Program FilesNeroNero Corenero.exe

C:Program FilesHijackThisHijackThis.exe



R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://www.plemiona.pl/[/url]

R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = [url]http://linktarget.ashampoo.com/linktarget/?product=1606&version=4.41&edition=eid=2269&syslang=pl-pl&lang=pl-pl&target=trial[/url]

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll

O4 - HKLM..Run: [nod32kui] "C:Program FilesEsetnod32kui.exe" /WAITSERVICE

O4 - HKLM..Run: [Outpost Firewall] C:Program FilesAgnitumOutpost Firewalloutpost.exe /waitservice

O4 - HKLM..Run: [OutpostFeedBack] C:Program FilesAgnitumOutpost Firewallfeedback.exe /dump:os_startup

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray

O4 - HKCU..Run: [uTorrent] "C:Program FilesuTorrentutorrent.exe"

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeReader 8.0Readerreader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:Program FilesAdobeReader 8.0ReaderAdobeCollabSync.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:Program FilesRALINKCommonRaUI.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll (file missing)

O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:Program FilesAgnitumOutpost FirewallPluginsBrowserBarie_bar.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O17 - HKLMSystemCCSServicesTcpip..{116E8779-B4C0-4308-B85B-64B302046FE7}: NameServer = 194.204.152.34,194.204.159.1

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL

O20 - AppInit_DLLs: C:PROGRA~1AgnitumOUTPOS~1wl_hook.dll

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:Program FilesEsetnod32krn.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:Program FilesAgnitumOutpost Firewalloutpost.exe

 

[Alliata]

Hijack

Hijackiem usuń to :

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll (file missing)



     O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll (file missing)



O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file

Ale hijack nie jest zbyt dokładny.Pobierz ComboFix i daj loga,=,także z smitfraundfix.
Jeśli nic nie będzie to znaczy ze Rejestr i zalegające śmieci się kłaniają.
masz tu fajną Lekturkę

 

[raziel1669]

log z combo fixa

ComboFix 07-11-19.3 - M 2007-11-25 23:51:05.1 - [b]FAT32[/b]x86

Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.32 [GMT 1:00]

Running from: D:downloadComboFix.exe

 * Created a new restore point

.



(((((((((((((((((((((((((   Files Created from 2007-10-25 to 2007-11-25  )))))))))))))))))))))))))))))))

.



2007-11-24 18:29    <DIR>    d--------    C:Documents and SettingsMDane aplikacjiAhead

2007-11-21 20:57    <DIR>    d--hs----    C:FOUND.004

2007-11-21 10:46    <DIR>    d--------    C:Program FilesTibiaTek Bot DevTeam

2007-11-20 21:17    182,032    --a------    C:WINDOWSsystem32dxtmsft3.dll

2007-11-20 21:17    140,800    --a------    C:WINDOWSsystem32tm20dec.ax

2007-11-20 21:17    63,488    --a------    C:WINDOWSsystem32unam4ie.exe

2007-11-20 21:17    38,160    --a------    C:WINDOWSsystem32LMRTREND.dll

2007-11-20 21:16    <DIR>    d--------    C:Program FilesReflex

2007-11-20 21:16    <DIR>    d--------    C:Program FilesCommon FilesYDP

2007-11-20 21:16    10,240    --a------    C:WINDOWSsystem32vidx16.dll

2007-11-20 21:15    <DIR>    d--------    C:Documents and SettingsMWINDOWS

2007-11-20 21:15    306,688    --a------    C:WINDOWSIsUninst.exe

2007-11-20 21:14    327,168    --a------    C:WINDOWSIsUn0415.exe

2007-11-20 19:34    <DIR>    d--------    C:Program FilesTibiaBot NG

2007-11-20 18:13    <DIR>    d--------    C:Documents and SettingsAll UsersDane aplikacjiTEMP

2007-11-19 21:17    <DIR>    d--------    C:Program FilesRestorator Edycja Specjalna

2007-11-18 14:01    <DIR>    d--------    C:Program FilesKolekcja Klasyki

2007-11-17 10:47    <DIR>    d--------    C:Program FilesNAPI-PROJEKT

2007-11-16 23:18    <DIR>    d--------    C:Documents and SettingsAll UsersDane aplikacjiYahoo!

2007-11-16 23:01    <DIR>    d--------    C:Program FilesYahoo!

2007-11-16 15:20    <DIR>    d--------    C:Documents and SettingsMDane aplikacjiTibia

2007-11-16 15:19    <DIR>    d--------    C:Program FilesTibia

2007-11-15 22:52    <DIR>    d--------    C:Program FilesOpera

2007-11-15 22:34    <DIR>    d--hs----    C:FOUND.003

2007-11-14 17:24    <DIR>    d--------    C:Program FilesMarBit

2007-11-13 22:24    57,344    --a------    C:WINDOWSsystem32vbame.dll

2007-11-13 22:21    <DIR>    d--------    C:Program FilesMobile Phone Manager

2007-11-11 22:29    <DIR>    d--hs----    C:FOUND.002

2007-11-11 13:19    380,928    --a------    C:WINDOWSsystem32driversrt61.sys

2007-11-11 13:19    21,275    --a------    C:WINDOWSsystem32driversAegisP.sys

2007-11-11 13:19    8,192    --a------    C:WINDOWSsystem32driversRT2661.bin

2007-11-11 13:19    8,192    --a------    C:WINDOWSsystem32driversRT2561s.bin

2007-11-11 13:19    8,192    --a------    C:WINDOWSsystem32driversRT2561.bin

2007-11-10 22:45    <DIR>    d--------    C:Program FilesCommon FilesAdobe

2007-11-10 22:40    <DIR>    d--hs----    C:FOUND.001

2007-11-10 22:15    249,856    ---------    C:WINDOWSSetup1.exe

2007-11-10 22:15    73,216    --a------    C:WINDOWSST6UNST.EXE

2007-11-10 18:09    32    -ra------    C:Documents and SettingsAll Usershash.dat

2007-11-10 14:13    <DIR>    d--------    C:Documents and SettingsMDane aplikacjiACD Systems

2007-11-10 14:10    <DIR>    d--------    C:Documents and SettingsAll UsersDane aplikacjiSpybot - Search & Destroy

2007-11-10 12:56    <DIR>    d--------    C:WINDOWSSun

2007-11-10 12:55    69,632    --a------    C:WINDOWSsystem32javacpl.cpl

2007-11-10 12:54    5,387    --a------    C:WINDOWSsystem32jupdate-1.6.0_03-b05.log

2007-11-10 12:51    <DIR>    d--------    C:Program FilesJava

2007-11-10 12:48    <DIR>    d--------    C:Program FilesCommon FilesJava

2007-11-09 16:33    <DIR>    d--------    C:Program FilesCommon FilesSkype

2007-11-09 16:33    <DIR>    d--------    C:Documents and SettingsMDane aplikacjiSkype

2007-11-09 16:32    <DIR>    d--------    C:Program FilesSkype

2007-11-09 16:32    <DIR>    d--------    C:Documents and SettingsAll UsersDane aplikacjiSkype

2007-11-07 11:50    483,328    --a------    C:WINDOWSsystem32actskn45.ocx

2007-11-07 11:49    <DIR>    d--------    C:Program FilesBearShare Applications

2007-11-07 09:17    <DIR>    d--------    C:Program FilesValve

2007-11-06 21:47    <DIR>    d--------    C:Documents and SettingsMDane aplikacjiMedia Player Classic

2007-11-06 20:28    <DIR>    d--------    C:WINDOWSnview

2007-11-06 20:28    176,128    --a------    C:WINDOWSsystem32nvudisp.exe

2007-11-06 20:28    14,435    --a------    C:WINDOWSsystem32nvdisp.nvu

2007-11-06 20:27    <DIR>    d--------    C:NVIDIA

2007-11-06 20:24    <DIR>    d--h-----    C:WINDOWSsystem32GroupPolicy

2007-11-06 19:44    1,416    --a------    C:WINDOWSmozver.dat

2007-11-06 19:38    129,784    ---------    C:WINDOWSsystem32pxafs.dll

2007-11-06 19:38    43,528    ---------    C:WINDOWSsystem32driversPxHelp20.sys

2007-11-06 19:38    9,464    ---------    C:WINDOWSsystem32driverscdralw2k.sys

2007-11-06 19:38    9,336    ---------    C:WINDOWSsystem32driverscdr4_xp.sys

2007-11-06 19:34    <DIR>    d--hs----    C:Recycled

2007-11-06 19:33    <DIR>    d--------    C:Program FilesWinamp

2007-11-06 19:33    <DIR>    d--------    C:Program FilesCommon FilesAgnitum Shared

2007-11-06 19:33    <DIR>    d--------    C:Program FilesAgnitum

2007-11-06 19:25    <DIR>    d--------    C:Program FilesuTorrent

2007-11-06 19:25    <DIR>    d--------    C:Documents and SettingsMDane aplikacjiuTorrent

2007-11-06 19:12    <DIR>    d--------    C:Program FilesReal Alternative

2007-11-06 19:12    <DIR>    d--------    C:Program FilesMedia Player Classic

2007-11-06 19:12    <DIR>    d--------    C:Program FilesK-Lite Codec Pack

2007-11-06 19:12    3,596,288    --a------    C:WINDOWSsystem32qt-dx331.dll

2007-11-06 19:12    1,044,480    --a------    C:WINDOWSsystem32libdivx.dll

2007-11-06 19:12    639,066    --a------    C:WINDOWSsystem32divx.dll

2007-11-06 19:12    200,704    --a------    C:WINDOWSsystem32ssldivx.dll

2007-11-06 19:12    196,608    --a------    C:WINDOWSsystem32dtu100.dll

2007-11-06 19:12    180,224    --a------    C:WINDOWSsystem32xvidvfw.dll

2007-11-06 19:12    73,728    --a------    C:WINDOWSsystem32dpl100.dll

2007-11-06 19:12    10,752    --a------    C:WINDOWSsystem32ff_vfw.dll

2007-11-06 19:11    135,168    --a------    C:WINDOWSsystem32nvrsit.dll

2007-11-06 19:10    <DIR>    d--------    C:WINDOWSsystem32DRVSTORE

2007-11-06 19:10    <DIR>    d--------    C:Program FilesRALINK

2007-11-06 19:10    <DIR>    d--h-----    C:Program FilesInstallShield Installation Information

2007-11-06 19:10    <DIR>    d--------    C:Program FilesCommon FilesInstallShield

2007-11-06 19:08    <DIR>    d--------    C:WINDOWSDownloaded Installations

2007-11-06 19:08    <DIR>    d--------    C:Program FilesCommon FilesACD Systems

2007-11-06 19:08    <DIR>    d--------    C:Program FilesACD Systems

2007-11-06 19:08    <DIR>    d--------    C:Documents and SettingsAll UsersDane aplikacjiACD Systems

2007-11-06 19:07    <DIR>    d--------    C:Program FilesGadu-Gadu

2007-11-06 19:07    <DIR>    d--------    C:Documents and SettingsMGadu-Gadu

2007-11-06 19:05    0    --a------    C:WINDOWSnsreg.dat

2007-11-06 19:04    <DIR>    d--------    C:Program FilesNero

2007-11-06 19:04    <DIR>    d--------    C:Program FilesCommon FilesAhead

2007-11-06 19:04    <DIR>    d--------    C:Documents and SettingsAll UsersDane aplikacjiNero

2007-11-06 19:04    1,060,864    --a------    C:WINDOWSsystem32mfc71.dll

2007-11-06 19:04    1,047,552    --a------    C:WINDOWSsystem32mfc71u.dll

2007-11-06 19:04    499,712    --a------    C:WINDOWSsystem32msvcp71.dll

2007-11-06 19:04    348,160    --a------    C:WINDOWSsystem32msvcr71.dll

2007-11-06 19:03    502,368    --a------    C:WINDOWSsystem32driversamon.sys



.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-20 20:16    4,608    ----a-w    C:WINDOWSsystem32w95inf32.dll

2007-11-06 17:55    ---------    d-----w    C:Program FilesUsługi online

.



(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 



[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"CTFMON.EXE"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 00:44]

"Gadu-Gadu"="C:Program FilesGadu-Gadugg.exe" [2007-01-30 15:58]

"uTorrent"="C:Program FilesuTorrentutorrent.exe" [2007-11-06 19:26]



[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"nod32kui"="C:Program FilesEsetnod32kui.exe" [2005-11-15 11:48]

"Outpost Firewall"="C:Program FilesAgnitumOutpost Firewalloutpost.exe" [2006-02-13 12:00]

"OutpostFeedBack"="C:Program FilesAgnitumOutpost Firewallfeedback.exe" [2006-02-14 16:51]

"nwiz"="nwiz.exe" [2002-07-16 12:16 C:WINDOWSsystem32nwiz.exe]



[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]

"CTFMON.EXE"="C:WINDOWSsystem32CTFMON.EXE" [2004-08-04 00:44]



C:Documents and SettingsAll UsersMenu StartProgramyAutostart

Adobe Reader Speed Launch.lnk - C:Program FilesAdobeReader 8.0Readerreader_sl.exe [2006-10-23 01:48:20]

Adobe Reader Synchronizer.lnk - C:Program FilesAdobeReader 8.0ReaderAdobeCollabSync.exe [2006-10-23 00:01:50]

Ralink Wireless Utility.lnk - C:Program FilesRALINKCommonRaUI.exe [2007-11-11 13:20:23]



[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]

"AppInit_DLLs"=C:PROGRA~1AgnitumOUTPOS~1wl_hook.dll



R1 VFILT;Outpost Firewall Kernel Driver;??C:Program FilesAgnitumOutpost FirewallkernelFILTNT.SYS

R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);??C:Program FilesAgnitumOutpost FirewallkernelADBLOCK.DLL

R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);??C:Program FilesAgnitumOutpost FirewallkernelARP.DLL

R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);??C:Program FilesAgnitumOutpost FirewallkernelCONTENT.DLL

R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);??C:Program FilesAgnitumOutpost FirewallkernelDNSCACHE.DLL

R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);??C:Program FilesAgnitumOutpost FirewallkernelFTPFILT.DLL

R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);??C:Program FilesAgnitumOutpost FirewallkernelHTMLFILT.DLL

R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);??C:Program FilesAgnitumOutpost FirewallkernelHTTPFILT.DLL

R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);??C:Program FilesAgnitumOutpost FirewallkernelIMAPFILT.DLL

R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);??C:Program FilesAgnitumOutpost FirewallkernelMAILFILT.DLL

R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);??C:Program FilesAgnitumOutpost FirewallkernelNNTPFILT.DLL

R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);??C:Program FilesAgnitumOutpost FirewallkernelPOP3FILT.DLL

R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);??C:Program FilesAgnitumOutpost FirewallkernelPROTECT.DLL

R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);??C:Program FilesAgnitumOutpost FirewallkernelSECRET.DLL

S3 siusbmod;siusbmod;C:WINDOWSsystem32DRIVERSsiusbmod.sys



*Newly Created Service* - CATCHME

.

**************************************************************************



catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]

Rootkit scan 2007-11-25 23:53:46

Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI



scanning hidden processes ... 



scanning hidden autostart entries ...



scanning hidden files ... 



scan completed successfully 

hidden files: 0 



**************************************************************************

.

Completion time: 2007-11-25 23:54:37

.

    --- E O F ---

 

[Alliata]

LOL

Czysto

 

[krzychu1991s]

Witam a mój jaki ? bo wydaje sie podejrzany.

Logfile of HijackThis v1.99.1

Scan saved at 15:23:53, on 2007-11-29

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSExplorer.EXE

C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

C:Program FilesAlwil SoftwareAvast4ashServ.exe

C:WINDOWSsystem32spoolsv.exe

C:PROGRA~1ALWILS~1Avast4ashDisp.exe

C:WINDOWSSOUNDMAN.EXE

C:Program FilesJavajre1.6.0_02binjusched.exe

C:Program FilesDAEMON Toolsdaemon.exe

C:Program FilesATI TechnologiesATI.ACECLI.EXE

C:Program FilesHewlett-PackardDigital Imagingbinhpotdd01.exe

C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe

C:Program FilesHPhpcoretechhpcmpmgr.exe

C:WINDOWSsystem32spooldriversw32x863hpztsb09.exe

C:WINDOWSsystem32ctfmon.exe

C:PROGRA~1CheckP3checkp3.exe

C:Program FilesCommon FilesAheadlibNMBgMonitor.exe

C:WINDOWSExplorer.EXE

C:PROGRA~1CACHEM~1CachemanXP.exe

C:WINDOWSsystem32PnkBstrA.exe

C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

C:Program FilesATI TechnologiesATI.ACEcli.exe

C:Program FilesATI TechnologiesATI.ACEcli.exe

C:WINDOWSsystem32wuauclt.exe

C:PROGRA~1Mozilla Firefoxfirefox.exe

C:Program FilesHijackThisHijackThis.exe



R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = [url]http://search.bearshare.com/sidebar.html?src=ssb[/url]

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = [url]http://search.bearshare.com/sidebar.html?src=ssb[/url]

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = [url]http://search.bearshare.com/sidebar.html?src=ssb[/url]

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://search.bearshare.com/pl/[/url]

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = [url]http://search.bearshare.com/sidebar.html?src=ssb[/url]

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_02binssv.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)

O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe

O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACECLIStart.exe"

O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe

O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_02binjusched.exe"

O4 - HKLM..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033

O4 - HKLM..Run: [DeviceDiscovery] C:Program FilesHewlett-PackardDigital Imagingbinhpotdd01.exe

O4 - HKLM..Run: [HP Software Update] "C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe"

O4 - HKLM..Run: [HP Component Manager] "C:Program FilesHPhpcoretechhpcmpmgr.exe"

O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb09.exe

O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k

O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [CheckP3] C:PROGRA~1CheckP3checkp3.exe

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background

O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray

O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesAheadlibNMBgMonitor.exe"

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/url]

O17 - HKLMSystemCCSServicesTcpip..{D8EA8847-EB41-402D-8696-44C178391E60}: NameServer = 192.168.1.1

O20 - Winlogon Notify: WgaLogon - C:WINDOWS

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)

O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:PROGRA~1CACHEM~1CachemanXP.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe

O23 - Service: PnkBstrA - Unknown owner - C:WINDOWSsystem32PnkBstrA.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:Program FilesTuneUp Utilities 2006WinStylerThemeSvc.exe

 

[dorianmas]

Usuń

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchAssistant =
http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://search.bearshare.com/pl/

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)

 

[kamalo]

Możecie zobaczyć i mój. Bo normalnie nie jestem w stanie usunąć virusów, one się odnawiają gdzieś w system32,temp i document and setings

Logfile of HijackThis v1.99.1

Scan saved at 19:29:26, on 2007-11-30

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)



Running processes:

J:WINDOWSSystem32smss.exe

J:WINDOWSsystem32winlogon.exe

J:WINDOWSsystem32services.exe

J:WINDOWSsystem32lsass.exe

J:WINDOWSsystem32svchost.exe

J:WINDOWSSystem32svchost.exe

J:Program FilesLavasoftAd-Aware 2007aawservice.exe

J:WINDOWSExplorer.EXE

J:WINDOWSsystem32spoolsv.exe

J:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe

J:WINDOWShtpatch.exe

J:WINDOWSsystem32RUNDLL32.EXE

J:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe

J:WINDOWSsystem32ctfmon.exe

J:Program FilesPLANETCommonRaUI.exe

J:Program FilesAviraAntiVir PersonalEdition Classicsched.exe

J:WINDOWSsystem32nvsvc32.exe

K:Programy XPAlcohol 120Alcohol 120StarWindStarWindService.exe

J:WINDOWSsystem32wscntfy.exe

J:PROGRA~1Mozilla Firefoxfirefox.exe

J:Program FilesInternet Exploreriexplore.exe

J:Documents and SettingsKamilPulpitHijackThis.exe



R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://www.google.pl/[/url]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = 

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - K:Programy XPMidpXJadInvokerMidpInvoker.dll

O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)

O4 - HKLM..Run: [HTpatch] J:WINDOWShtpatch.exe

O4 - HKLM..Run: [SiSUSBRG] J:WINDOWSSiSUSBrg.exe

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE J:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE J:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [avgnt] "J:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe" /min

O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k

O4 - HKCU..Run: [ctfmon.exe] J:WINDOWSsystem32ctfmon.exe

O4 - Global Startup: PLANET WL-8315 Utility.lnk = J:Program FilesPLANETCommonRaUI.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://K:Programy XPBitCometBitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://K:Programy XPBitCometBitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://K:Programy XPBitCometBitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://J:PROGRA~1MICROS~2Office12EXCEL.EXE/3000

O8 - Extra context menu item: Link to &MidpX - K:Programy XPMidpXJadInvokerExtentjad_wrap.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:Program FilesJavajre1.6.0_03binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:Program FilesJavajre1.6.0_03binssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - J:PROGRA~1MICROS~2Office12ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - J:PROGRA~1MICROS~2Office12ONBttnIE.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - K:Programy XPBitComettoolsBitCometBHO_1.1.9.24.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:PROGRA~1MICROS~2Office12REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:Program FilesMessengermsmsgs.exe

O11 - Options group: [INTERNATIONAL] International*

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - [url]http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab[/url]

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - [url]http://www.mks.com.pl/skaner/SkanerOnline.cab[/url]

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]

O17 - HKLMSystemCCSServicesTcpip..{54A78134-0E94-4141-B59B-A26338127C2B}: NameServer = 194.204.159.1 194.204.152.34

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - J:PROGRA~1MICROS~2Office12GR99D3~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - J:Program FilesCommon FilesMicrosoft SharedHelphxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - J:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - J:PROGRA~1COMMON~1MICROS~1OFFICE12MSOXMLMF.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - J:Program FilesLavasoftAd-Aware 2007aawservice.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - J:Program FilesAviraAntiVir PersonalEdition Classicsched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - J:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - K:Programy XPAreschatServer.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - J:WINDOWSsystem32nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - J:Program FilesPC Connectivity SolutionServiceLayer.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - K:Programy XPAlcohol 120Alcohol 120StarWindStarWindService.exe

 

[0wn3r]

Usuń to :

O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)

A ogólnie masz log czysty. Jakbyś miał jakieś problemy z komputerem, po prostu, przeskanuj komputer jakimś dobrym antywirusem.

 

[Reptile ReX]

DodaM coś od Siebie

Polecam używanie Najnowszej wersji HijackThis 2.0.2

Download: http://dobreprogramy.pl/index.php?dz=2&id=730&t=55

 

[dare_devil]

Może mi ktoś sprawdzić logi?????

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:30:58, on 2007-12-01

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal



Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:Program FilesIVT CorporationBlueSoleilBTNtService.exe

C:Program FilesPalickSoftHDD TemperatureHDDTSvc.exe

C:Program FilesBorlandInterBasebinibguard.exe

C:Program FilesEsetnod32krn.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesCommon FilesSoftwinBitDefender Communicatorxcommsvr.exe

C:Program FilesCommon FilesSoftwinBitDefender Scan Serverbdss.exe

C:Program FilesCommon FilesSoftwinBitDefender Update Servicelivesrv.exe

C:WINDOWSExplorer.EXE

C:WINDOWSSystem32WgaTray.exe

C:WINDOWSSystem32igfxpers.exe

C:WINDOWSCameraFixer.exe

C:Program FilesSoftwinBitDefender9bdnagent.exe

C:Program FilesEsetnod32kui.exe

C:WINDOWSSystem32ctfmon.exe

C:Program FilesMessengermsmsgs.exe

C:Program FilesggGadu-Gadugg.exe

C:Program FilesBorlandInterBasebinibserver.exe

C:Program FilesHPDigital Imagingbinhpqtra08.exe

C:Program FilesHakerzyNET AntiVirusHakerzyNET_MAV.exe

C:Program FilesPalickSoftHDD TemperatureHDDTemperature.exe

C:WINDOWSBricoPacksVista Inspirat 2RocketDockRocketDock.exe

c:Program FilesHPDigital Imagingbinhpqgalry.exe

C:Program FilesHPDigital ImagingbinhpqSTE08.exe

C:WINDOWSSystem32wuauclt.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:Program Filesfoobar2000foobar2000.exe

C:Program FileseMuleemule.exe

C:Program FilesTrend MicroHijackThisHijackThis.exe



R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://www.yahoo.com[/url]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = [url]http://www.yahoo.com[/url]

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://www.yahoo.com[/url]

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = 

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = [url]http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com[/url]

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll

F2 - REG:system.ini: Shell=explorer.exe ,svchost.exe

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0 CEReaderActiveXAcroIEHelper.ocx

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll

O4 - HKLM..Run: [IgfxTray] C:WINDOWSSystem32igfxtray.exe

O4 - HKLM..Run: [Persistence] C:WINDOWSSystem32igfxpers.exe

O4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe

O4 - HKLM..Run: [CameraFixer] C:WINDOWSCameraFixer.exe

O4 - HKLM..Run: [BDNewsAgent] "C:Program FilesSoftwinBitDefender9bdnagent.exe"

O4 - HKLM..Run: [nod32kui] "C:Program FilesEsetnod32kui.exe" /WAITSERVICE

O4 - HKLM..Run: [HakerzyNET MAV] C:Program FilesHakerzyNET AntiVirusHakerzyNET_MAV.exe

O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background

O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesggGadu-Gadugg.exe" /tray

O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized

O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'Default user')

O4 - Startup: HDD temperature.lnk = C:Program FilesPalickSoftHDD TemperatureHDDTemperature.exe

O4 - Startup: RocketDock.lnk = C:WINDOWSBricoPacksVista Inspirat 2RocketDockRocketDock.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe

O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:Program FilesHPDigital Imagingbinhpqthb08.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:Program FilesCommon FilesSoftwinBitDefender Scan Serverbdss.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:Program FilesIVT CorporationBlueSoleilBTNtService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe

O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:Program FilesPalickSoftHDD TemperatureHDDTSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:Program FilesBorlandInterBasebinibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:Program FilesBorlandInterBasebinibserver.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:Program FilesCommon FilesSoftwinBitDefender Update Servicelivesrv.exe

O23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero BackItUpNBService.exe

O23 - Service: ND TELNET Server (NDTelnet) - Unknown owner - C:WindowsUpdateNotepadNDTelnet.exe

O23 - Service: NMIndexingService - Nero AG - C:Program FilesCommon FilesAheadLibNMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:Program FilesEsetnod32krn.exe

O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSSystem32HPZipm12.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:Program FilesSoftwinBitDefender9vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:Program FilesCommon FilesSoftwinBitDefender Communicatorxcommsvr.exe