Chcesz sprawdzić swój log z Hijackthisa? Wklej go tutaj...

[aFQ]

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSsystem32taskswitch.exe
C:WINDOWSsystem32wscntfy.exe
Crogram FilesWapSterAQQAQQ.exe
Crogram FilesOperaOpera.exe
Crogram FilesTrend MicroHijackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.aib.ie/internetbanking
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = :
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.6.0_03binssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [SunJavaUpdateSched] "Crogram FilesJavajre1.6.0_03binjusched.exe"
O4 - HKLM..Run: [CoolSwitch] C:WINDOWSsystem32taskswitch.exe
O4 - HKLM..Run: [QuickTime Task] "Crogram FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [AVP] "Crogram FilesKaspersky LabKaspersky Internet Security 8.0avp.exe"
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Gadu-Gadu] "Crogram FilesGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [DAEMON Tools] "Crogram FilesDAEMON Toolsdaemon.exe" -lang 1033
O4 - HKCU..Run: [MyKeys] "Crogram FilesmfkMFK.EXE" /M
O4 - HKCU..Run: [Steam] "erogra~1steamsteam.exe" -silent
O4 - HKCU..Run: [AQQ] CROGRA~1WapSterAQQAQQ.exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://CROGRA~1MICROS~4OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_03binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_03binssv.dll
O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - Crogram FilesKaspersky LabKaspersky Internet Security 8.0SCIEPlgn.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - CROGRA~1MICROS~4OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLMSystemCCSServicesTcpip..{A3D997C2-43F1-4037-BF8A-44E30A639389}: NameServer = 212.85.112.32,193.110.121.20
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - CROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - AppInit_DLLs: CROGRA~1KASPER~1KASPER~2.0adialhk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - Crogram FilesKaspersky LabKaspersky Internet Security 8.0avp.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - Crogram FilesCommon FilesSymantec SharedccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Crogram FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

--
End of file - 4978 bytes

 

[B33RK4]

aFQ, log wygląda na czysty.

 

[eib1]

Pomocy - mam problrm i to dość poważny
Zainstalowałem jakies diabestwo które wysyła mi maile do tysiecy osob.
Sniffer szaleje, a ubocznym efektem jaki widac na ekranie jest ponad 100 monitow o skanowaniu poczty z nortona. No i oczywiscie dodatkowo informacja w ilosci 100 ze poczta na dany adres nie moze byc dostarczona.
hijackthis nie widzi nic dziwnego , counterSPY 2 tez - usuwa trojany , ale one pojawiaja sie ponownie po rozesłaniu maili.
A wzne , caly porces staruje po podlaczeniu kalba sieciowego.
Moze ktos pomoze, bo nie usmicha sie mi instalowac windowsa na nowo
Logfile of HijackThis v1.99.1
Scan saved at 16:23:08, on 2008-01-26
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
Crogram FilesCommon FilesSymantec SharedccSetMgr.exe
Crogram FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
Crogram FilesNorton AntiVirusnavapsvc.exe
Crogram FilesNorton AntiVirusAdvToolsNPROTECT.EXE
Crogram FilesSunbelt SoftwareCounterSpySBCSSvc.exe
C:WINDOWSsystem32svchost.exe
Crogram FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
Crogram FilesNorton AntiVirusSAVScan.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32rundll32.exe
Crogram FilesLaunch ManagerLaunchAp.exe
Crogram FilesLaunch ManagerHotkeyApp.exe
Crogram FilesLaunch ManagerWbutton.exe
C:WINDOWSRTHDCPL.EXE
C:WINDOWSsm56hlpr.exe
C:WINDOWSsystem32igfxtray.exe
C:WINDOWSsystem32igfxpers.exe
Crogram FilesSynapticsSynTPSynTPEnh.exe
Crogram FilesSteganos Safe 2007SteganosHotKeyService.exe
Crogram FilesSteganos Safe 2007SteganosAgent.exe
Crogram FilesNokiaNokia PC Suite 6LaunchApplication.exe
Crogram FilesJavajre1.6.0_03binjusched.exe
Crogram FilesSunbelt SoftwareCounterSpySBCSTray.exe
Crogram FilesCommon FilesSymantec SharedccApp.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesMessengermsmsgs.exe
Crogram FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
Crogram FilesSunbelt SoftwareCounterSpyCounterspy.exe
Cocuments and SettingsArturPulpitHijackThis.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=userinit.exe,C:WINDOWSsystem32ntos.exe,
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Crogram FilesNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM..Run: [LaunchAp] "Crogram FilesLaunch ManagerLaunchAp.exe"
O4 - HKLM..Run: [HotkeyApp] "Crogram FilesLaunch ManagerHotkeyApp.exe"
O4 - HKLM..Run: [LMgrVolOSD] "Crogram FilesLaunch ManagerOSD.exe"
O4 - HKLM..Run: [LMgrOSD] "Crogram FilesLaunch ManagerOSDCtrl.exe"
O4 - HKLM..Run: [Wbutton] "Crogram FilesLaunch ManagerWbutton.exe"
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [SynTPEnh] Crogram FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [CtrlVol] Crogram FilesLaunch ManagerCtrlVol.exe
O4 - HKLM..Run: [SAFE2007 HotKeys] Crogram FilesSteganos Safe 2007SteganosHotKeyService.exe
O4 - HKLM..Run: [SAFE2007 Agent] Crogram FilesSteganos Safe 2007SteganosAgent.exe
O4 - HKLM..Run: [PCSuiteTrayApplication] Crogram FilesNokiaNokia PC Suite 6LaunchApplication.exe -startup
O4 - HKLM..Run: [SunJavaUpdateSched] "Crogram FilesJavajre1.6.0_03binjusched.exe"
O4 - HKLM..Run: [SBCSTray] Crogram FilesSunbelt SoftwareCounterSpySBCSTray.exe
O4 - HKLM..Run: [ccApp] "Crogram FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [Advanced Tools Check] CROGRA~1NORTON~1AdvToolsADVCHK.EXE
O4 - HKLM..Run: [Symantec NetDriver Monitor] CROGRA~1SYMNET~1SNDMon.exe
O4 - HKLM..Run: [2408211f] rundll32.exe "C:WINDOWSsystem32exmktjlo.dll",b
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MSMSGS] "Crogram FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [swg] Crogram FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - Global Startup: Przyspieszenie uruchomienia programu AutoCAD.lnk = Crogram FilesCommon FilesAutodesk Sharedacstart16.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://CROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - Crogram FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Crogram FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:windowssystem32mssrv32.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - Crogram FilesNorton AntiVirusnavapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - Crogram FilesNorton AntiVirusAdvToolsNPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - Crogram FilesNorton AntiVirusSAVScan.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - Crogram FilesSunbelt SoftwareCounterSpySBCSSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - CROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
O23 - Service: EIBA iETS Telegram Recorder Server (TelegramRecorderService) - EIBA s.c. - Crogram FilesiETSTelegramRecorderRemoteLoggingService.exe

 

[0wn3r]

O4 - HKLM..Run: [2408211f] rundll32.exe "C:WINDOWSsystem32exmktjlo.dll",b

O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:windowssystem32mssrv32.exe

Nie mam pewności co do tych rzeczy. Reszta loga - czysta.

 

[JakubT84]

Logfile of HijackThis v1.99.1
Scan saved at 21:19:06, on 2008-01-28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
Crogram FilesIntelWirelessBinEvtEng.exe
Crogram FilesIntelWirelessBinS24EvMon.exe
Crogram FilesAlwil SoftwareAvast4aswUpdSv.exe
crogram FilesASUS Security CenterASUS Security Protect ManagerBinAsGHost.exe
C:WINDOWSExplorer.EXE
Crogram FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSATK0100HControl.exe
C:WINDOWSsystem32igfxtray.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSsystem32igfxpers.exe
Crogram FilesSynapticsSynTPSynTPEnh.exe
C:WINDOWSsystem32UMonit.exe
Crogram FilesASUSPowerForPhonePowerForPhone.exe
Crogram FilesASUSSplendidACMON.exe
Crogram FilesIntelWirelessbinZCfgSvc.exe
Crogram FilesIntelWirelessBinifrmewrk.exe
Crogram FilesIntelWirelessBinEOUWiz.exe
CROGRA~1ALWILS~1Avast4ashDisp.exe
Crogram FilesWireless Console 2wcourier.exe
C:WINDOWSsystem32ACEngSvr.exe
C:WINDOWSsystem32ctfmon.exe
D:Last.fmLastFMHelper.exe
C:WINDOWSsystem32acovcnt.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSATK0100ATKOSD.exe
Crogram FilesIntelWirelessBinRegSrvc.exe
C:WINDOWSsystem32svchost.exe
Crogram FilesAlwil SoftwareAvast4ashMaiSv.exe
Crogram FilesAlwil SoftwareAvast4ashWebSv.exe
CROGRA~1IntelWirelessBinDot1XCfg.exe
Crogram FilesWinampwinamp.exe
D:Last.fmLastFM.exe
Crogram FilesMozilla Firefoxfirefox.exe
Crogram FilesGadu-Gadugg.exe
Crogram FilesSpybot - Search & DestroySpybotSD.exe
D:HijackThis.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = ftp=proxy.net.pulawy.pl:3128;http=proxy.net.pulawy.pl:3128;https=proxy.net.pulaw
y.pl:3128
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - CROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.6.0_03binssv.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - crogram FilesASUS Security CenterASUS Security Protect ManagerBinItIEAddIn.dll
O4 - HKLM..Run: [HControl] C:WINDOWSATK0100HControl.exe
O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [SynTPEnh] Crogram FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [ABLKSR] C:WINDOWSABLKSRABLKSR.exe
O4 - HKLM..Run: [UMonit] C:WINDOWSsystem32UMonit.exe
O4 - HKLM..Run: [Power_Gear] Crogram FilesASUSPower4 GearBatteryLife.exe 1
O4 - HKLM..Run: [PowerForPhone] Crogram FilesASUSPowerForPhonePowerForPhone.exe
O4 - HKLM..Run: [ACMON] Crogram FilesASUSSplendidACMON.exe
O4 - HKLM..Run: [IntelZeroConfig] "Crogram FilesIntelWirelessbinZCfgSvc.exe"
O4 - HKLM..Run: [IntelWireless] "Crogram FilesIntelWirelessBinifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM..Run: [EOUApp] "Crogram FilesIntelWirelessBinEOUWiz.exe"
O4 - HKLM..Run: [avast!] CROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM..Run: [Wireless Console 2] Crogram FilesWireless Console 2wcourier.exe
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..Run: [BearShare] "Drogram FilesBearShareBearShare.exe" /pause
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - Startup: Last.fm Helper.lnk = D:Last.fmLastFMHelper.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_03binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_03binssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_31.cab
O17 - HKLMSystemCCSServicesTcpip..{99552038-527E-4D97-8DB2-0B88CDBFF94E}: NameServer = 212.182.66.21,212.182.66.23,194.204.159.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - CROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxdev.dll
O20 - Winlogon Notify: OneCard - crogram FilesASUS Security CenterASUS Security Protect ManagerBinASWLNPkg.dll
O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - Crogram FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - Crogram FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - Crogram FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - Crogram FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: IntelŽ PROSet/Wireless Event Log (EvtEng) - Intel Corporation - Crogram FilesIntelWirelessBinEvtEng.exe
O23 - Service: IntelŽ PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - Crogram FilesIntelWirelessBinRegSrvc.exe
O23 - Service: IntelŽ PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - Crogram FilesIntelWirelessBinS24EvMon.exe


a o tym co sądzicie


mógłby ktoś rzucić na to okiem :>

 

[kaliber91]

Witam mam problem ze swoim PC . Strony się włanczają samoczynnie komunikaty Explorera o zarażonym systemie systemie . Pulpit się zmienia samoczynnie na dziwny taki można go wyłączyć przyciskiem tego niby tła w prawym górnym rogu. I mam zablokowane menadżer zadań Ctrl alt del. nie działa niby zostało przez administratora wyłączone . Avast nic nie wykrywa.





Log proszę sprawdźcie :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:07:34, on 2008-01-29
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
Crogram FilesAlwil SoftwareAvast4aswUpdSv.exe
Crogram FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
Crogram FilesAnalog DevicesCoresmax4pnp.exe
Crogram FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
Crogram FilesJavajre1.6.0_03binjusched.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSsystem32igfxpers.exe
CROGRA~1ALWILS~1Avast4ashDisp.exe
C:WINDOWSsystem32igfxsrvc.exe
Crogram FilesWebrootAccelerateaccelerate.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesRocketDockRocketDock.exe
Crogram FilesMessengermsmsgs.exe
Crogram FilesCainAbel.exe
Crogram FilesBonjourmDNSResponder.exe
Crogram FilesMySQLMySQL Server 4.1binmysqld-nt.exe
C:WINDOWSsystem32PnkBstrA.exe
C:WINDOWSsystem32PnkBstrB.exe
Crogram FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
C:WINDOWSsystem32svchost.exe
Crogram FilesHewlett-PackardSharedhpqwmiex.exe
Crogram FilesAlwil SoftwareAvast4ashMaiSv.exe
Crogram FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSsystem32wscntfy.exe
Crogram FilesCommon FilesPCSuiteServicesServiceLayer.exe
CROGRA~1HEWLET~1SharedHPQTOA~1.EXE
Crogram FilesMozilla Firefoxfirefox.exe
Crogram FilesTrend MicroHijackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - Crogram FilesFlashGetjccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.6.0_03binssv.dll
O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - Crogram FilesivoExpressivoIH_iexplore.dll
O2 - BHO: SXG Advisor - {AF7FCB20-E32A-41D8-B2ED-BC1EA8C11E90} - C:WINDOWSdntpkwokpr.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - CROGRA~1FlashFXPIEFlash.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - Crogram FilesFlashGetgetflash.dll
O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - Crogram FilesivoExpressivoIH_iexplore.dll
O3 - Toolbar: ekxdvft - {C87444C3-8B83-4A48-91DE-95F9A3D61070} - C:WINDOWSekxdvft.dll
O4 - HKLM..Run: [SoundMAXPnP] Crogram FilesAnalog DevicesCoresmax4pnp.exe
O4 - HKLM..Run: [SoundMAX] Crogram FilesAnalog DevicesSoundMAXSmax4.exe /tray
O4 - HKLM..Run: [hpWirelessAssistant] %ProgramFiles%Hewlett-PackardHP Wireless AssistantHPWAMain.exe
O4 - HKLM..Run: [DAEMON Tools] "Crogram FilesDAEMON Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [SunJavaUpdateSched] "Crogram FilesJavajre1.6.0_03binjusched.exe"
O4 - HKLM..Run: [Flashget] "Crogram FilesFlashGetFlashGet.exe" /min
O4 - HKLM..Run: [QuickTime Task] "Crogram FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [Persistence] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [CloneCDTray] "Crogram FilesSlySoftCloneCDCloneCDTray.exe" /s
O4 - HKLM..Run: [avast!] CROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [PCSuiteTrayApplication] D:NOKIANOKIAP~1LAUNCH~1.EXE -startup
O4 - HKLM..Run: [Accelerate] Crogram FilesWebrootAccelerateaccelerate.exe /S
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [DAEMON Tools] "Crogram FilesDAEMON Toolsdaemon.exe" -lang 1033
O4 - HKCU..Run: [RocketDock] "Crogram FilesRocketDockRocketDock.exe"
O4 - HKCU..Run: [DAEMON Tools Pro Agent] "Crogram FilesDAEMON Tools PDTProAgent.exe"
O4 - HKCU..Run: [MSMSGS] "Crogram FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [PcSync] D:NOKIANokia PC Suite 6PcSync2.exe /NoDialog
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O4 - Startup: d.cmd
O8 - Extra context menu item: &Download All with FlashGet - Crogram FilesFlashGetjc_all.htm
O8 - Extra context menu item: &Download with FlashGet - Crogram FilesFlashGetjc_link.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://CROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_03binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_03binssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - CROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - Crogram FilesFlashGetFlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - Crogram FilesFlashGetFlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLMSystemCCSServicesTcpip..{B2A71F14-D373-430A-ADA4-B3B04CC8FBA4}: NameServer = 192.168.1.1,192.204.152.34
O21 - SSODL: bgrlsmn - {62EFECCF-DAE9-42F2-A4E1-C13810204AE7} - C:WINDOWSbgrlsmn.dll (file missing)
O21 - SSODL: adsoowf - {E88CABC3-C5CB-4667-B0C0-FD8F53D91BB1} - C:WINDOWSadsoowf.dll
O23 - Service: Abel - oxid.it - Crogram FilesCainAbel.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - Crogram FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - Crogram FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - Crogram FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - Crogram FilesAlwil SoftwareAvast4ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - Crogram FilesBonjourmDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - Crogram FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - Crogram FilesHewlett-PackardSharedhpqwmiex.exe
O23 - Service: MySQL - Unknown owner - Crogram.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:WINDOWSsystem32PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:WINDOWSsystem32PnkBstrB.exe
O23 - Service: Loki Drivers Auto Removal (pr2agqwc) (pr2agqwc) - Cyanide - C:WINDOWSsystem32pr2agqwc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - Crogram FilesWinPcaprpcapd.exe
O23 - Service: ServiceLayer - Nokia. - Crogram FilesCommon FilesPCSuiteServicesServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - Crogram FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe

--
End of file - 8412 bytes

 

[Alliata]

k

Do usunięcia To :

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://softwarereferral.c...=MjI6Ojg5&lid=2

Nie jestem Pewien do tych wpisów :

O2 - BHO: SXG Advisor - {AF7FCB20-E32A-41D8-B2ED-BC1EA8C11E90} - C:WINDOWSdntpkwokpr.dll

O3 - Toolbar: ekxdvft - {C87444C3-8B83-4A48-91DE-95F9A3D61070} - C:WINDOWSekxdvft.dll

O4 - Startup: d.cmd (Cmd na D: ????)

O21 - SSODL: bgrlsmn - {62EFECCF-DAE9-42F2-A4E1-C13810204AE7} - C:WINDOWSbgrlsmn.dll (file missing)

O21 - SSODL: adsoowf - {E88CABC3-C5CB-4667-B0C0-FD8F53D91BB1} - C:WINDOWSadsoowf.dll

Izmien AV z Avasta na Noda albo Kaspersky

[ Dodano: 30-01-2008, 09:46 ]
No to ja Teraz dam Loga z Combofixa bo cos mi sie wydaje ze w nim siedzi ale nie moge sie tego dopatrzyć.Sprawdzałem go 3 razy.Może ty Own3r sie czegos dopatrzysz

ComboFix 08-01-30.6 - Matt 2008-01-30 10:43:15.3 - NTFSx86

Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1061 [GMT 1:00]

Running from: C:Documents and SettingsMattPulpitComboFix.exe



[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b]

.



(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:Program Filesmyglobalsearch

C:Program FilesmyglobalsearchbarHistorysearch



.

(((((((((((((((((((((((((   Files Created from 2007-12-28 to 2008-01-30  )))))))))))))))))))))))))))))))

.



2008-01-29 17:12 . 2008-01-29 17:12    21,035    --a------    C:WINDOWSsystem32driversAegisP.sys

2008-01-28 16:47 . 2008-01-28 16:47    <DIR>    d--------    C:Documents and SettingsMatt.borland

2008-01-28 16:41 . 2008-01-28 16:41    <DIR>    d--------    C:Inprise

2008-01-28 16:40 . 2008-01-28 16:40    <DIR>    d--------    C:Program FilesJavaSoft

2008-01-28 16:40 . 1999-10-23 14:41    55,808    ---------    C:WINDOWSsystem32ActPanel.dll

2008-01-27 23:17 . 2008-01-27 23:17    <DIR>    d--------    C:Documents and SettingsMattWINDOWS

2008-01-27 22:56 . 2003-04-10 15:31    430,080    --a------    C:WINDOWSsystem32ibmgr.cpl

2008-01-27 22:56 . 2003-04-10 15:30    376,832    --a------    C:WINDOWSsystem32gds32.dll

2008-01-27 22:56 . 2003-04-10 15:31    177,152    --a------    C:WINDOWSsystem32ibinstall.dll

2008-01-27 22:56 . 2003-04-10 15:30    28,672    --a------    C:WINDOWSsystem32ibxml.dll

2008-01-27 18:06 . 2008-01-27 18:07    <DIR>    d--------    C:WINDOWS$regcmp$

2008-01-27 17:50 . 2008-01-27 17:50    <DIR>    d--------    C:Program FilesMSXML 6.0

2008-01-27 16:19 . 2008-01-27 16:19    <DIR>    d--------    C:Documents and SettingsMattDane aplikacjiAhead

2008-01-27 09:59 . 2008-01-27 09:59    <DIR>    d--h-----    C:WINDOWS$hf_mig$

2008-01-26 18:56 . 2008-01-26 18:56    754    --a------    C:WINDOWSWORDPAD.INI

2008-01-26 18:11 . 2008-01-26 18:11    <DIR>    d--------    C:Program FilesMSBuild

2008-01-26 18:06 . 2008-01-26 18:06    <DIR>    d--------    C:WINDOWSsystem32XPSViewer

2008-01-26 18:05 . 2008-01-26 18:05    <DIR>    d--------    C:Program FilesReference Assemblies

2008-01-26 18:04 . 2006-06-29 13:07    14,048    ---------    C:WINDOWSsystem32spmsg2.dll

2008-01-26 17:42 . 2008-01-26 17:42    <DIR>    d--------    C:Documents and SettingsMattDane aplikacjiSony Setup

2008-01-24 22:44 . 2007-07-19 18:14    3,727,720    --a------    C:WINDOWSsystem32d3dx9_35.dll

2008-01-24 22:44 . 2007-07-19 18:14    1,358,192    --a------    C:WINDOWSsystem32D3DCompiler_35.dll

2008-01-24 22:44 . 2007-07-19 18:14    444,776    --a------    C:WINDOWSsystem32d3dx10_35.dll

2008-01-24 22:44 . 2008-01-24 22:44    278,984    --a------    C:WINDOWSsystem32driversatksgt.sys

2008-01-24 22:44 . 2007-07-20 00:57    267,112    --a------    C:WINDOWSsystem32xactengine2_9.dll

2008-01-24 22:44 . 2008-01-24 22:44    25,416    --a------    C:WINDOWSsystem32driverslirsgt.sys

2008-01-24 20:28 . 2008-01-24 20:28    <DIR>    d--------    C:Program FilesCommon FilesBlizzard Entertainment

2008-01-23 15:50 . 2008-01-23 15:50    <DIR>    d--------    C:Documents and SettingsAll UsersDane aplikacjiESET

2008-01-22 23:08 . 2008-01-24 20:20    69    --a------    C:WINDOWSNeroDigital.ini

2008-01-19 18:56 . 2008-01-19 18:56    <DIR>    d--------    C:Documents and SettingsMattDane aplikacjiInkscape

2008-01-19 18:55 . 2008-01-19 18:56    <DIR>    d--------    C:Program FilesInkscape

2008-01-18 20:39 . 2006-10-04 15:06    1,197,294    -----c---    C:WINDOWSsystem32dllcachesysmain.sdb

2008-01-18 20:39 . 2006-10-04 15:06    764,868    -----c---    C:WINDOWSsystem32dllcacheapph_sp.sdb

2008-01-18 20:39 . 2006-10-04 15:06    217,118    -----c---    C:WINDOWSsystem32dllcacheapphelp.sdb

2008-01-18 20:38 . 2008-01-18 20:38    <DIR>    d--------    C:Program FilesWindows Media Connect 2

2008-01-18 20:36 . 2008-01-18 20:37    <DIR>    d--------    C:WINDOWSsystem32driversUMDF

2008-01-17 21:24 . 2008-01-30 09:28    69,063    --a------    C:WINDOWSsystem32oodbs.lor

2008-01-14 16:04 . 2008-01-14 16:05    <DIR>    d--------    C:Program FilesXP Repair Pro 2007

2008-01-14 15:31 . 2007-03-21 20:33    503,808    --a------    C:WINDOWSsystem32MSVCP71.DL1

2008-01-14 15:28 . 2008-01-14 15:28    <DIR>    d--------    C:Documents and SettingsMattDane aplikacjiSymantec

2008-01-14 15:19 . 2008-01-14 15:19    <DIR>    d----c---    C:WINDOWSsystem32DRVSTORE

2008-01-14 15:19 . 2007-03-28 20:29    131,944    --a------    C:WINDOWSsystem32driverssymsnap.sys

2008-01-14 15:19 . 2007-03-28 20:51    128,104    --a------    C:WINDOWSsystem32driversWimFltr.sys

2008-01-14 15:19 . 2007-03-28 20:12    109,360    --a------    C:WINDOWSsystem32GEARAspi.dll

2008-01-14 15:19 . 2007-03-28 20:29    37,864    --a------    C:WINDOWSsystem32driversv2imount.sys

2008-01-14 15:19 . 2007-03-28 20:12    15,664    --a------    C:WINDOWSsystem32driversGEARAspiWDM.sys

2008-01-14 15:19 . 2007-03-28 20:23    14,072    --a------    C:WINDOWSsystem32driversvproeventmonitor.sys

2008-01-14 15:17 . 2008-01-14 15:17    <DIR>    d--------    C:Program FilesSymantec

2008-01-14 15:17 . 2008-01-14 15:18    <DIR>    d--------    C:Program FilesCommon FilesSymantec Shared

2008-01-14 15:17 . 2008-01-14 15:25    <DIR>    d--------    C:Documents and SettingsAll UsersDane aplikacjiSymantec

2008-01-14 15:02 . 2008-01-22 20:54    <DIR>    d--------    C:WINDOWSDownloaded Installations

2008-01-14 13:59 . 2008-01-13 14:58    <DIR>    d--h-----    C:Documents and SettingsAdministratorUstawienia lokalne

2008-01-14 13:59 . 2008-01-05 20:36    <DIR>    d--------    C:Documents and SettingsAdministratorUlubione

2008-01-14 13:59 . 2008-01-05 20:46    <DIR>    d--h-----    C:Documents and SettingsAdministratorSzablony

2008-01-14 13:59 . 2008-01-06 17:10    <DIR>    d--------    C:Documents and SettingsAdministratorPulpit

2008-01-14 13:59 . 2008-01-05 20:36    <DIR>    d--------    C:Documents and SettingsAdministratorMoje dokumenty

2008-01-14 13:59 . 2008-01-05 20:36    <DIR>    dr-------    C:Documents and SettingsAdministratorMenu Start

2008-01-14 13:59 . 2008-01-27 16:39    <DIR>    dr-h-----    C:Documents and SettingsAdministratorDane aplikacji

2008-01-14 13:31 . 2008-01-14 13:31    <DIR>    d--------    C:Program FilesMicrosoft CAPICOM 2.1.0.2

2008-01-13 23:50 . 2005-04-08 19:44    45,056    --a------    C:WINDOWSsystem32hpzll3xu.dll

2008-01-13 23:40 . 2008-01-13 23:40    <DIR>    d--------    C:Documents and SettingsMattDane aplikacjiImage Zone Express

2008-01-13 23:39 . 2008-01-13 23:39    <DIR>    d--------    C:Program FilesCommon FilesHP

2008-01-13 23:37 . 2008-01-13 23:37    <DIR>    d--------    C:Program FilesHewlett-Packard

2008-01-13 23:37 . 2008-01-13 23:37    <DIR>    d--------    C:Documents and SettingsAll UsersDane aplikacjiHP

2008-01-13 23:35 . 2008-01-13 23:39    <DIR>    d--------    C:Program FilesHP

2008-01-13 23:33 . 2008-01-13 23:45    <DIR>    d--------    C:Documents and SettingsMattDane aplikacjiHP

2008-01-13 23:33 . 2008-01-13 23:39    79,537    --a------    C:WINDOWShpfins05.dat

2008-01-13 23:33 . 2005-05-24 04:19    1,395    ---------    C:WINDOWShpfmdl05.dat

2008-01-13 22:14 . 2004-08-04 00:44    159,232    --a------    C:WINDOWSsystem32ptpusd.dll

2008-01-13 22:14 . 2004-08-03 22:58    15,104    --a------    C:WINDOWSsystem32driversusbscan.sys

2008-01-13 22:14 . 2004-08-03 22:58    15,104    --a--c---    C:WINDOWSsystem32dllcacheusbscan.sys

2008-01-13 22:14 . 2001-10-26 17:29    5,632    --a------    C:WINDOWSsystem32ptpusb.dll

2008-01-13 15:17 . 2008-01-13 15:17    <DIR>    d--------    C:Documents and SettingsMattDane aplikacjiteamspeak2

2008-01-13 15:17 . 2008-01-13 15:17    34,064    --a------    C:WINDOWSsystem32lhacm.acm

2008-01-13 14:41 . 2008-01-13 14:41    <DIR>    d--------    C:Program FilesTrend Micro

2008-01-12 12:45 . 2007-04-09 13:23    28,040    --a------    C:WINDOWSsystem32mdimon.dll

2008-01-12 12:45 . 2008-01-12 12:45    421    --a------    C:WINDOWSODBC.INI

2008-01-12 12:40 . 2008-01-12 12:43    <DIR>    d--------    C:WINDOWSSHELLNEW

2008-01-12 12:40 . 2008-01-12 12:40    <DIR>    d--------    C:Program FilesMicrosoft.NET

2008-01-10 20:19 . 2008-01-10 20:23    5,368    --a------    C:WINDOWSBricoPackFoldersDelete.cmd

2008-01-08 19:59 . 2008-01-27 22:27    <DIR>    d--------    C:Documents and SettingsMattDane aplikacjigtk-2.0

2008-01-08 19:59 . 2008-01-08 19:59    <DIR>    d--------    C:Documents and SettingsMatt.thumbnails

2008-01-08 15:18 . 2008-01-14 00:13    <DIR>    d--------    C:Documents and SettingsMattDane aplikacjiAdobeUM

2008-01-08 15:15 . 2008-01-08 15:15    <DIR>    d--------    C:Program FilesCommon FilesAdobe

2008-01-07 15:55 . 2008-01-07 15:55    <DIR>    d--------    C:Documents and SettingsMattDane aplikacjiTalkback

2008-01-07 14:22 . 2008-01-10 20:23    2,359,350    --a------    C:WINDOWSBricoPack Wallpaper.bmp

2008-01-07 14:22 . 2008-01-10 20:23    72,066    --a------    C:WINDOWSBricoPackUninst.cmd

2008-01-07 14:15 . 2008-01-10 20:18    <DIR>    d--------    C:WINDOWSBricoPacks

2008-01-07 14:09 . 2008-01-07 14:14    <DIR>    d--------    C:Program FilesViStart

2008-01-07 13:03 . 2008-01-29 21:52    <DIR>    d--------    C:Documents and SettingsMatt.gimp-2.4

2008-01-07 12:52 . 2008-01-07 12:52    <DIR>    d--------    C:WINDOWSsystem32Lang

2008-01-07 12:52 . 2008-01-07 12:52    940,794    --a------    C:WINDOWSsystem32LoopyMusic.wav

2008-01-07 12:52 . 2008-01-07 12:52    146,650    --a------    C:WINDOWSsystem32BuzzingBee.wav

2008-01-07 12:52 . 2008-01-07 12:52    60,416    --a------    C:WINDOWSALCFDRTM.VER

2008-01-07 12:52 . 2008-01-07 12:52    60,416    --a------    C:WINDOWSALCFDRTM.EXE

2008-01-06 22:06 . 2008-01-27 18:06    25,992    --a------    C:WINDOWSsystem32pgdfgsvc.exe

2008-01-06 22:00 . 2007-10-11 00:52    6,065,664    -----c---    C:WINDOWSsystem32dllcacheieframe.dll

2008-01-06 22:00 . 2007-07-01 04:31    2,455,488    -----c---    C:WINDOWSsystem32dllcacheieapfltr.dat

2008-01-06 22:00 . 2007-07-01 04:36    1,036,288    -----c---    C:WINDOWSsystem32dllcacheieframe.dll.mui

2008-01-06 22:00 . 2007-10-11 00:52    459,264    -----c---    C:WINDOWSsystem32dllcachemsfeeds.dll



.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-24 21:01    ---------    d--h--w    C:Program FilesInstallShield Installation Information

2008-01-07 13:22    219,648    ----a-w    C:WINDOWSsystem32uxtheme.dll

2008-01-05 20:50    ---------    d-----w    C:Documents and SettingsMattDane aplikacjiGadu-Gadu

2008-01-05 20:28    ---------    d-----w    C:Program FilesAhead

2008-01-05 20:27    ---------    d-----w    C:Program FilesCommon FilesNero

2008-01-05 20:26    ---------    d-----w    C:Program FilesCommon FilesAhead

2008-01-05 20:23    ---------    d-----w    C:Program FilesVIA

2008-01-05 20:22    ---------    d-----w    C:Program FilesAvRack

2008-01-05 20:18    ---------    d-----w    C:Program FilesCommon FilesInstallShield

2008-01-05 20:18    ---------    d-----w    C:Program FilesATI Technologies

2008-01-05 20:06    ---------    d-----w    C:Program FilesNonbrand

2008-01-05 20:05    ---------    d--h--w    C:Program FilesUninstall Information

2008-01-05 19:50    ---------    d-----w    C:Program Filesmicrosoft frontpage

2008-01-05 19:49    558,142    ----a-w    C:WINDOWSjavaPackagesXFJ7ZTVP.ZIP

2008-01-05 19:49    155,995    ----a-w    C:WINDOWSjavaPackagesZRBNLN3X.ZIP

2008-01-05 19:48    ---------    d-----w    C:Program FilesUsługi online

2007-11-07 09:29    723,968    ----a-w    C:WINDOWSsystem32lsasrv.dll

2007-10-29 22:44    1,291,264    ----a-w    C:WINDOWSsystem32quartz.dll

2007-10-25 08:28    222,720    ----a-w    C:WINDOWSsystem32wmasf.dll

2007-10-10 23:52    824,832    ----a-w    C:WINDOWSsystem32wininet.dll

.



(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4



[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"Gadu-Gadu"="D:ProgramyGadu-Gadugg.exe" [2007-11-14 11:54 2131392]

"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 00:44 15360]



[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"SoundMan"="SOUNDMAN.EXE" [2004-11-15 11:20 77824 C:WINDOWSSOUNDMAN.EXE]

"egui"="C:Program FilesESETESET NOD32 Antivirusegui.exe" [2007-11-23 21:51 1410304]



[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]

"CTFMON.EXE"="C:WINDOWSSystem32CTFMON.EXE" [2004-08-04 00:44 15360]



[HKLM~startupfolderC:^Documents and Settings^All Users^Menu Start^Programy^Autostart^802.11g Wireless LAN PCI Card Utility.lnk]

backup=C:WINDOWSpss802.11g Wireless LAN PCI Card Utility.lnkCommon Startup



[HKLM~startupfolderC:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

backup=C:WINDOWSpssAdobe Reader Speed Launch.lnkCommon Startup



[HKLM~startupfolderC:^Documents and Settings^All Users^Menu Start^Programy^Autostart^ATI CATALYST – pasek zadań.lnk]

backup=C:WINDOWSpssATI CATALYST – pasek zadań.lnkCommon Startup



[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregATICCC]

--a------ 2005-08-06 01:07 61440 C:Program FilesATI TechnologiesATI.ACEcli.exe



[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCTFMON.EXE]

--a------ 2004-08-04 00:44 15360 C:WINDOWSsystem32ctfmon.exe



[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDownloadAccelerator]



[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregIDMan]

D:ProgramyInternet Download ManagerIDMan.exe



[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]

---hs---- 2004-10-13 17:24 1694208 C:Program FilesMessengerMSMSGS.exe



[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRaidTool]

-ra------ 2005-06-20 11:53 1056768 C:Program FilesVIARAIDraid_tool.exe



[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]

"ATI Smart"=2 (0x2)

"Ati HotKey Poller"=2 (0x2)

"AVP"=2 (0x2)

"O&O Defrag"=2 (0x2)



R0 viamraid;viamraid;C:WINDOWSsystem32DRIVERSviamraid.sys [2005-06-20 11:53]

R1 epfwtdir;epfwtdir;C:WINDOWSsystem32DRIVERSepfwtdir.sys [2007-11-23 21:52]

R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;"C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe" [2007-09-26 16:23]

R2 InterBaseGuardian;InterBase Guardian;D:ProgramyBorlandInterBasebinibguard.exe [2003-04-10 15:31]

R2 Norton Save and Restore;Norton Save and Restore;D:ProgramyNorton Save and RestoreAgentVProSvc.exe [2007-03-28 20:42]

R3 InterBaseServer;InterBase Server;D:ProgramyBorlandInterBasebinibserver.exe [2003-04-10 15:31]

R3 SjyPkt;SjyPkt;C:WINDOWSSystem32DriversSjyPkt.sys [2002-10-02 09:57]



[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{8c14c68f-c21f-11dc-824f-00120e49ad80}]

ShellAutoRuncommand - F:EXPLORER.EXE

ShellexploreCommand - F:EXPLORER.EXE

ShellopenCommand - F:EXPLORER.EXE



.

**************************************************************************



catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]

Rootkit scan 2008-01-30 10:43:58

Windows 5.1.2600 Dodatek Service Pack 2 NTFS



scanning hidden processes ... 



scanning hidden autostart entries ...



scanning hidden files ... 



scan completed successfully 

hidden files: 0 



**************************************************************************

.

Completion time: 2008-01-30 10:44:32

ComboFix-quarantined-files.txt  2008-01-30 09:44:17

ComboFix2.txt  2008-01-13 13:58:54

.

2008-01-27 16:50:07    --- E O F ---

 

[0wn3r]

2008-01-07 12:52 . 2008-01-07 12:52    60,416    --a------    C:WINDOWSALCFDRTM.EXE



2008-01-06 22:06 . 2008-01-27 18:06    25,992    --a------    C:WINDOWSsystem32pgdfgsvc.exe

Co do tych nie jestem pewien, jakbyś coś wykrył to wtedy :killer:

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{8c14c68f-c21f-11dc-824f-00120e49ad80}]

ShellAutoRuncommand - F:EXPLORER.EXE

ShellexploreCommand - F:EXPLORER.EXE

ShellopenCommand - F:EXPLORER.EXE

Nie wiem jak to jest w ComboFix, ale sprawdź to, a jak by coś nie tego, to wtedy :killer: :killer: :killer: :killer: :killer: :killer: :killer: :killer:

Bo na ogół explorer.exe jest w folderze :

C:WindowsExplorer.EXE

 

[wittorio]

moglibyscie rzucic okiem

wielkie dzieki

Logfile of HijackThis v1.99.1

Scan saved at 00:08:02, on 2008-01-31

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16575)



Running processes:

C:Windowssystem32Dwm.exe

C:WindowsExplorer.EXE

C:Windowssystem32taskeng.exe

C:Program FilesWindows DefenderMSASCui.exe

C:WindowsRtHDVCpl.exe

C:Program FilesTOSHIBAPower SaverTPwrMain.exe

C:Program FilesTOSHIBAFlashCardsTCrdMain.exe

C:Program FilesTOSHIBAUtilitiesKeNotify.exe

C:Program FilesTOSHIBAConfigFreeNDSTray.exe

C:Program FilesJavajre1.6.0_03binjusched.exe

C:Program FilesAlwil SoftwareAvast4ashDisp.exe

C:WindowsSystem32rundll32.exe

C:Program FilesSynapticsSynTPSynTPEnh.exe

C:Program FilesGadu-Gadugg.exe

C:Windowsehomeehtray.exe

C:Program FilesCommon FilesAheadLibNMBgMonitor.exe

C:Program FilesToshibaBluetooth Toshiba StackTosBtMng.exe

C:Windowsehomeehmsas.exe

C:Program FilesCommon FilesAheadLibNMIndexStoreSvr.exe

c:Program FilesToshibaBluetooth Toshiba StackTosA2dp.exe

c:Program FilesToshibaBluetooth Toshiba StackTosBtHid.exe

C:Program FilesTOSHIBAConfigFreeCFSwMgr.exe

c:Program FilesToshibaBluetooth Toshiba StackTosBtHsp.exe

C:Program FilesInternet Exploreriexplore.exe

C:Program FilesAdobeAcrobat 7.0ReaderAcroRd32.exe

D:Programy(instalki)hijackthisHijackThis.exe

C:Windowssystem32DllHost.exe



R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = 

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = 

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = 

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03binssv.dll

O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide

O4 - HKLM..Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM..Run: [TPwrMain] %ProgramFiles%TOSHIBAPower SaverTPwrMain.EXE

O4 - HKLM..Run: [00TCrdMain] %ProgramFiles%TOSHIBAFlashCardsTCrdMain.exe

O4 - HKLM..Run: [KeNotify] C:Program FilesTOSHIBAUtilitiesKeNotify.exe

O4 - HKLM..Run: [HWSetup] C:Program FilesTOSHIBAUtilitiesHWSetup.exe hwSetUP

O4 - HKLM..Run: [SVPWUTIL] C:Program FilesTOSHIBAUtilitiesSVPWUTIL.exe SVPwUTIL

O4 - HKLM..Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM..Run: [NvSvc] RUNDLL32.EXE C:Windowssystem32nvsvc.dll,nvsvcStart

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit

O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe

O4 - HKLM..Run: [SynTPStart] C:Program FilesSynapticsSynTPSynTPStart.exe

O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_03binjusched.exe"

O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe

O4 - HKLM..Run: [UnlockerAssistant] "C:Program FilesUnlockerUnlockerAssistant.exe"

O4 - HKLM..Run: [Toshiba Registration] C:Program FilesToshibaRegistrationToshibaRegistration.exe

O4 - HKLM..Run: [SmoothView] %ProgramFiles%ToshibaSmoothViewSmoothView.exe

O4 - HKLM..Run: [HSON] %ProgramFiles%TOSHIBATBSHSON.exe

O4 - HKLM..Run: [Camera Assistant Software] "C:Program FilesCamera Assistant Software for Toshibatraybar.exe"

O4 - HKLM..Run: [topi] C:Program FilesTOSHIBAToshiba Online Product Informationtopi.exe -startup

O4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe

O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray

O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe

O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesAheadLibNMBgMonitor.exe"

O4 - Global Startup: Bluetooth Manager.lnk = ?

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL

O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - [url]http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?PL[/url] (file missing)

O10 - Unknown file in Winsock LSP: c:windowssystem32nlaapi.dll

O10 - Unknown file in Winsock LSP: c:windowssystem32napinsp.dll

O11 - Options group: [INTERNATIONAL] International*

O13 - Gopher Prefix: 

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:Program FilesAreschatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:Program FilesTOSHIBAConfigFreeCFSvcs.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: @%SystemRoot%ehomeehstart.dll,-101 (ehstart) - Unknown owner - %windir%system32svchost.exe (file missing)

O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Unknown owner - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe (file missing)

O23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero BackItUpNBService.exe

O23 - Service: NMIndexingService - Nero AG - C:Program FilesCommon FilesAheadLibNMIndexingService.exe

O23 - Service: @%SystemRoot%system32qwave.dll,-1 (QWAVE) - Unknown owner - %windir%system32svchost.exe (file missing)

O23 - Service: @%SystemRoot%system32seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%system32svchost.exe (file missing)

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:Program FilesAlcohol SoftAlcohol 52StarWindStarWindServiceAE.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:Program FilesTOSHIBAPower SaverTosCoSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:Program FilesToshibaBluetooth Toshiba StackTosBtSrv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe

O23 - Service: @%ProgramFiles%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%Windows Media Playerwmpnetwk.exe (file missing)

 

[Alliata]

ghg

O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?PL (file missing)

FIX

 

[JakubT84]

eh a mógłby ktoś rzucić okiem na moje nico wyżej ?? :]

 

[0wn3r]

C:WINDOWSsystem32acovcnt.exe
O20 - AppInit_DLLs: APSHook.dll

Sprawdź te rzeczy.

 

[Alliata]

sprawdzenie

APSHook.dll

Sprawdzałem,sama nazwa za siebie mówi.

Usunąć

Usuń folder i plik z dysku ręcznie lub Killbox'em:

Cocuments and SettingsAneczkaUstawienia lokalneTemporary Internet FilesContent.IE5S96B0T6NInstall1322[1].exe
Cocuments and SettingsAneczkaUstawienia lokalneTemporary Internet FilesContent.IE5S96B0T6NInstall1322[1].exe

Używaj czyszczenia Tymczasowych plików internetowych i Historii, w opcjach przeglądarki


C:WINDOWSsystem32acovcnt.exe


Wali na kilometr smrodem

 

[RYNIEK]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:38:13, on 2008-02-01

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal



Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:Program FilesWindows DefenderMsMpEng.exe

C:WINDOWSSystem32svchost.exe

E:PROGRAMYAd-Awareaawservice.exe

C:WINDOWSsystem32spoolsv.exe

C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe

C:Program FilesG DATA AntiVirusAVKAVKService.exe

C:Program FilesG DATA AntiVirusAVKAVKWCtl.exe

C:WINDOWSsystem32nvsvc32.exe

C:Program FilesCommon FilesG DATAAVKProxyAVKProxy.exe

C:WINDOWSExplorer.EXE

C:WINDOWSRTHDCPL.EXE

C:Program FilesJavajre1.6.0_03binjusched.exe

C:Program FilesWindows DefenderMSASCui.exe

C:Program FilesG DATA AntiVirusAVKTrayAVKTray.exe

C:Program FilesCommon FilesRealUpdate_OBrealsched.exe

C:WINDOWSsystem32ctfmon.exe

E:PROGRAMYSpybot - Search & DestroyTeaTimer.exe

C:Program FilesSferiaEasyWirelessNetEasyWirelessNet.exe

E:PROGRAMYGadu-Gadugg.exe

E:PROGRAMYOperaOpera.exe

E:PROGRAMYHiJackThisHijackThis.exe



R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://www.yahoo.com[/url]

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:Program FilesG DATA AntiVirusWebfilterAvkWebIE.dll

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn0ycomp5_6_0_1.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:PROGRAMYflashgetjccatch.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:PROGRAMYRealPlayerrpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:PROGRAMYSPYBOT~1SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03binssv.dll

O2 - BHO: LingTools Class - {7638AB14-B003-49F2-A342-D7BD4F7FD79A} - E:PROGRAMYSLOWNI~1toolbar.dll

O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier2.0.301.7164swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:PROGRAMYflashgetgetflash.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn0ycomp5_6_0_1.dll

O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:Program FilesG DATA AntiVirusWebfilterAvkWebIE.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll

O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM..Run: [SkyTel] SkyTel.EXE

O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe

O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_03binjusched.exe"

O4 - HKLM..Run: [Windows Defender] "C:Program FilesWindows DefenderMSASCui.exe" -hide

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit

O4 - HKLM..Run: [LXCFCATS] rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863LXCFtime.dll,_RunDLLEntry@16

O4 - HKLM..Run: [AVKTray] "C:Program FilesG DATA AntiVirusAVKTrayAVKTray.exe"

O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe"  -osboot

O4 - HKLM..Run: [QuickTime Task] "E:PROGRAMYQuickTimeQTTask.exe" -atboottime

O4 - HKLM..Run: [MSConfig] C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto

O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [EdHTML] E:PROGRAMYedhtmlEdHTML.exe /none

O4 - HKCU..Run: [SpybotSD TeaTimer] E:PROGRAMYSpybot - Search & DestroyTeaTimer.exe

O4 - HKCU..Run: [Gadu-Gadu] "E:PROGRAMYGadu-Gadugg.exe" /tray

O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:Program FilesWindows Live Toolbarmsntb.dll/search.htm

O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - E:PROGRAMYflashgetjc_link.htm

O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - E:PROGRAMYflashgetjc_all.htm

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:WINDOWSbdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:WINDOWSbdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:PROGRAMYflashgetFlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:PROGRAMYflashgetFlashGet.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:PROGRAMYSPYBOT~1SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:PROGRAMYSPYBOT~1SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - [url]http://download.gigabyte.com.tw/object/Dldrv.ocx[/url]

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [url]http://download.bitdefender.com/resources/scan8/oscan8.cab[/url]

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - [url]http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab[/url]

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192476870968[/url]

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://acs.pandasoftware.com/activescan/as5free/asinst.cab[/url]

O17 - HKLMSystemCCSServicesTcpip..{9C6E155B-872E-408F-9808-273DF2E2FE1A}: NameServer = 193.41.112.18 193.41.112.14

O20 - AppInit_DLLs: C:PROGRA~1GoogleGOOGLE~2GOEC62~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:PROGRAMYAd-Awareaawservice.exe

O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe

O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:Program FilesCommon FilesG DATAAVKProxyAVKProxy.exe

O23 - Service: G DATA Scheduler (AVKService) - G DATA Software AG - C:Program FilesG DATA AntiVirusAVKAVKService.exe

O23 - Service: Strażnik AntiVirus (AVKWCtl) - G DATA Software AG - C:Program FilesG DATA AntiVirusAVKAVKWCtl.exe

O23 - Service: GoogleDesktopManager - Google - C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe

O23 - Service: lxcf_device - Unknown owner - C:WINDOWSsystem32lxcfcoms.exe

O23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero BackItUpNBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe



--

End of file - 9996 bytes

To mój log.
Czy z systemem wszystko w porządku?
Mam G Data Antyvirus 2008+Spybot S&D+Lavasoft Ad-Aware 2007 Free+Windows Defender+HijackThis v2.0.2+systemowy Firewall w Xp Prof SP2.Regularnie aktualizuję system i sygnatury wirusów.

 

[0wn3r]

O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE

To u góry usuń.

To sprawdź :

O17 - HKLMSystemCCSServicesTcpip..{9C6E155B-872E-408F-9808-273DF2E2FE1A}: NameServer = 193.41.112.18 193.41.112.14

 

[Alliata]

Lol

Nie bede powtarzał sie i mówił to co poprzednik

Nie słyszałeś ze kilka antyvirusów daje Mniejszy efekt niz jeden.Efektem tego jest to ze sie gryzą i nie jest tak że "Jeden Drugiego uzupełnia"Jednego dobrego wybierz.

Masz Wściekły komputer to Kaspersky Internet Security 7.0

jak masz wolniejszy to Nod32


#Add

Own3r, on nie sprawdzi tego :
O17 - HKLMSystemCCSServicesTcpip..{9C6E155B-872E-408F-9808-273DF2E2FE1A}: NameServer = 193.41.112.18 193.41.112.14

Jest on gdzies w plikach połączeń tcp zagrzebany.

Do osoby dającej loga :

Wyłącz wszystkie programy z Autostartu i restart.Jak sie uruchomi ponownie to w Cmd wpisujesz Netstat I sprawdzasz ile masz połączeń.Jak więcej niz 4-5 to Masz Infekcje.

 

[izoll]

Witam, ostatnio mam problem z wieszaniem sie komputera, jestem po formacie...

Oto moj log z hj:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:09, on 2008-02-01
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32LEXPPS.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
Crogram FilesATI TechnologiesATI Control Panelatiptaxx.exe
Crogram FilesCreativeSBAudigySurround MixerCTSysVol.exe
C:WINDOWSSystem32Rundll32.exe
Crogram FilesLexmark 1200 Serieslxczbmgr.exe
Crogram FilesKaspersky LabKaspersky Anti-Virus 7.0avp.exe
Crogram FilesWinampWinampa.exe
Crogram FilesLexmark 1200 Serieslxczbmon.exe
C:WINDOWSSystem32ctfmon.exe
Crogram FilesMessengermsmsgs.exe
Crogram FilesCommon FilesAheadLibNMBgMonitor.exe
Crogram FilesCommon FilesAheadLibNMIndexStoreSvr.exe
Crogram FilesKaspersky LabKaspersky Anti-Virus 7.0avp.exe
C:WINDOWSSystem32CTsvcCDA.exe
Crogram FilesCommon FilesLightScribeLSSrvc.exe
C:WINDOWSSystem32svchost.exe
Crogram FilesCommon FilesAheadLibNMIndexingService.exe
Crogram FilesAdobeAcrobat 6.0 CEReaderAcroRd32.exe
Crogram FilesMozilla Firefoxfirefox.exe
Crogram FilesTrend MicroHijackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigURL = http://proxy.zicom.pl/auto.pac
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O4 - HKLM..Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM..Run: [ATIPTA] Crogram FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [CTSysVol] Crogram FilesCreativeSBAudigySurround MixerCTSysVol.exe /r
O4 - HKLM..Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 - HKLM..Run: [Lexmark 1200 Series] "Crogram FilesLexmark 1200 Serieslxczbmgr.exe"
O4 - HKLM..Run: [AVP] "Crogram FilesKaspersky LabKaspersky Anti-Virus 7.0avp.exe"
O4 - HKLM..Run: [WinampAgent] "Crogram FilesWinampWinampa.exe"
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 - HKCU..Run: [MSMSGS] "Crogram FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "Crogram FilesCommon FilesAheadLibNMBgMonitor.exe"
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = Crogram FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - Crogram FilesKaspersky LabKaspersky Anti-Virus 7.0SCIEPlgn.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLMSystemCCSServicesTcpip..{D5126D2F-D6BF-428C-821A-4690721CF50C}: NameServer = 217.70.48.6,217.70.48.20
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - Crogram FilesKaspersky LabKaspersky Anti-Virus 7.0avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSSystem32CTsvcCDA.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - Crogram FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - Crogram FilesCommon FilesAheadLibNMIndexingService.exe

--
End of file - 4903 bytes



dziekuje za pomoc[/quote]

 

[amex]

Originally posted by Alliata
Jak więcej niz 4-5 to Masz Infekcje.

ja mam 32 :whoeva:

 

[dorianmas]

izoll, log czysty.

 

[RYNIEK]

Re: Lol

Originally posted by Alliata
Nie bede powtarzał sie i mówił to co poprzednik

Nie słyszałeś ze kilka antyvirusów daje Mniejszy efekt niz jeden.Efektem tego jest to ze sie gryzą i nie jest tak że "Jeden Drugiego uzupełnia"Jednego dobrego wybierz.

Masz Wściekły komputer to Kaspersky Internet Security 7.0

jak masz wolniejszy to Nod32


#Add

Own3r, on nie sprawdzi tego :
O17 - HKLMSystemCCSServicesTcpip..{9C6E155B-872E-408F-9808-273DF2E2FE1A}: NameServer = 193.41.112.18 193.41.112.14

Jest on gdzies w plikach połączeń tcp zagrzebany.

Do osoby dającej loga :

Wyłącz wszystkie programy z Autostartu i restart.Jak sie uruchomi ponownie to w Cmd wpisujesz Netstat I sprawdzasz ile masz połączeń.Jak więcej niz 4-5 to Masz Infekcje.

1.Słyszałem o tym-nie mam kilku antywirów-G Data,Ad-Aware,Spybot i Windows Defender się nie gryzą(przynajmniej nic na to nie wskazuje żeby się gryzły) więc muszę cię zasmucić =]
2.Tu masz rację nie sprawdzę tego: O17 - HKLMSystemCCSServicesTcpip..{9C6E155B-872E-408F-9808-273DF2E2FE1A}: NameServer = 193.41.112.18 193.41.112.14
Jeśli TY wiesz jak to sprawdzić mógłbyś napisać jak.
3.Mam więcej niż 4-5 połączeń, jeśli zrobię tak jak napisałeś (znaczy usunę z autostartu te nieporządane procesy) i znów to się pojawi, co wtedy?? Tak na marginesie-Format odpada.Mam obok WinXP jeszcze Linuksa ale Windows też jest potrzebny.

Jak zrobię wszystko co mi doradziliście, napiszę jeszcze raz żeby się upewnić że już wszystko oczyszczone.

PS:Skąd wiecie że jeśli ma się więcej niż 4-5 połączeń to jest się zainfekowanym?? Jest to typowe pytanie nooba, gdyż jestem jeszcze świerzakiem.

Dziękuję za ewentualną wyrozumiałość

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:50:47, on 2008-02-01

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal



Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:Program FilesWindows DefenderMsMpEng.exe

C:WINDOWSSystem32svchost.exe

E:PROGRAMYAd-Awareaawservice.exe

C:WINDOWSsystem32spoolsv.exe

C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe

C:Program FilesG DATA AntiVirusAVKAVKService.exe

C:Program FilesG DATA AntiVirusAVKAVKWCtl.exe

C:WINDOWSsystem32nvsvc32.exe

C:Program FilesCommon FilesG DATAAVKProxyAVKProxy.exe

C:WINDOWSExplorer.EXE

C:WINDOWSRTHDCPL.EXE

C:Program FilesJavajre1.6.0_03binjusched.exe

C:Program FilesWindows DefenderMSASCui.exe

C:Program FilesG DATA AntiVirusAVKTrayAVKTray.exe

C:Program FilesCommon FilesRealUpdate_OBrealsched.exe

C:WINDOWSsystem32ctfmon.exe

E:PROGRAMYSpybot - Search & DestroyTeaTimer.exe

C:Program FilesSferiaEasyWirelessNetEasyWirelessNet.exe

E:PROGRAMYGadu-Gadugg.exe

E:PROGRAMYOperaOpera.exe

C:PROGRA~1GDATAA~1AVKavk.exe

C:WINDOWSsystem32cmd.exe

E:PROGRAMYHiJackThisHijackThis.exe



R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://www.yahoo.com[/url]

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:Program FilesG DATA AntiVirusWebfilterAvkWebIE.dll

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn0ycomp5_6_0_1.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:PROGRAMYflashgetjccatch.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:PROGRAMYRealPlayerrpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:PROGRAMYSPYBOT~1SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03binssv.dll

O2 - BHO: LingTools Class - {7638AB14-B003-49F2-A342-D7BD4F7FD79A} - E:PROGRAMYSLOWNI~1toolbar.dll

O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier2.0.301.7164swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:PROGRAMYflashgetgetflash.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn0ycomp5_6_0_1.dll

O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:Program FilesG DATA AntiVirusWebfilterAvkWebIE.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll

O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM..Run: [SkyTel] SkyTel.EXE

O4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe

O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_03binjusched.exe"

O4 - HKLM..Run: [Windows Defender] "C:Program FilesWindows DefenderMSASCui.exe" -hide

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit

O4 - HKLM..Run: [LXCFCATS] rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863LXCFtime.dll,_RunDLLEntry@16

O4 - HKLM..Run: [AVKTray] "C:Program FilesG DATA AntiVirusAVKTrayAVKTray.exe"

O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe"  -osboot

O4 - HKLM..Run: [QuickTime Task] "E:PROGRAMYQuickTimeQTTask.exe" -atboottime

O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [EdHTML] E:PROGRAMYedhtmlEdHTML.exe /none

O4 - HKCU..Run: [SpybotSD TeaTimer] E:PROGRAMYSpybot - Search & DestroyTeaTimer.exe

O4 - HKCU..Run: [Gadu-Gadu] "E:PROGRAMYGadu-Gadugg.exe" /tray

O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:Program FilesWindows Live Toolbarmsntb.dll/search.htm

O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - E:PROGRAMYflashgetjc_link.htm

O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - E:PROGRAMYflashgetjc_all.htm

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:WINDOWSbdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:WINDOWSbdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:PROGRAMYflashgetFlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:PROGRAMYflashgetFlashGet.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:PROGRAMYSPYBOT~1SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:PROGRAMYSPYBOT~1SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - [url]http://download.gigabyte.com.tw/object/Dldrv.ocx[/url]

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [url]http://download.bitdefender.com/resources/scan8/oscan8.cab[/url]

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - [url]http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab[/url]

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192476870968[/url]

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://acs.pandasoftware.com/activescan/as5free/asinst.cab[/url]

O17 - HKLMSystemCCSServicesTcpip..{9C6E155B-872E-408F-9808-273DF2E2FE1A}: NameServer = 193.41.112.18 193.41.112.14

O20 - AppInit_DLLs: C:PROGRA~1GoogleGOOGLE~2GOEC62~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:PROGRAMYAd-Awareaawservice.exe

O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe

O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:Program FilesCommon FilesG DATAAVKProxyAVKProxy.exe

O23 - Service: G DATA Scheduler (AVKService) - G DATA Software AG - C:Program FilesG DATA AntiVirusAVKAVKService.exe

O23 - Service: Strażnik AntiVirus (AVKWCtl) - G DATA Software AG - C:Program FilesG DATA AntiVirusAVKAVKWCtl.exe

O23 - Service: GoogleDesktopManager - Google - C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe

O23 - Service: lxcf_device - Unknown owner - C:WINDOWSsystem32lxcfcoms.exe

O23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero BackItUpNBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe



--

End of file - 9934 bytes

Tu jest mój nowy log już po usunięciu tego podejrzanego procesu.

Skorzystałem także z

netstat

i wykazało że mam 6 procesów:
te dwa wydają mi się podejrzane

unused-217017045158.atman.pl:https

208.65.153.253:http

Protokoły oczywiście TCP.
Czy ktoś wie coś na ten temat??