Logi: HijackThis, SilentRunners, ComboFix, Gmer

tremendous07

Użytkownik
Dołączył
Maj 14, 2009
Posty
10
To znów ja
smile.gif
Ponowną kontrolę przeprowadzam:
Kod:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:22:56, on 2009-08-14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ULi5287\ULi5287.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
E:\Program Files\Nokia PC Suite\Nokia PC Suite 6\PCSync2.exe
C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\xampp\apache\bin\apache.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\xampp\mysql\bin\mysqld-nt.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Mateusz\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULi5287\ULi5287.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ChomikBox] "E:\Program Files\ChomikBOX\ChomikBox.exe" /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [EdHTML] C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IVONA ControlCenter] "C:\Program Files\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe" --action=run-silent
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Paseczek] C:\Program Files\Paseczek\Paseczek.exe
O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"
O4 - HKCU\..\Run: [Nokia.PCSync] "E:\Program Files\Nokia PC Suite\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - E:\Program Files\Xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9225 bytes
 

kanar123

Użytkownik
Dołączył
Marzec 27, 2008
Posty
451
Kod:
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
i jakieś toolbar'y
<


to można wywalić bo i tak zdezaktywowane
<


co to : O4 - HKCU\..\Run: [Paseczek] C:\Program Files\Paseczek\Paseczek.exe ?
<


Daj combofixa...
 

tremendous07

Użytkownik
Dołączył
Maj 14, 2009
Posty
10
Niestety, ale mój log z ComboFixa jest zbyt długi. A Paseczek to program, który pokazuje wiadomości na pulpicie.
 

fr0zon

Użytkownik
Dołączył
Styczeń 12, 2007
Posty
147
Ktoś obada moje logi z ComboFix-a ?


Ktoś tutaj zagląda ? Proszę o pomoc w spr. logów ;)
 
Ostatnia edycja:

MrGomeZ

Użytkownik
Dołączył
Listopad 4, 2009
Posty
1
re

Prosze o sprawdzenie loga z HijackThis ,ponieważ obawiam się że mam wirusy :)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:38:35, on 2010-01-24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system\svchost.exe
c:\fvr32.com
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Windows\Calc.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Documents and Settings\Patrycja\Menu Start\Programy\Autostart\services.exe
C:\DOCUME~1\Patrycja\USTAWI~1\Temp\IXP000.TMP\key.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Patrycja\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Services] C:\Windows\system\svchost.exe
O4 - HKLM\..\Run: [rtyuoo] c:\fvr32.com
O4 - HKLM\..\Run: [1] c:\dos32.pif
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Patrycja\USTAWI~1\Temp\IXP000.TMP\"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Calc] C:\Windows\Calc.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Startup: services.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4564 bytes
 
K

Khalt

Gość
Cóż... spróbuj najpierw przeskanować komputer jakimś AV (czymkolwiek). Później pytaj o sprawdzenie logów, bo aż mi się nie chce wymieniać co jest, a co MOŻE być "nie tak".
 

an0nim

Użytkownik
Dołączył
Listopad 17, 2009
Posty
23
[hijackthis] prosze o pomoc

Witam was wszystkich. Proszę was o pomoc, mam tutaj loga z komputera od mamy w pracy i potrzebuję waszej pomocy. Mama mówi, że jej zamula kompa ale nie wiem co :huh:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:28:16, on 2010-02-06
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Wireless 11abg Network Utility\WLService.exe
C:\Program Files\Wireless 11abg Network Utility\WLanCfgAG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
F:\programy\Gadu-Gadu\gg.exe
F:\programy\Opera\opera.exe
F:\programy\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "F:\programy\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Usługa konfiguracji Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: WPCA-132AG Wireless PC Card (WPCA-132AG Service) - Unknown owner - C:\Program Files\Wireless 11abg Network Utility\WLService.exe

--
End of file - 3656 bytes

Jakbyście mogli tak na szybko sprawdzić, byłbym bardzo wdzięczny!:(
 

kanar123

Użytkownik
Dołączył
Marzec 27, 2008
Posty
451
... Jeden wielki śmietnik... Masz w ogóle jakiegoś antywirusa ? :p
Wklej log z hijacka teraz. Zobaczymy co zostało...
 

venom2312

Użytkownik
Dołączył
Luty 21, 2008
Posty
9
Kanar123 dodaje log z HIjackthis
MAm Nortona:D ale dawno nie skanowałem:D zaraz zrobie scan:p

link-http://www.wklej.org/id/300716/
 

kanar123

Użytkownik
Dołączył
Marzec 27, 2008
Posty
451
Teraz już jest o wiele lepiej, nic groźnego :) Combofix sobie poradził.
Zaktualizuj antywirusa i gruntowny skan :p
Powinno być ok :)
 

H4jt

Użytkownik
Dołączył
Maj 18, 2010
Posty
19
Kod:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:36:12, on 2010-05-20
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Gadu-Gadu 10\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 5366 bytes
 

Huno

Użytkownik
Dołączył
Wrzesień 26, 2010
Posty
1
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:52:18, on 2010-09-26
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTAgent.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
E:\Program Files\Last.fm\LastFM.exe
C:\Program Files\WapSter\WapSter AQQ\AQQ.exe
E:\Program Files\Xfire\Xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60018
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60018
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 91.121.3.91 mail2you.pl
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\AA\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "E:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html (User 'Default user')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08BC4DA0-F4A3-4C27-BD2A-3C0867E0BA8F}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{08BC4DA0-F4A3-4C27-BD2A-3C0867E0BA8F}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: ,wbsys.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 10156 bytes
 

kanar123

Użytkownik
Dołączył
Marzec 27, 2008
Posty
451
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60018
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
F2 - REG:system.ini: Shell=
O1 - Hosts: 91.121.3.91 mail2you.pl
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
FIX!


Tutaj nie jestem pewny:
O17 - HKLM\System\CCS\Services\Tcpip\..\{08BC4DA0-F4A3-4C27-BD2A-3C0867E0BA8F}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{08BC4DA0-F4A3-4C27-BD2A-3C0867E0BA8F}: NameServer = 156.154.70.22,156.154.71.22

reszta ok.
 

Venom546

Użytkownik
Dołączył
Luty 2, 2012
Posty
2
bardzo prosze o sprawdzenie
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:23:40, on 2012-02-26
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programy\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\romek\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe
C:\Documents and Settings\romek\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\hihackthis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2786678
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...8-462859878FF8}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.neostrada.pl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Winamp Toolbar Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\CheatEngine Toolbar\tbhelper.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Fantapper - {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll (file missing)
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\romek\Dane aplikacji\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\CheatEngine Toolbar\tbcore3.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: CheatEngine Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\CheatEngine Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "c:\program files\zte corporation\zxdsl852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Microsoft] C:\Pobrane\541_'s Keylogger v7.0\541_'s Keylogger v7.0\541_'s Keylogger v7.0\541's Keylogger Builder v7.0.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [svchost] C:\Documents and Settings\romek\Dane aplikacji\Microsoft\System\Services\svchost.exe
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA"&"inst=NwA3AC0ANAAzADEANAA5ADQANAA4ADYALQBCAEEAUgA5AEcAKwAxAC0ARgBMACsAOQAtAFgATwAzADYAKwAxAC0AWABPADkAKwAxAC0ARgA5AE0ANAArADEALQBEAEQAVAArADUAOQAxADQAMQAtAFMAVAA5ADAARgBBAFAAUAArADEALQBEAEQAOQAwAEYAKwAxAA"&"prod=90"&"ver=9.0.894
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\romek\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programy\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Programy\Odkurzacz\odk_mcd.exe
O4 - HKCU\..\Run: [svchost] C:\Documents and Settings\romek\Dane aplikacji\Microsoft\System\Services\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://edits.mywebse...Zg&n=2011122307
O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\romek\Dane aplikacji\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\romek\Dane aplikacji\FlashGetBHO\GetUrl.htm
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Fantapper - {AB745E88-1BAD-4B80-A83E-7C964EAC9804} - C:\Program Files\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll (file missing) (HKCU)
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Fantapper Player Update Service (FTSvc) - Unknown owner - C:\Program Files\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe (file missing)
O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Programy\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe

--
End of file - 13787 bytes
 

toperprg

Użytkownik
Dołączył
Lipiec 18, 2013
Posty
14
proszę sprawdzić logi z combofix

ComboFix 13-08-19.02 - Łukasz 2013-08-20 12:18:12.3.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.2935.2232 [GMT 2:00]
Uruchomiony z: d:\pobrane\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Utworzono nowy punkt przywracania
.
.
((((((((((((((((((((((((( Pliki utworzone od 2013-07-20 do 2013-08-20 )))))))))))))))))))))))))))))))
.
.
2013-08-20 10:23 . 2013-08-20 10:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-17 21:55 . 2013-08-17 21:55 388096 ----a-r- c:\users\Łukasz\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-08-17 21:55 . 2013-08-17 21:55 -------- d-----w- C:\HT
2013-08-17 21:54 . 2013-08-18 01:20 -------- d-----w- c:\users\Łukasz\AppData\Roaming\Tepfel
2013-08-17 21:54 . 2013-08-17 21:54 -------- d-----w- c:\program files\Tepfel
2013-08-17 21:22 . 2013-08-17 21:22 -------- d-----w- c:\programdata\Licenses
2013-08-17 21:21 . 2013-08-17 21:30 -------- d-----w- c:\program files\SpywareBlaster
2013-08-17 21:21 . 2011-11-04 03:13 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2013-08-17 21:21 . 2009-03-24 10:52 129872 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2013-08-17 02:11 . 2013-08-17 02:11 -------- d-----w- c:\users\Łukasz\AppData\Roaming\Need for Speed World
2013-08-17 01:37 . 2013-08-17 01:37 -------- d-----w- c:\users\Łukasz\AppData\Local\Electronic_Arts_Inc
2013-08-17 00:18 . 2013-08-17 00:18 -------- d-----w- c:\program files\Common Files\InstallShield
2013-08-15 23:12 . 2013-08-15 23:12 -------- d-----w- c:\program files\Lavalys
2013-08-15 07:55 . 2013-08-15 07:55 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2013-08-15 07:54 . 2013-08-15 08:02 -------- d-----w- c:\users\Łukasz\AppData\Roaming\BESTplayer
2013-08-14 20:52 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-14 20:52 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 20:52 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 20:52 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 20:52 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 20:52 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-14 20:52 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-14 20:52 . 2013-07-09 04:53 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-14 20:52 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-14 20:52 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 20:52 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 20:51 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-09 21:59 . 2013-08-09 21:59 -------- d-----w- c:\users\Łukasz\AppData\Local\Chromium
2013-08-09 21:55 . 2013-08-09 21:55 -------- d-----w- c:\users\Łukasz\AppData\Local\SKIDROW
2013-08-09 21:55 . 2013-08-09 21:55 -------- d-----w- c:\users\Łukasz\AppData\Roaming\Sports Interactive
2013-08-09 21:55 . 2013-08-09 21:55 -------- d-----w- c:\users\Łukasz\AppData\Local\Sports Interactive
2013-08-09 21:44 . 2013-08-09 21:49 -------- d-----w- c:\program files\Common Files\Steam
2013-08-09 21:33 . 2013-08-09 21:33 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-08-09 21:33 . 2013-08-09 21:33 -------- d-----w- c:\program files\DAEMON Tools Lite
2013-08-07 21:04 . 2013-08-14 21:49 -------- d-----w- c:\windows\system32\MRT
2013-08-06 00:25 . 2013-08-06 00:25 -------- d-----w- c:\users\Łukasz\AppData\Roaming\AVG2013
2013-08-06 00:25 . 2013-08-06 00:25 -------- d-----w- c:\users\Łukasz\AppData\Roaming\TuneUp Software
2013-08-06 00:24 . 2013-08-06 00:25 -------- d-----w- c:\programdata\AVG2013
2013-08-06 00:24 . 2013-08-06 00:24 -------- d-----w- C:\$AVG
2013-08-06 00:24 . 2013-08-06 00:24 -------- d-----w- c:\program files\AVG
2013-08-06 00:22 . 2013-08-20 09:49 -------- d-----w- c:\programdata\MFAData
2013-08-06 00:22 . 2013-08-09 21:34 -------- d-----w- c:\users\Łukasz\AppData\Local\Avg2013
2013-08-06 00:22 . 2013-08-06 00:22 -------- d--h--w- c:\programdata\Common Files
2013-08-06 00:22 . 2013-08-06 00:22 -------- d-----w- c:\users\Łukasz\AppData\Local\MFAData
2013-08-05 23:37 . 2013-07-30 13:04 268968 ----a-w- c:\windows\system32\sqlite3.dll
2013-08-05 23:37 . 2013-08-05 23:43 -------- d-----w- c:\program files\Secure Speed Dial
2013-08-05 23:37 . 2013-08-05 23:37 -------- d-----w- c:\users\Łukasz\AppData\Roaming\IObit
2013-08-05 10:43 . 2013-08-18 01:23 -------- d-----w-kasz c:\users\UKASZ~2
2013-08-05 03:57 . 2013-08-05 03:57 -------- d-----w- c:\program files\uTorrent
2013-08-05 03:57 . 2013-08-20 10:14 -------- d-----w- c:\users\Łukasz\AppData\Roaming\uTorrent
2013-08-05 02:50 . 2013-08-05 02:50 -------- d-sh--w- c:\programdata\DSS
2013-08-05 02:34 . 2013-08-05 04:03 -------- d-----w- c:\users\Łukasz\AppData\Roaming\Origin
2013-08-05 02:33 . 2013-08-05 04:03 -------- d-----w- c:\programdata\Origin
2013-08-05 00:57 . 2008-03-05 13:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2013-08-05 00:57 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2013-08-05 00:57 . 2007-05-16 14:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2013-08-05 00:57 . 2007-04-04 16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2013-08-05 00:57 . 2007-03-12 14:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2013-08-05 00:56 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2013-08-05 00:23 . 2013-08-05 00:23 -------- d-----w- c:\programdata\Logs
2013-08-04 23:55 . 2013-08-04 23:55 -------- d-----w- c:\users\Łukasz\AppData\Local\Downloaded Installations
2013-08-02 19:51 . 2013-07-15 01:34 7143960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1415EB41-6FE7-4F22-82DE-E0CE61E4574B}\mpengine.dll
2013-07-30 22:21 . 2013-08-02 17:32 -------- d-----w- c:\program files\Google
2013-07-30 22:21 . 2013-07-30 22:21 -------- d-----w- c:\users\Łukasz\AppData\Local\Deployment
2013-07-30 22:21 . 2013-07-30 22:21 -------- d-----w- c:\users\Łukasz\AppData\Local\Apps
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-09 09:08 . 2013-02-15 09:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-09 09:08 . 2013-02-15 09:03 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-19 23:51 . 2013-07-19 23:51 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-07-19 23:50 . 2013-07-19 23:50 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-07-19 23:50 . 2013-07-19 23:50 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-19 23:50 . 2013-07-19 23:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-07-09 23:32 . 2013-07-09 23:32 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-07-05 01:58 . 2013-07-05 01:58 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-07-05 01:58 . 2013-07-05 01:58 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-07-05 01:58 . 2013-07-05 01:58 158720 ----a-w- c:\windows\system32\msls31.dll
2013-07-05 01:57 . 2013-07-05 01:57 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-07-05 01:57 . 2013-07-05 01:57 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-07-05 01:57 . 2013-07-05 01:57 138752 ----a-w- c:\windows\system32\wextract.exe
2013-07-05 01:57 . 2013-07-05 01:57 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-05 01:57 . 2013-07-05 01:57 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-07-05 01:57 . 2013-07-05 01:57 12800 ----a-w- c:\windows\system32\mshta.exe
2013-07-05 01:57 . 2013-07-05 01:57 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-07-05 01:57 . 2013-07-05 01:57 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-07-05 01:57 . 2013-07-05 01:57 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-07-05 01:57 . 2013-07-05 01:57 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-07-05 01:57 . 2013-07-05 01:57 361984 ----a-w- c:\windows\system32\html.iec
2013-07-05 01:57 . 2013-07-05 01:57 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-07-05 01:57 . 2013-07-05 01:57 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-05 01:57 . 2013-07-05 01:57 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-05 01:57 . 2013-07-05 01:57 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-07-05 01:51 . 2013-07-05 01:51 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-05 01:51 . 2013-07-05 01:51 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-05 01:51 . 2013-07-05 01:51 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-05 01:51 . 2013-07-05 01:51 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-05 01:51 . 2013-07-05 01:51 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-05 01:51 . 2013-07-05 01:51 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-05 01:51 . 2013-07-05 01:51 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-05 01:51 . 2013-07-05 01:51 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-05 01:51 . 2013-07-05 01:51 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-07-05 01:51 . 2013-07-05 01:51 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-05 01:51 . 2013-07-05 01:51 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-07-05 01:51 . 2013-07-05 01:51 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-07-05 01:51 . 2013-07-05 01:51 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-07-05 01:51 . 2013-07-05 01:51 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-07-05 01:51 . 2013-07-05 01:51 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-07-05 01:51 . 2013-07-05 01:51 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-07-05 01:51 . 2013-07-05 01:51 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-07-05 01:51 . 2013-07-05 01:51 207872 ----a-w- c:\windows\system32\WindowsCodec***t.dll
2013-07-05 01:51 . 2013-07-05 01:51 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-07-05 01:51 . 2013-07-05 01:51 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-07-05 01:51 . 2013-07-05 01:51 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-07-05 01:51 . 2013-07-05 01:51 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-07-05 01:51 . 2013-07-05 01:51 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-07-05 01:51 . 2013-07-05 01:51 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-07-05 01:22 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2013-07-04 22:47 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-06-30 23:45 . 2013-06-30 23:45 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-06-05 03:05 . 2013-07-11 16:01 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 04:53 . 2013-07-11 16:01 509440 ----a-w- c:\windows\system32\qedit.dll
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2013-08-05 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-06-30 4411440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-08-01 13:13 3673696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2012-08-09 14:21 177472 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2012-08-09 14:21 142656 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2012-08-09 14:21 177984 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 02:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-06-21 07:58 19875432 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2013-08-05 03:57 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2013-07-04 4939312]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-17 7168]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-07-05 1343400]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2013-07-19 60216]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2013-07-19 246072]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2013-07-09 39224]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2013-07-19 208184]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2013-03-01 22328]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2013-07-19 171320]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2013-03-21 182072]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-08-09 243128]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2013-07-23 283136]
S2 WebCakeUpdater;WebCakeUpdater;c:\program files\Tepfel\WebCakeDesktop.Updater.exe [2013-08-10 51992]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 IntcDAud;Intel(R) Audio dla ekranów;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 270336]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-15 09:08]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Łukasz\AppData\Roaming\Mozilla\Firefox\Profiles\2r8i9l91.default\
FF - ExtSQL: 2013-06-23 22:28; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Łukasz\AppData\Roaming\Mozilla\Firefox\Profiles\2r8i9l91.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-06-30 10:44; [email protected]; c:\users\Łukasz\AppData\Roaming\Mozilla\Firefox\Profiles\2r8i9l91.default\extensions\[email protected]
FF - ExtSQL: 2013-08-06 01:37; [email protected]; c:\users\Łukasz\AppData\Roaming\Mozilla\Firefox\Profiles\2r8i9l91.default\extensions\[email protected]
FF - ExtSQL: 2013-08-16 01:45; [email protected]; c:\users\Łukasz\AppData\Roaming\Mozilla\Firefox\Profiles\2r8i9l91.default\extensions\[email protected]
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2013-08-20 12:24:16
ComboFix-quarantined-files.txt 2013-08-20 10:24
.
Przed: 30*445*838*336 bajtów wolnych
Po: 30*398*271*488 bajtów wolnych
.
- - End Of File - - 84AF9C65E0DED7FA745EAC4F350E8775
1F998BE06DC960CE70B919FFF503E98C
 
Do góry Bottom