|
| |||||||
| Zarejestruj się | Strona Spy | Lista Użytkowników | Darowizna | Szukać | Dzisiejsze Posty | Mark Forums Read | Regulamin forum |
 |
 |
| | Narzędzia wątku |
|
#1
31 października 2008, 03:00
| |||
| |||
| Mum pobrać coś Cześć, Cóż, my mamy coś pobrać i zapory wyszły z niektórych wiadomości. Jakoś to ma zainstalowany przed Powiedziała mi. Więc, skanuje uruchomione teraz, to może zająć trochę czasu, ponieważ jest to powolny komputer. I don't know what it's called chociaż, to wszystko dziwne symbole i nieczytelny. Masz HijackThis jednak co najmniej jedno nie bierze długo ... Logfile of Trend Micro HijackThis v2.0.2 Skanowanie zapisane w 8:53:31 PM, na 31/10/2008 Platforma: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Uruchamianie procesów: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ SYSTEM32 \ winlogon.exe C: \ WINDOWS \ system32 \ Services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ Program Files \ Avast4 \ aswUpdSv.exe C: \ Program Files \ Avast4 \ ashServ.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe C: \ WINDOWS \ SYSTEM32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ system32 \ ctfmon.exe C: \ WINDOWS \ explorer.exe C: \ WINDOWS \ system32 \ SearchIndexer.exe C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ PROGRA ~ 1 \ Avast4 \ ashDisp.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ Program Files \ Avast4 \ ashMaiSv.exe C: \ Program Files \ Avast4 \ ashWebSv.exe C: \ Program Files \ DAP \ DAP.EXE C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe C: \ Program Files \ Spybot - Search & Destroy \ spybotsd.exe C: \ Program Files \ Mozilla Firefox \ firefox.exe C: \ Program Files \ Avast4 \ ashSimpl.exe C: \ Documents and Settings \ Vip \ Desktop \ HiJackThis.exe C: \ Program Files \ Avast4 \ setup \ avast.setup R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com.hk/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant = R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Window Title = Windows Internet Explorer dostarczonych przez administratora Kevin R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = local R3 - URLSearchHook: (no name) - (0A94B116-4504-4e26-AB05-E61E474AA38B) - (no file) O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll O2 - BHO: RealPlayer Download i Zapis Plugin dla programu Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file) O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [ATICCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" runtime-Delay O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA ~ 1 \ Avast4 \ ashDisp.exe O4 - HKLM \ .. \ RunOnce: [Malwarebytes' Anti-Malware] C: \ Program Files \ Malwarebytes' Anti-Malware \ mbamgui.exe / install / silent O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE') O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM') O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user') O4 - Startup: AEO ¶ ¯ ÉËÙÍÁ ¶ ¹. Lnk =? O8 - Dodatkowe menu kontekstowego pozycję: & Clean Traces - C: \ Program Files \ DAP \ Privacy Package \ dapcleanerie.htm O8 - Dodatkowe menu kontekstowego pozycję: Pobierz z & & DAP - C: \ Program Files \ DAP \ dapextie.htm O8 - Dodatkowe menu kontekstowego pozycję: Download & all with DAP - C: \ Program Files \ DAP \ dapextie2.htm O8 - Extra kontekście menu: E & ksportuj do programu Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ EXCEL.EXE/3000 O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ REFIEBAR.DLL O9 - Extra button: QQ - (c95fe080-8f5d-11d2-a20b-00aa003c157b) - C: \ WINDOWS \ system32 \ shdocvw.dll O9 - Extra 'Tools' menuitem:? QQ - (c95fe080-8f5d-11d2-a20b-00aa003c157b) - C: \ WINDOWS \ system32 \ shdocvw.dll O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe O9 - Extra 'Tools' menuitem: @ Xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) -- http://by107fd.bay107.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) -- http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://update.microsoft.com/microsof...?1133040258574 O16 - DPF: (8E0D4DE5-3180-4024-A327-4DFAD1796A8D) -- http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) -- http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Avast4 \ aswUpdSv.exe O23 - Service: Ati Hotkey Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C: \ WINDOWS \ system32 \ ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Avast4 \ ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashWebSv.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe -- End of file - 7692 bytes _______________________________________________ Any help is appreciated. BTW. Nie mogę znaleźć ikony, że wygląda jak "odinstaluj" do mnie, więc nie będzie odinstalowanie opcji ...
__________________ HI:) |
|
#2
31 października 2008, 15:21
| |||
| |||
| Mum pobrać coś Dobrze. I opuścił skanuje uruchomić na noc, ale SuperAntiSpyware trzymane w zamkniętych i problemy ... Mam MalwareBytes zalogować tutaj: Malwarebytes' Anti-Malware 1.30 Baza wersji: 1343 Windows 5.1.2600 Service Pack 3 1/11/2008 9:19:03 AM mbam-log-2008-11-01 (09-19-03). txt Scan type: Full Scan (C: \ | D: \ | E: \ |) Obiekty skanowane: 190626 Czas, jaki upłynął: 3 godzin (y) 56 minut (y), 28 sekund (y) Memory Processes Infected: 0 Memory Modules Infected: 0 Zainfekowane klucze rejestru: 0 Zainfekowane wartości rejestru: 0 Danych Rejestru przedmioty Infected: 0 Foldery Infected: 0 Zainfekowane pliki: 2 Memory Processes Infected: (Nie wykryto złośliwego pozycji) Memory Modules Infected: (Nie wykryto złośliwego pozycji) Zainfekowane klucze rejestru: (Nie wykryto złośliwego pozycji) Zainfekowane wartości rejestru: (Nie wykryto złośliwego pozycji) Danych Rejestru przedmioty Infected: (Nie wykryto złośliwego pozycji) Foldery Infected: (Nie wykryto złośliwego pozycji) Zainfekowane pliki: C: \ WINDOWS \ system32 \ _005069_.tmp.dll (Trojan.Agent) -> kwarantannie i usunięte pomyślnie. C: \ WINDOWS \ system32 \ _005101_.tmp.dll (Trojan.Agent) -> kwarantannie i usunięte pomyślnie.
__________________ HI:) |
|
#3
31 października 2008, 15:24
| ||||||||||||
| ||||||||||||
| Mum pobrać coś Cześć
__________________
Kontynuuj z skanuje uruchomiony jest program, a następnie postępuj zgodnie z poniższymi instrukcjami. Pobrać ComboFix jednego z tych miejsc: Link 1 Link 2 Link 3 * WAŻNE! Zapisz ComboFix.exe na pulpit
 Gdy Konsola odzyskiwania systemu Microsoft Windows jest zainstalowany przy użyciu ComboFix, powinieneś zobaczyć następujący komunikat:  Kliknij na Tak, Aby kontynuować skanowanie dla złośliwego oprogramowania. Po zakończeniu ComboFix przedstawia dziennik dla Ciebie. Podaj C: \ ComboFix.txt w następnej odpowiedzi alog z innych dzienników. My System: It's all mine ...
|
|
#4
31 października 2008, 15:52
| |||
| |||
| Mum pobrać coś Z jakiegoś powodu, ComboFix zamknięte SuperAntiSpyware natomiast to skanowanie, dlatego ponownie teraz. I avast! nie uruchamia się domyślnie już ... Mogę otworzyć program, ale jeszcze nie w zasobniku systemowym rzeczą ... I program, że moja mama jest pobierane do uruchamiania przy starcie ... Zaloguj się tutaj, i tak: ComboFix 08-10-30.13 - Vip 2008-11-01 9:36:52.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.732 [GMT 11:00] Uruchamianie z: C: \ Documents and Settings \ Vip \ Desktop \ ComboFix.exe * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((((((((((((((((( Inne Skreślenia ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ Program Files \ Warcraft III \ _desktop.ini C: \ WINDOWS \ system32 \ _005058_.tmp.dll C: \ WINDOWS \ system32 \ _005059_.tmp.dll C: \ WINDOWS \ system32 \ _005060_.tmp.dll C: \ WINDOWS \ system32 \ _005061_.tmp.dll C: \ WINDOWS \ system32 \ _005068_.tmp.dll C: \ WINDOWS \ system32 \ _005070_.tmp.dll C: \ WINDOWS \ system32 \ _005071_.tmp.dll C: \ WINDOWS \ system32 \ _005072_.tmp.dll C: \ WINDOWS \ system32 \ _005073_.tmp.dll C: \ WINDOWS \ system32 \ _005074_.tmp.dll C: \ WINDOWS \ system32 \ _005075_.tmp.dll C: \ WINDOWS \ system32 \ _005076_.tmp.dll C: \ WINDOWS \ system32 \ _005077_.tmp.dll C: \ WINDOWS \ system32 \ _005078_.tmp.dll C: \ WINDOWS \ system32 \ _005079_.tmp.dll C: \ WINDOWS \ system32 \ _005080_.tmp.dll C: \ WINDOWS \ system32 \ _005081_.tmp.dll C: \ WINDOWS \ system32 \ _005082_.tmp.dll C: \ WINDOWS \ system32 \ _005084_.tmp.dll C: \ WINDOWS \ system32 \ _005087_.tmp.dll C: \ WINDOWS \ system32 \ _005088_.tmp.dll C: \ WINDOWS \ system32 \ _005092_.tmp.dll C: \ WINDOWS \ system32 \ _005093_.tmp.dll C: \ WINDOWS \ system32 \ _005094_.tmp.dll C: \ WINDOWS \ system32 \ _005095_.tmp.dll C: \ WINDOWS \ system32 \ _005096_.tmp.dll C: \ WINDOWS \ system32 \ _005097_.tmp.dll C: \ WINDOWS \ system32 \ _005098_.tmp.dll C: \ WINDOWS \ system32 \ _005099_.tmp.dll C: \ WINDOWS \ system32 \ _005100_.tmp.dll C: \ WINDOWS \ system32 \ _005102_.tmp.dll C: \ WINDOWS \ system32 \ _005103_.tmp.dll C: \ WINDOWS \ system32 \ _005104_.tmp.dll C: \ WINDOWS \ system32 \ _005106_.tmp.dll C: \ WINDOWS \ system32 \ _005107_.tmp.dll C: \ WINDOWS \ system32 \ _005108_.tmp.dll C: \ WINDOWS \ system32 \ _005109_.tmp.dll C: \ WINDOWS \ system32 \ _005110_.tmp.dll C: \ WINDOWS \ system32 \ _005111_.tmp.dll C: \ WINDOWS \ system32 \ _005112_.tmp.dll C: \ WINDOWS \ system32 \ _005115_.tmp.dll C: \ WINDOWS \ system32 \ _005116_.tmp.dll C: \ WINDOWS \ system32 \ _005117_.tmp.dll C: \ WINDOWS \ system32 \ _005118_.tmp.dll C: \ WINDOWS \ system32 \ _005119_.tmp.dll C: \ WINDOWS \ system32 \ _005121_.tmp.dll C: \ WINDOWS \ system32 \ _005122_.tmp.dll C: \ WINDOWS \ system32 \ _005123_.tmp.dll C: \ WINDOWS \ system32 \ _005125_.tmp.dll C: \ WINDOWS \ system32 \ _005128_.tmp.dll C: \ WINDOWS \ system32 \ _005129_.tmp.dll C: \ WINDOWS \ system32 \ _005133_.tmp.dll C: \ WINDOWS \ system32 \ _005134_.tmp.dll C: \ WINDOWS \ system32 \ _005136_.tmp.dll C: \ WINDOWS \ system32 \ _005137_.tmp.dll C: \ WINDOWS \ system32 \ _005139_.tmp.dll C: \ WINDOWS \ system32 \ _005141_.tmp.dll C: \ WINDOWS \ system32 \ _005142_.tmp.dll C: \ WINDOWS \ system32 \ _005143_.tmp.dll C: \ WINDOWS \ system32 \ _005144_.tmp.dll C: \ WINDOWS \ system32 \ _005147_.tmp.dll C: \ WINDOWS \ system32 \ _005148_.tmp.dll C: \ WINDOWS \ system32 \ _005149_.tmp.dll C: \ WINDOWS \ system32 \ _005150_.tmp.dll C: \ WINDOWS \ system32 \ _005151_.tmp.dll C: \ WINDOWS \ system32 \ _005156_.tmp.dll C: \ WINDOWS \ system32 \ _005158_.tmp.dll C: \ WINDOWS \ system32 \ Cache C: \ WINDOWS \ system32 \ Cfx32.lic C: \ WINDOWS \ system32 \ cfx32.ocx . ((((((((((((((((((((((((((((((((((((((( Sterowniki / Usługi )))))))) ))))))))))))))))))))))))))))))))))))))))) . ------- \ Legacy_NPF ((((((((((((((((((((((((( Pliki utworzone od 2008-09-28 do 2008-10-31 ))))))))))) )))))))))))))))))))) . 2008-10-31 20:45. 2008-10-31 20:45 <DIR> d -------- C: \ Documents and Settings \ Vip \ Dane aplikacji \ SUPERAntiSpyware.com 2008-10-31 20:45. 2008-10-31 20:45 <DIR> d -------- C: \ Documents and Settings \ Vip \ Dane aplikacji \ Malwarebytes 2008-10-31 20:33. 2008-10-31 20:33 <DIR> d -------- C: \ Program Files \ Tudou 2008-10-24 12:04. 2008-10-16 03:34 337.408 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Netapi32.dll 2008-10-15 20:43. 2008-09-15 23:12 1.846.400 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ win32k.sys 2008-10-15 20:43. 2008-09-08 21:41 333.824 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Srv.sys 2008-10-15 20:42. 2008-08-14 21:11 2.189.184 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntoskrnl.exe 2008-10-15 20:42. 2008-08-14 21:09 2.145.280 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Ntkrnlmp.exe 2008-10-15 20:42. 2008-08-14 20:33 2.066.048 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntkrnlpa.exe 2008-10-15 20:42. 2008-08-14 20:33 2.023.936 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Ntkrpamp.exe 2008-09-18 19:05. 2008-10-31 20:52 <DIR> d -------- C: \ Program Files \ Avast4 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008-10-31 22:38 --------- d ----- w C: \ Program Files \ Warcraft III 2008-10-31 22:30 --------- d ----- w C: \ Documents and Settings \ All Users \ Dane aplikacji \ Spybot - Search & Destroy 2008-10-31 09:47 --------- d ----- w C: \ Program Files \ Malwarebytes' Anti-Malware 2008-10-31 09:32 --------- d --- aw C: \ Documents and Settings \ All Users \ Dane aplikacji \ TEMP 2008-10-22 05:10 38.496 ---- aw C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys 2008-10-22 05:10 15.504 ---- aw C: \ WINDOWS \ system32 \ drivers \ mbam.sys 2008-10-09 06:46 --------- d ----- w C: \ Program Files \ PPStream 2008-10-09 03:31 --------- d ----- w C: \ Program Files \ SUPERAntiSpyware 2008-10-09 03:28 --------- d ----- w C: \ Program Files \ Spybot - Search & Destroy 2008-09-18 08:42 --------- d ----- w C: \ Documents and Settings \ Vip \ Dane aplikacji \ Ahead 2008-09-08 10:41 333.824 ---- aw C: \ WINDOWS \ system32 \ drivers \ Srv.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Uwaga * puste wpisy & legit domyślne wpisy nie są wyświetlane REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NeroFilterCheck" = "C: \ WINDOWS \ system32 \ NeroCheck.e XE" [2001-07-09 155648] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784] "ATICCC" = "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" [2006-01-02 45056] [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run] "Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-14 15360] C: \ Documents and Settings \ Vip \ Menu Start \ Programy \ Autostart \ "Ôîú ÓëÖμôû.lnk - C: \ Program Files \ Tudou \ ú ÓëTudou \ TudouVa.exe [2008-07-06 3248128] [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ policies \ system] "DisableChangePassword" = 1 (0x1) [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Policies \ Explorer] "NoAutoUpdate" = 1 (0x1) "MaxRecentDocs" = 1 (0x1) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(56F9679E-7826-4C84-81F3-532071A8BCC5)" = "C: \ Program Files \ Windows Desktop Search \ MSNLNamespaceMgr.dll" [2006-04-24 282624] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon] "UIHost" = "C: \ WINDOWS \ system32 \ \ logonuiX.exe" [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2008-10-09 14:31 352256 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ drivers32] "VIDC.I420" = i420vfw.dll "aux" = ctwdm32.dll "VIDC.HFYU = huffyuv.dll "VIDC.X264" = x264vfw.dll "VIDC.3iv2" = 3ivxVfWCodec.dll "VIDC.VP31" = vp31vfw.dll "msacm.l3fhg" = mp3fhg.acm "msacm.ac3filter" = ac3filter.acm [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Start ^ Programy ^ Autostart ^ Adobe Reader Speed Launch.lnk] backup = C: \ WINDOWS \ pss \ Adobe Reader Speed Launch.lnkCommon startowy [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Start ^ Programy ^ Autostart ^ Adobe Reader Synchronizer.lnk] backup = C: \ WINDOWS \ pss \ Adobe Reader Synchronizer.lnkCommon startowy [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Start ^ Programy ^ Autostart ^ WinZip Quick Pick.lnk] backup = C: \ WINDOWS \ pss \ WinZip Quick Pick.lnkCommon startowy [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Menu Start ^ Programy ^ Autostart ^ Azureus Turbo Accelerator.lnk] backup = C: \ WINDOWS \ pss \ Azureus Turbo Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Menu Start ^ Programy ^ Autostart ^ Azureus Ultra Accelerator.lnk] backup = C: \ WINDOWS \ pss \ Azureus Ultra Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Menu Start ^ Programy ^ Autostart ^ BitTorrent Turbo Accelerator.lnk] backup = C: \ WINDOWS \ pss \ BitTorrent Turbo Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Menu Start ^ Programy ^ Autostart ^ eMule Turbo Accelerator.lnk] backup = C: \ WINDOWS \ pss \ eMule Turbo Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Menu Start ^ Programy ^ Autostart ^ LimeWire Na Startup.lnk] backup = C: \ WINDOWS \ pss \ LimeWire Na Startup.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Menu Start ^ Programy ^ Autostart ^ LimeWire Turbo Accelerator.lnk] backup = C: \ WINDOWS \ pss \ LimeWire Turbo Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Menu Start ^ Programy ^ Autostart ^ PowerReg Harmonogram V3.exe] backup = C: \ WINDOWS \ pss \ PowerReg Harmonogram V3.exeStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Menu Start ^ Programy ^ Autostart ^ Rejestracja Tom Clancy's Rainbow Six] backup = C: \ WINDOWS \ pss \ Registration Tom Clancy's Rainbow SixStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Menu Start ^ Programy ^ Autostart ^ SpeedFan.lnk] backup = C: \ WINDOWS \ pss \ SpeedFan.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Menu Start ^ Programy ^ Autostart ^ Thoosje Sidebar.lnk] [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Menu Start ^ Programy ^ Autostart ^ WordWeb.lnk] backup = C: \ WINDOWS \ pss \ WordWeb.lnkStartup HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \! AVG Anti-Spyware HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ BitTorrent HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Boss Key HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ CmCardRun HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ CursorXP HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ EasyTuneVPro HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ iTunesHelper HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ LogonStudio HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ OrderReminder HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ RecordPadRun HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SpeedOptimizer HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ swg HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Veoh [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Adobe Photo Downloader] - a ------ 2005-09-09 01:18 57344 C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ BgMonitor_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)] - a ------ 2006-04-21 18:03 94208 C: \ Program Files \ Common Files \ Ahead \ Lib \ NMBgMonitor.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ DAEMON Tools] - a ------ 2005-12-11 01:57 133016 C: \ Program Files \ DAEMON Tools \ daemon.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ LanguageShortcut] - a ------ 2006-04-13 12:09 49152 C: \ Program Files \ CyberLink \ PowerDVD \ Language \ Language.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ QuickTime Task] - a ------ 2008-03-29 00:37 413696 C: \ Program Files \ K-Lite Codec Pack \ QuickTime \ QTTask.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ RemoteControl] - a ------ 2005-12-07 23:57 30208 C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SpybotSD TeaTimer] -rahs ---- 2008-09-16 12:16 1833296 C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Steam] - a ------ 2008-03-29 09:39 1271032 C: \ Valve \ Steam \ Steam.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Uniblue RegistryBooster 2] - a ------ 2007-12-05 16:06 1885464 C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Uniblue SpeedUpMyPC] - a ------ 2008-01-29 09:46 9442584 C: \ Program Files \ Uniblue \ SpeedUpMyPC 3 \ SpeedUpMyPC.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ WinampAgent] - a ------ 2008-04-02 05:49 36352 C: \ Program Files \ Winamp \ winampa.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ BluetoothAuthenticationA gent] - a ------ 2008-04-14 06:42 110592 C: \ WINDOWS \ system32 \ polecenie bthprops.cpl [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ C-Media Mixer] - a ------ 2003-03-20 17:21 1855488 C: \ WINDOWS \ mixer.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ services] "WMPNetworkSvc" = 3 (0x3) "gusvc" = 3 (0x3) "RichVideo" = 2 (0x2) "BthServ" = 2 (0x2) "iPod Service" = 3 (0x3) "Apple Mobile Device" = 2 (0x2) "LiveUpdate Notice Service" = 2 (0x2) "VideoAcceleratorEngine" = 3 (0x3) "MDM" = 2 (0x2) "IDriverT" = 3 (0x3) "aawservice" = 3 (0x3) "PDEngine" = 3 (0x3) "PDAgent" = 3 (0x3) "Pml Driver HPZ12" = 3 (0x3) "CPUCooLServer" = 2 (0x2) "usnjsvc" = 3 (0x3) "AdobeActiveFileMonitor4.0" = 2 (0x2) "WLSetupSvc" = 3 (0x3) "cmdAgent" = 2 (0x2) "FLEXnet Licensing Service" = 3 (0x3) "Bonjour Service" = 2 (0x2) "ose" = 3 (0x3) [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecFirewall] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ system32 \ \ Sessmgr.exe" = "C: \ Program Files \ \ DAP \ \ DAP.exe" = "C: \ Program Files \ \ Messenger \ \ msmsgs.exe" = "<NO Nazwa" = "C: \ Program Files \ \ PPStream \ \ PPStream.exe" "C: \ Program Files \ \ PPStream \ \ PPStream.exe "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "C: \ Program Files \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" = "C: \ Program Files \ \ Windows Live \ \ Messenger \ \ livecall.exe" = "C: \ Program Files \ \ UT2004 \ System \ \ UT2004.exe" = "C: \ Program Files \ \ DeusEx \ \ System \ \ DeusEx.exe" = "C: \ Program Files \ \ Tudou \ \ ÉËÙTudou \ \ TudouVa.exe" = [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "3389: TCP" = 3389: TCP: *: Disabled: @ Xpsp2res.dll, -22009 "15394: TCP" = 15394: TCP: *: Disabled: BitComet 15394 TCP "15394: UDP" = 15394: UDP: *: Disabled: BitComet 15394 UDP "6555: TCP" = 6555: TCP: *: Disabled: BitComet 6555 TCP "6555: UDP" = 6555: UDP: *: Disabled: BitComet 6555 UDP R1 aswSP; avast! Self Protection; C: \ WINDOWS \ system32 \ drivers \ aswSP.sys [2008-07-20 78416] R1 atitray; atitray; C: \ Program Files \ Ray Adams \ ATI Tray Tools \ atitray.sys [2007-05-22 18088] R2 aswFsBlk; aswFsBlk; C: \ WINDOWS \ system32 \ DRIVERS \ aswF sBlk.sys [2008-07-20 20560] R2 ROCKEYNT; ROCKEYNT; C: \ WINDOWS \ system32 \ drivers \ Rock eynt.sys [2005-01-04 18223] R2 SBKUPNT; SBKUPNT; C: \ WINDOWS \ system32 \ drivers \ SBKUPN T. SYS [2001-07-13 14976] S3 motccgp; Motorola USB Composite Device Driver; C: \ WINDOWS \ system32 \ DRIVERS \ motccgp.sys [2007-06-18 17920] S3 motccgpfl; MotCcgpFlService; C: \ WINDOWS \ system32 \ DRI VERS \ motccgpfl.sys [2007-01-22 7680] S3 MotDev; Motorola Inc USB Device; C: \ WINDOWS \ system32 \ DRIVERS \ motodrv.sys [2007-05-07 42112] S3 RTLWUSB; WG111v2 NETGEAR 54Mbps Wireless USB 2.0 Adapter NT Driver; C: \ WINDOWS \ system32 \ DRIVERS \ wg111v2.sys [2006-03-16 167808] S3 XDva042; XDva042; C: \ WINDOWS \ system32 \ XDva042.sys [] . Zawartość programu "Zaplanowane zadania" folder 2008-10-01 C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2007-08-29 14:57] 2008-10-27 C: \ WINDOWS \ Tasks \ Uniblue SpeedUpMyPC Nag.job - C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe [] 2007-05-14 C: \ WINDOWS \ Tasks \ Uniblue SpeedUpMyPC.job - C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe [] 2008-10-25 C: \ WINDOWS \ Tasks \ Uniblue SpyEraser Nag.job - C: \ Program Files \ Uniblue \ SpyEraser \ SpyEraser.exe [] . - - - - SIEROT REMOVED - - - -- URLSearchHooks (0A94B116-4504-4e26-AB05-E61E474AA38B) - (no file) ShellIconOverlayIdentifiers-hex (2): 7b, 38,41,34,32,44,46,42,46,2 d, 37,38,36,38,2 d, 34,30,32,39,2 d, 39, 35,38, \ - (no file) ShellExecuteHooks-(E0D8FD38-6F36-4C9F-AE43-EDFA2BB266BA) - (no file) MSConfigStartUp-COMODO Firewall Pro - C: \ Program Files \ COMODO \ Firewall \ cfp.exe MSConfigStartUp-EzPrint - C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe MSConfigStartUp-FaxCenterServer - C: \ Program Files \ Lexmark Fax Solutions \ fm3032.exe MSConfigStartUp-TkBellExe - C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe MSConfigStartUp-Uniblue SpyEraser - C: \ Program Files \ Uniblue \ SpyEraser \ SpyEraser.exe . Dodatkowe Scan ------- ------- . FireFox -: Profile - C: \ Documents and Settings \ Vip \ Dane aplikacji \ Mozilla \ Firefox \ Profiles \ 19piaa5b.default \ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp: / / hk.yahoo.com / . . ------- File Associations ------- . txtfile = C: \ WINDOWS \ NOTEPAD.EXE% 1 . ************************************************** ************************ catchme 0.3.1367 W2K/XP/Vista - Rootkit / stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-01 09:42:02 Windows 5.1.2600 Service Pack 3 dla systemu plików NTFS skanowanie ukrytych procesów ... skanowanie ukrytych autostart entries ... skanowanie ukrytych plików ... skanowanie zakończone pomyślnie ukryte pliki: 0 ************************************************** ************************ . ------------------------ Pozostałe uruchomione procesy ----------------------- -- . C: \ WINDOWS \ system32 \ ati2evxx.exe C: \ Program Files \ Avast4 \ aswUpdSv.exe C: \ Program Files \ Avast4 \ ashServ.exe C: \ WINDOWS \ system32 \ ati2evxx.exe C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe C: \ WINDOWS \ system32 \ searchindexer.exe C: \ Program Files \ Avast4 \ ashMaiSv.exe C: \ Program Files \ Avast4 \ ashWebSv.exe C: \ WINDOWS \ system32 \ imapi.exe . ************************************************** ************************ . Zakończenie time: 2008-11-01 9:47:03 - został uruchomiony ponownie maszyny ComboFix-kwarantannę-files.txt 2008-10-31 22:46:53 Pre-Run: 17476198400 bytes wolny Post-Run: 17429176320 bytes wolny WindowsXP-KB310994-SP2-Pro-Bootdisk-PLK.exe [boot loader] timeout = 2 default = multi (0) disk (0) rdisk (0) partition (1) \ WINDOW S [operating systems] C: \ cmdcons \ bootsect.dat = "Microsoft Windows Recovery Console" / cmdcons multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro soft Windows XP Professional" / noexecute = OptIn / fastdetect 335 --- EOF --- 2008-10-24 09:01:23 __________________________________________________ _________________________________________________ EDIT: Byłem klikając okolice i znalazłem ikonę wyglądało odinstalować. Kliknąłem i zaczął odinstalować (lub przynajmniej mam nadzieję, że to było), ponieważ był on w dziwne symbole.
__________________ HI:) |
|
#5
31 października 2008, 18:39
| |||
| |||
| Mum pobrać coś SuperAntiSpyware zalogować. Miałem do szybkiego skanowania, ponieważ zawsze się z błędem, kiedy zrobiłem pełne skanowanie. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 11/01/2008 at 11:45 Zastosowanie Wersja: 4.21.1004 Core Zasady Database Version: 3618 Trace Rules Database Version: 1603 Scan type: Quick Scan Total Scan Time: 00:35:28 Pamięć pozycji zeskanowane: 490 Pamięć zagrożeń wykrytych: 0 Rejestr pozycji zeskanowane: 436 Rejestr zagrożeń wykrytych: 0 Plik przedmioty zeskanowane: 33788 Plik wykrycia zagrożenia: 2 Trojan.Vundo-Wariant / F C: \ WINDOWS \ SYSTEM32 \ AZIPCONTMN.DLL C: \ WINDOWS \ SYSTEM32 \ SYSFOLDERAZIPCNT.DLL
__________________ HI:) |
|
#6
1 listopada 2008, 10:16
| |||
| |||
| Mum pobrać coś Hi again Proszę nie klikać na coś lub uruchomić więcej skanuje chyba Radzę Ci tak. To sprawia, że rzeczy niezrozumiałe dla mnie - widzę wpis w jednym zalogować ale odszedł od następnej i tak dalej - dzięki. Podejrzewam, jest to problem C: \ Program Files \ Tudou chyba że mama jest fanem chińskiej wersji YouTube.  Chcę rzucić okiem na te dwa pliki znalezione przez SAS. Proszę przejść do: VirusTotal
C: \ WINDOWS \ SYSTEM32 \ SYSFOLDERAZIPCNT.DLL Combofix
Kod: Folder: C: \ Program Files \ Tudou  Zapisz jako CFScript.txt, W tym samym miejscu jak ComboFix.exe  Powołując się na powyższe zdjęcie, przeciągnij CFScript na ComboFix.exe. Po zakończeniu, będzie produkować dziennik dla Ciebie na "C: \ ComboFix.txt" Nie mouseclick combofix okna podczas jego uruchamiania. Może to spowodować, że stoisko. UWAGA! Każdy inny na myśli używając powyższego skrypt robi to na własne ryzyko - może doprowadzić do konieczności ponownego zainstalowania systemu Windows! Proszę po dziennika C: \ ComboFix.txt , Do VirusTotal wyniki i nowe HijackThis do dalszej oceny. |
|
#7
1 listopada 2008, 16:53
| |||
| |||
| Mum pobrać coś Tak moja mama zegarki niektórych chiński film ... Nie mogłem znaleźć podczas przeglądania plików w VirusTotal. I nawet się do nich w explorer, a nie mógł znaleźć obu z nich. Masz dzienniki: ComboFix: ComboFix 08-11-01.01 - Vip 2008-11-02 10:36:20.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.865 [GMT 11:00] Uruchamianie z: C: \ Documents and Settings \ Vip \ Desktop \ ComboFix.exe Polecenie używane polecenia: C: \ Documents and Settings \ Vip \ Desktop \ CFScript.txt * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((((((((((((((((( Inne Skreślenia ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ Program Files \ Tudou . ((((((((((((((((((((((((( Pliki utworzone od 2008-10-01 do 2008-11-01 ))))))))))) )))))))))))))))))))) . 2008-11-01 09:55. 2008-11-01 09:55 <DIR> d -------- C: \ Documents and Settings \ Vip \ Dane aplikacji \ Uniblue 2008-10-31 20:45. 2008-10-31 20:45 <DIR> d -------- C: \ Documents and Settings \ Vip \ Dane aplikacji \ SUPERAntiSpyware.com 2008-10-31 20:45. 2008-10-31 20:45 <DIR> d -------- C: \ Documents and Settings \ Vip \ Dane aplikacji \ Malwarebytes 2008-10-24 12:04. 2008-10-16 03:34 337.408 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Netapi32.dll 2008-10-15 20:43. 2008-09-15 23:12 1.846.400 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ win32k.sys 2008-10-15 20:43. 2008-09-08 21:41 333.824 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Srv.sys 2008-10-15 20:42. 2008-08-14 21:11 2.189.184 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntoskrnl.exe 2008-10-15 20:42. 2008-08-14 21:09 2.145.280 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Ntkrnlmp.exe 2008-10-15 20:42. 2008-08-14 20:33 2.066.048 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntkrnlpa.exe 2008-10-15 20:42. 2008-08-14 20:33 2.023.936 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Ntkrpamp.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008-10-31 22:38 --------- d ----- w C: \ Program Files \ Warcraft III 2008-10-31 22:30 --------- d ----- w C: \ Documents and Settings \ All Users \ Dane aplikacji \ Spybot - Search & Destroy 2008-10-31 09:52 --------- d ----- w C: \ Program Files \ Avast4 2008-10-31 09:47 --------- d ----- w C: \ Program Files \ Malwarebytes' Anti-Malware 2008-10-31 09:32 --------- d --- aw C: \ Documents and Settings \ All Users \ Dane aplikacji \ TEMP 2008-10-22 05:10 38.496 ---- aw C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys 2008-10-22 05:10 15.504 ---- aw C: \ WINDOWS \ system32 \ drivers \ mbam.sys 2008-10-09 06:46 --------- d ----- w C: \ Program Files \ PPStream 2008-10-09 03:31 --------- d ----- w C: \ Program Files \ SUPERAntiSpyware 2008-10-09 03:28 --------- d ----- w C: \ Program Files \ Spybot - Search & Destroy 2008-09-18 08:42 --------- d ----- w C: \ Documents and Settings \ Vip \ Dane aplikacji \ Ahead 2008-09-15 12:12 1.846.400 ---- aw C: \ WINDOWS \ system32 \ win32k.sys 2008-09-08 10:41 333.824 ---- aw C: \ WINDOWS \ system32 \ drivers \ Srv.sys 2008-08-28 07:46 74.752 ---- aw C: \ WINDOWS \ system32 \ msw3prt.dll 2008-08-28 07:46 104.960 ---- aw C: \ WINDOWS \ system32 \ Win32spl.dll 2008-08-26 07:24 826.368 ---- aw C: \ WINDOWS \ system32 \ wininet.dll 2008-08-14 10:11 2.189.184 ---- aw C: \ WINDOWS \ system32 \ ntoskrnl.exe 2008-08-14 09:33 2.066.048 ---- aw C: \ WINDOWS \ system32 \ ntkrnlpa.exe 2008-07-29 12:05 32.768 - sha-w C: \ WINDOWS \ system32 \ config \ systemprofile \ Ustawienia lokalne \ Historia \ History.IE5 \ MSHist012008072920080 730 \ index.dat . ((((((((((((((((((((((((((((( Snapshot @ 2008-11-01_ 9.46.14.14 ))))))))))) )))))))))))))))))))))))))))))) . - 2008-10-31 22:41:26 16.384 ---- ATW C: \ WINDOWS \ Temp \ Perflib_Perfdata_570.dat + 2008-11-01 23:26:02 16.384 ---- ATW C: \ WINDOWS \ Temp \ Perflib_Perfdata_570.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Uwaga * puste wpisy & legit domyślne wpisy nie są wyświetlane REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NeroFilterCheck" = "C: \ WINDOWS \ system32 \ NeroCheck.e XE" [2001-07-09 155648] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784] "ATICCC" = "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" [2006-01-02 45056] "avast" = "C: \ Program Files \ Avast4 \ ashDisp.exe" [2008-07-20 78008] [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run] "Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-14 15360] [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ policies \ system] "DisableChangePassword" = 1 (0x1) [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Policies \ Explorer] "NoAutoUpdate" = 1 (0x1) "MaxRecentDocs" = 1 (0x1) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(56F9679E-7826-4C84-81F3-532071A8BCC5)" = "C: \ Program Files \ Windows Desktop Search \ MSNLNamespaceMgr.dll" [2006-04-24 282624] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon] "UIHost" = "C: \ WINDOWS \ system32 \ \ logonuiX.exe" [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2008-10-09 14:31 352256 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ drivers32] "VIDC.I420" = i420vfw.dll "aux" = ctwdm32.dll "VIDC.HFYU = huffyuv.dll "VIDC.X264" = x264vfw.dll "VIDC.3iv2" = 3ivxVfWCodec.dll "VIDC.VP31" = vp31vfw.dll "msacm.l3fhg" = mp3fhg.acm "msacm.ac3filter" = ac3filter.acm [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Start ^ Programy ^ Autostart ^ Adobe Reader Speed Launch.lnk] backup = C: \ WINDOWS \ pss \ Adobe Reader Speed Launch.lnkCommon startowy [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Start ^ Programy ^ Autostart ^ Adobe Reader Synchronizer.lnk] backup = C: \ WINDOWS \ pss \ Adobe Reader Synchronizer.lnkCommon startowy [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Start ^ Programy ^ Autostart ^ WinZip Quick Pick.lnk] backup = C: \ WINDOWS \ pss \ WinZip Quick Pick.lnkCommon startowy [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Menu Start ^ Programy ^ Autostart ^ Azureus Turbo Accelerator.lnk] backup = C: \ WINDOWS \ pss \ Azureus Turbo Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Menu Start ^ Programy ^ Autostart ^ Azureus Ultra Accelerator.lnk] backup = C: \ WINDOWS \ pss \ Azureus Ultra Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Menu Start ^ Programy ^ Autostart ^ BitTorrent Turbo Accelerator.lnk] backup = C: \ WINDOWS \ pss \ BitTorrent Turbo Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Menu Start ^ Programy ^ Autostart ^ eMule Turbo Accelerator.lnk] backup = C: \ WINDOWS \ pss \ eMule Turbo Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Menu Start ^ Programy ^ Autostart ^ LimeWire Na Startup.lnk] backup = C: \ WINDOWS \ pss \ LimeWire Na Startup.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Menu Start ^ Programy ^ Autostart ^ LimeWire Turbo Accelerator.lnk] backup = C: \ WINDOWS \ pss \ LimeWire Turbo Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Menu Start ^ Programy ^ Autostart ^ PowerReg Harmonogram V3.exe] backup = C: \ WINDOWS \ pss \ PowerReg Harmonogram V3.exeStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Menu Start ^ Programy ^ Autostart ^ Rejestracja Tom Clancy's Rainbow Six] backup = C: \ WINDOWS \ pss \ Registration Tom Clancy's Rainbow SixStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Menu Start ^ Programy ^ Autostart ^ SpeedFan.lnk] backup = C: \ WINDOWS \ pss \ SpeedFan.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Menu Start ^ Programy ^ Autostart ^ Thoosje Sidebar.lnk] [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Menu Start ^ Programy ^ Autostart ^ WordWeb.lnk] backup = C: \ WINDOWS \ pss \ WordWeb.lnkStartup HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \! AVG Anti-Spyware HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ BitTorrent HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Boss Key HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ CmCardRun HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ CursorXP HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ EasyTuneVPro HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ iTunesHelper HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ LogonStudio HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ OrderReminder HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ RecordPadRun HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SpeedOptimizer HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ swg HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Veoh [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Adobe Photo Downloader] - a ------ 2005-09-09 01:18 57344 C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ BgMonitor_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)] - a ------ 2006-04-21 18:03 94208 C: \ Program Files \ Common Files \ Ahead \ Lib \ NMBgMonitor.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ DAEMON Tools] - a ------ 2005-12-11 01:57 133016 C: \ Program Files \ DAEMON Tools \ daemon.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ LanguageShortcut] - a ------ 2006-04-13 12:09 49152 C: \ Program Files \ CyberLink \ PowerDVD \ Language \ Language.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ QuickTime Task] - a ------ 2008-03-29 00:37 413696 C: \ Program Files \ K-Lite Codec Pack \ QuickTime \ QTTask.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ RemoteControl] - a ------ 2005-12-07 23:57 30208 C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SpybotSD TeaTimer] -rahs ---- 2008-09-16 12:16 1833296 C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Steam] - a ------ 2008-03-29 09:39 1271032 C: \ Valve \ Steam \ Steam.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Uniblue RegistryBooster 2] - a ------ 2007-12-05 16:06 1885464 C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Uniblue SpeedUpMyPC] - a ------ 2008-01-29 09:46 9442584 C: \ Program Files \ Uniblue \ SpeedUpMyPC 3 \ SpeedUpMyPC.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ WinampAgent] - a ------ 2008-04-02 05:49 36352 C: \ Program Files \ Winamp \ winampa.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ BluetoothAuthenticationA gent] - a ------ 2008-04-14 06:42 110592 C: \ WINDOWS \ system32 \ polecenie bthprops.cpl [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ C-Media Mixer] - a ------ 2003-03-20 17:21 1855488 C: \ WINDOWS \ mixer.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ services] "WMPNetworkSvc" = 3 (0x3) "gusvc" = 3 (0x3) "RichVideo" = 2 (0x2) "BthServ" = 2 (0x2) "iPod Service" = 3 (0x3) "Apple Mobile Device" = 2 (0x2) "LiveUpdate Notice Service" = 2 (0x2) "VideoAcceleratorEngine" = 3 (0x3) "MDM" = 2 (0x2) "IDriverT" = 3 (0x3) "aawservice" = 3 (0x3) "PDEngine" = 3 (0x3) "PDAgent" = 3 (0x3) "Pml Driver HPZ12" = 3 (0x3) "CPUCooLServer" = 2 (0x2) "usnjsvc" = 3 (0x3) "AdobeActiveFileMonitor4.0" = 2 (0x2) "WLSetupSvc" = 3 (0x3) "cmdAgent" = 2 (0x2) "FLEXnet Licensing Service" = 3 (0x3) "Bonjour Service" = 2 (0x2) "ose" = 3 (0x3) [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecFirewall] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ system32 \ \ Sessmgr.exe" = "C: \ Program Files \ \ DAP \ \ DAP.exe" = "C: \ Program Files \ \ Messenger \ \ msmsgs.exe" = "<NO Nazwa" = "C: \ Program Files \ \ PPStream \ \ PPStream.exe" "C: \ Program Files \ \ PPStream \ \ PPStream.exe "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "C: \ Program Files \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" = "C: \ Program Files \ \ Windows Live \ \ Messenger \ \ livecall.exe" = "C: \ Program Files \ \ UT2004 \ System \ \ UT2004.exe" = "C: \ Program Files \ \ DeusEx \ \ System \ \ DeusEx.exe" = [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "3389: TCP" = 3389: TCP: *: Disabled: @ Xpsp2res.dll, -22009 "15394: TCP" = 15394: TCP: *: Disabled: BitComet 15394 TCP "15394: UDP" = 15394: UDP: *: Disabled: BitComet 15394 UDP "6555: TCP" = 6555: TCP: *: Disabled: BitComet 6555 TCP "6555: UDP" = 6555: UDP: *: Disabled: BitComet 6555 UDP R1 aswSP; avast! Self Protection; C: \ WINDOWS \ system32 \ drivers \ aswSP.sys [2008-07-20 78416] R1 atitray; atitray; C: \ Program Files \ Ray Adams \ ATI Tray Tools \ atitray.sys [2007-05-22 18088] R2 aswFsBlk; aswFsBlk; C: \ WINDOWS \ system32 \ DRIVERS \ aswF sBlk.sys [2008-07-20 20560] R2 ROCKEYNT; ROCKEYNT; C: \ WINDOWS \ system32 \ drivers \ Rock eynt.sys [2005-01-04 18223] R2 SBKUPNT; SBKUPNT; C: \ WINDOWS \ system32 \ drivers \ SBKUPN T. SYS [2001-07-13 14976] S3 motccgp; Motorola USB Composite Device Driver; C: \ WINDOWS \ system32 \ DRIVERS \ motccgp.sys [2007-06-18 17920] S3 motccgpfl; MotCcgpFlService; C: \ WINDOWS \ system32 \ DRI VERS \ motccgpfl.sys [2007-01-22 7680] S3 MotDev; Motorola Inc USB Device; C: \ WINDOWS \ system32 \ DRIVERS \ motodrv.sys [2007-05-07 42112] S3 RTLWUSB; WG111v2 NETGEAR 54Mbps Wireless USB 2.0 Adapter NT Driver; C: \ WINDOWS \ system32 \ DRIVERS \ wg111v2.sys [2006-03-16 167808] S3 XDva042; XDva042; C: \ WINDOWS \ system32 \ XDva042.sys [] . Zawartość programu "Zaplanowane zadania" folder 2008-10-01 C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2007-08-29 14:57] 2008-10-27 C: \ WINDOWS \ Tasks \ Uniblue SpeedUpMyPC Nag.job - C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe [] 2007-05-14 C: \ WINDOWS \ Tasks \ Uniblue SpeedUpMyPC.job - C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe [] 2008-10-25 C: \ WINDOWS \ Tasks \ Uniblue SpyEraser Nag.job - C: \ Program Files \ Uniblue \ SpyEraser \ SpyEraser.exe [] . ************************************************** ************************ catchme 0.3.1367 W2K/XP/Vista - Rootkit / stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-02 10:39:31 Windows 5.1.2600 Service Pack 3 dla systemu plików NTFS skanowanie ukrytych procesów ... skanowanie ukrytych autostart entries ... skanowanie ukrytych plików ... skanowanie zakończone pomyślnie ukryte pliki: 0 ************************************************** ************************ . Zakończenie czas: 2008-11-02 10:41:44 ComboFix-kwarantannę-files.txt 2008-11-01 23:41:32 ComboFix2.txt 2008-10-31 22:47:05 Pre-Run: 17222828032 bytes wolny Post-Run: 17200967680 bytes wolny 233 --- EOF --- 2008-10-24 09:01:23 __________________________________________________ _________________________ HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Skanowanie zapisany na 10:50:19, na 2/11/2008 Platforma: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Uruchamianie procesów: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ Services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ Program Files \ Avast4 \ aswUpdSv.exe C: \ Program Files \ Avast4 \ ashServ.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ system32 \ SearchIndexer.exe C: \ Program Files \ Avast4 \ ashMaiSv.exe C: \ Program Files \ Avast4 \ ashWebSv.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ ctfmon.exe C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ Program Files \ Avast4 \ ashDisp.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ WINDOWS \ explorer.exe C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe C: \ Documents and Settings \ Vip \ Desktop \ HiJackThis.exe R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com.hk/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = local O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll O2 - BHO: RealPlayer Download i Zapis Plugin dla programu Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file) O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [ATICCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" runtime-Delay O4 - HKLM \ .. \ Run: [avast] C: \ Program Files \ Avast4 \ ashDisp.exe O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE') O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM') O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user') O8 - Dodatkowe menu kontekstowego pozycję: & Clean Traces - C: \ Program Files \ DAP \ Privacy Package \ dapcleanerie.htm O8 - Dodatkowe menu kontekstowego pozycję: Pobierz z & & DAP - C: \ Program Files \ DAP \ dapextie.htm O8 - Dodatkowe menu kontekstowego pozycję: Download & all with DAP - C: \ Program Files \ DAP \ dapextie2.htm O8 - Extra kontekście menu: E & ksportuj do programu Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ EXCEL.EXE/3000 O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ REFIEBAR.DLL O9 - Extra button: QQ - (c95fe080-8f5d-11d2-a20b-00aa003c157b) - C: \ WINDOWS \ system32 \ shdocvw.dll O9 - Extra 'Tools' menuitem:? QQ - (c95fe080-8f5d-11d2-a20b-00aa003c157b) - C: \ WINDOWS \ system32 \ shdocvw.dll O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) -- http://by107fd.bay107.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) -- http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://update.microsoft.com/microsof...?1133040258574 O16 - DPF: (8E0D4DE5-3180-4024-A327-4DFAD1796A8D) -- http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) -- http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Avast4 \ aswUpdSv.exe O23 - Service: Ati Hotkey Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C: \ WINDOWS \ system32 \ ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Avast4 \ ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashWebSv.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe -- End of file - 6734 bytes
__________________ HI:) |
|
#8
2 listopada 2008, 05:29
| |||
| |||
| Mum pobrać coś Cześć Oba te pliki nie zostały uznane przez combofix, więc tak naprawdę nie oczekują ich tam być. W jaki sposób system działa teraz? Let's przeprowadzić skanowanie online. Przeprowadź skanowanie online z Panda ActiveScan
|
|
#9
3 listopada 2008, 03:07
| |||
| |||
| Mum pobrać coś Cytat:
__________________ HI:) |
|
#10
5 listopada 2008, 07:45
| |||
| |||
| Mum pobrać coś Hi again Przepraszamy za nie powrocie do Ciebie wcześniej - prawdziwego życia jest raczej zajęty w tej chwili. W jaki sposób system działa teraz? Tylko jest PowerRegScheduler - można usunąć, jeśli chcesz. |
