Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
HijackThis i Combo proszę o sprawdzenie
19 Cze 2009, 11:00
proszę niech mi ktoś sprawdzi ten log wyskakują mi takie błędy jak na screenie czasem pojedynczo a czasem jeszcze inne komp strasznie zamula
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:28, on 2009-06-19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\spoolsv.exe
C:\windows\explorer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\winlogon.exe
C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
C:\Program Files\Eset\nod32krn.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\windows\system32\svchost.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Opera\opera.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=explorer.exe C:\RECYCLER\Internet.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [winlogon] C:\WINDOWS\winlogon.exe
O4 - HKCU\..\Run: [SpeedX] C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: D-Link AirPlus.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx
O16 - DPF: {4D21BDFC-A621-4DE6-87DA-7C952D0ADF7E} (P00RecImageCtrl Class) - http://www.bochnia.pl/push04.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
--
End of file - 7043 bytes
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
ComboFix 09-06-18.02 - Paweł 2009-06-19 11:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.511.186 [GMT 2:00]
Uruchomiony z: D:\ComboFix.exe
* Rezydentny antywirus jest aktywny
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\myglobalsearch
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
c:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
c:\program files\myglobalsearch\bar\1.bin\MGSBAR.DLL
c:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
c:\program files\myglobalsearch\bar\Cache\0040B28F.bin
c:\program files\myglobalsearch\bar\Cache\0040B56E.bin
c:\program files\myglobalsearch\bar\Cache\0040C29D.bin
c:\program files\myglobalsearch\bar\Cache\0046FE51
c:\program files\myglobalsearch\bar\Cache\files.ini
c:\program files\myglobalsearch\bar\History\search
c:\program files\myglobalsearch\bar\Settings\prevcfg.htm
c:\windows\system32\_000007_.tmp.dll
c:\windows\winlogon.exe
----- BITS: Możliwe zainfekowane strony -----
hxxp://www.hhdsoftware.com
.
((((((((((((((((((((((((( Pliki utworzone od 2009-05-19 do 2009-06-19 )))))))))))))))))))))))))))))))
.
2009-06-19 08:50 . 2009-06-19 08:50 -------- d-----w- c:\program files\Trend Micro
2009-06-17 18:14 . 2009-06-17 18:15 -------- d-----w- c:\program files\Nowy folder
2009-06-16 09:20 . 2009-06-16 09:21 -------- d-----w- c:\program files\CCleaner
2009-06-14 22:03 . 2009-06-14 22:03 -------- d-----w- c:\program files\MyPortal
2009-06-12 15:37 . 2006-07-04 15:17 53921 ----a-w- c:\windows\system32\drivers\hid7906.sys
2009-06-12 15:29 . 2009-06-15 04:50 -------- d-----w- c:\documents and settings\Pawe
2009-06-12 15:29 . 2009-06-12 15:29 -------- d-----w- c:\documents and settings\Pawe\Dane aplikacji
2009-06-04 11:25 . 2009-06-12 17:23 -------- d-sh--w- C:\found.001
2009-06-01 14:24 . 2009-06-01 14:24 -------- d-----w- c:\program files\Microsoft WSE
2009-05-28 19:09 . 2009-06-13 11:52 -------- d-----w- c:\program files\Mousotron
2009-05-28 15:19 . 2009-06-13 11:52 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NFS Underground
2009-05-27 14:29 . 2009-05-27 14:29 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-05-27 14:29 . 2009-06-13 11:52 -------- d-----w- c:\program files\Hamachi
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-16 20:28 . 2009-02-10 19:36 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2009-06-15 19:52 . 2008-08-17 12:36 137928 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-15 19:49 . 2008-08-17 12:36 189768 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-13 11:58 . 2008-02-27 12:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-13 11:56 . 2009-02-02 20:15 -------- d-----w- c:\program files\DivX
2009-06-13 11:56 . 2009-05-09 13:40 -------- d-----w- c:\program files\NAPI-PROJEKT
2009-06-13 11:54 . 2008-02-28 13:58 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-16 17:02 . 2009-05-16 17:02 -------- d-----w- c:\program files\Roxio
2009-05-11 16:07 . 2009-05-11 16:07 14 ----a-w- c:\windows\popcinfot.dat
2009-05-04 13:24 . 2009-05-04 13:23 -------- d-----w- c:\program files\Google
2009-05-03 08:23 . 2009-05-03 08:15 -------- d-----w- c:\program files\4Musics MP3 Bitrate Changer
2009-05-02 22:22 . 2009-05-02 22:22 -------- d-----w- c:\program files\Illustrate
2009-05-02 22:22 . 2009-05-02 22:22 5433520 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-05-02 21:09 . 2009-05-02 21:09 -------- d-----w- c:\program files\Common Files\Xing Shared
2009-05-02 21:09 . 2009-05-02 21:09 -------- d-----w- c:\program files\Xing
2009-05-02 19:27 . 2009-05-02 11:32 -------- d-----w- c:\program files\AnMing
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-27 15:21 . 2008-12-30 16:25 -------- d-----w- c:\program files\QuickTime
2009-04-27 15:20 . 2008-12-30 16:25 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Apple Computer
2009-04-27 14:32 . 2008-07-23 12:33 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Nero
2009-04-27 14:32 . 2009-02-28 16:47 -------- d-----w- c:\program files\Common Files\Nero
2009-04-25 17:24 . 2009-03-26 22:42 -------- d-----w- c:\program files\Activision
2009-03-29 11:48 . 2003-04-16 12:00 461370 ----a-w- c:\windows\system32\perfh015.dat
2009-03-29 11:48 . 2003-04-16 12:00 80664 ----a-w- c:\windows\system32\perfc015.dat
2009-03-26 17:37 . 2008-08-17 12:35 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"SpeedX"="c:\progra~1\MyPortal\Speed-X\SpeedX.exe" [2006-06-27 46718]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-02-27 921600]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
c:\documents and settings\Pawe\Menu Start\Programy\Autostart\
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]
D-Link AirPlus.lnk - c:\program files\D-Link AirPlus\AirPlus.exe [2008-2-29 262144]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 6"
[HKLM\~\startupfolder\C:^Documents and Settings^Paweł^Menu Start^Programy^Autostart^Super internet TV Updater.exe]
path=c:\documents and settings\Paweł\Menu Start\Programy\Autostart\Super internet TV Updater.exe
backup=c:\windows\pss\Super internet TV Updater.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Program Files\\EA Sports\\FIFA 08\\FIFA08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre1.6.0_06\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"d:\\Program Files\\PacSteamT\\SteamApps\\common\\zuma deluxe\\Zuma.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"d:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe"=
"d:\\Program Files\\Techland\\FIM Speedway GP3\\sgp3.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-07-31 20616]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [2009-03-11 78848]
R3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM);c:\windows\system32\drivers\vacs2xkd.sys [2009-05-03 42880]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-05-03 16512]
S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\PAWE~1\USTAWI~1\Temp\ewdmaudn.sys --> c:\docume~1\PAWE~1\USTAWI~1\Temp\ewdmaudn.sys [?]
S3 hid7906;hid7906;c:\windows\system32\drivers\hid7906.sys [2009-06-12 53921]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 26248]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
Notify-WgaLogon - (no file)
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\windows\system32\imon.dll
DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.eska.pl/streamplayers/OggX.ocx
DPF: {4D21BDFC-A621-4DE6-87DA-7C952D0ADF7E} - hxxp://www.bochnia.pl/push04.cab
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath -
.
.
------- Skojarzenia plików -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-19 11:20
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-1220945662-1972579041-1417001333-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f7,9b,14,e9,72,0e,f9,05,10,9f,df,85,e7,6a,f4,08,14,e6,3d,06,3a,22,c8,
92,34,71,43,89,0b,e5,11,57,7b,bc,48,fd,af,b2,c9,31,f4,0a,1d,c4,39,6b,3e,a6,\
"??"=hex:5f,97,28,fc,56,77,7a,6a,1e,27,8f,ff,2c,db,1a,aa
[HKEY_USERS\S-1-5-21-1220945662-1972579041-1417001333-1003\Software\SecuROM\License information*]
"datasecu"=hex:eb,7b,db,08,64,6f,4c,c0,bf,55,d9,69,20,0c,8b,88,03,8d,91,cd,e4,
91,c6,6f,c9,e7,8b,3b,b5,73,b8,fd,19,f0,de,56,b4,25,0d,33,ca,d4,95,a9,e0,f4,\
"rkeysecu"=hex:77,2c,b4,d3,40,d2,fc,8b,ac,0c,12,3b,02,16,12,24
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(848)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Czas ukończenia: 2009-06-19 11:25
ComboFix-quarantined-files.txt 2009-06-19 09:25
Przed: 5 384 003 584 bajtów wolnych
Po: 6 203 518 976 bajtów wolnych
186 --- E O F --- 2008-06-29 19:26
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:28, on 2009-06-19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\spoolsv.exe
C:\windows\explorer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\winlogon.exe
C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
C:\Program Files\Eset\nod32krn.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\windows\system32\svchost.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Opera\opera.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=explorer.exe C:\RECYCLER\Internet.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [winlogon] C:\WINDOWS\winlogon.exe
O4 - HKCU\..\Run: [SpeedX] C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: D-Link AirPlus.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx
O16 - DPF: {4D21BDFC-A621-4DE6-87DA-7C952D0ADF7E} (P00RecImageCtrl Class) - http://www.bochnia.pl/push04.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
--
End of file - 7043 bytes
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
ComboFix 09-06-18.02 - Paweł 2009-06-19 11:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.511.186 [GMT 2:00]
Uruchomiony z: D:\ComboFix.exe
* Rezydentny antywirus jest aktywny
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\myglobalsearch
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
c:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
c:\program files\myglobalsearch\bar\1.bin\MGSBAR.DLL
c:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
c:\program files\myglobalsearch\bar\Cache\0040B28F.bin
c:\program files\myglobalsearch\bar\Cache\0040B56E.bin
c:\program files\myglobalsearch\bar\Cache\0040C29D.bin
c:\program files\myglobalsearch\bar\Cache\0046FE51
c:\program files\myglobalsearch\bar\Cache\files.ini
c:\program files\myglobalsearch\bar\History\search
c:\program files\myglobalsearch\bar\Settings\prevcfg.htm
c:\windows\system32\_000007_.tmp.dll
c:\windows\winlogon.exe
----- BITS: Możliwe zainfekowane strony -----
hxxp://www.hhdsoftware.com
.
((((((((((((((((((((((((( Pliki utworzone od 2009-05-19 do 2009-06-19 )))))))))))))))))))))))))))))))
.
2009-06-19 08:50 . 2009-06-19 08:50 -------- d-----w- c:\program files\Trend Micro
2009-06-17 18:14 . 2009-06-17 18:15 -------- d-----w- c:\program files\Nowy folder
2009-06-16 09:20 . 2009-06-16 09:21 -------- d-----w- c:\program files\CCleaner
2009-06-14 22:03 . 2009-06-14 22:03 -------- d-----w- c:\program files\MyPortal
2009-06-12 15:37 . 2006-07-04 15:17 53921 ----a-w- c:\windows\system32\drivers\hid7906.sys
2009-06-12 15:29 . 2009-06-15 04:50 -------- d-----w- c:\documents and settings\Pawe
2009-06-12 15:29 . 2009-06-12 15:29 -------- d-----w- c:\documents and settings\Pawe\Dane aplikacji
2009-06-04 11:25 . 2009-06-12 17:23 -------- d-sh--w- C:\found.001
2009-06-01 14:24 . 2009-06-01 14:24 -------- d-----w- c:\program files\Microsoft WSE
2009-05-28 19:09 . 2009-06-13 11:52 -------- d-----w- c:\program files\Mousotron
2009-05-28 15:19 . 2009-06-13 11:52 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NFS Underground
2009-05-27 14:29 . 2009-05-27 14:29 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-05-27 14:29 . 2009-06-13 11:52 -------- d-----w- c:\program files\Hamachi
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-16 20:28 . 2009-02-10 19:36 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2009-06-15 19:52 . 2008-08-17 12:36 137928 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-15 19:49 . 2008-08-17 12:36 189768 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-13 11:58 . 2008-02-27 12:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-13 11:56 . 2009-02-02 20:15 -------- d-----w- c:\program files\DivX
2009-06-13 11:56 . 2009-05-09 13:40 -------- d-----w- c:\program files\NAPI-PROJEKT
2009-06-13 11:54 . 2008-02-28 13:58 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-16 17:02 . 2009-05-16 17:02 -------- d-----w- c:\program files\Roxio
2009-05-11 16:07 . 2009-05-11 16:07 14 ----a-w- c:\windows\popcinfot.dat
2009-05-04 13:24 . 2009-05-04 13:23 -------- d-----w- c:\program files\Google
2009-05-03 08:23 . 2009-05-03 08:15 -------- d-----w- c:\program files\4Musics MP3 Bitrate Changer
2009-05-02 22:22 . 2009-05-02 22:22 -------- d-----w- c:\program files\Illustrate
2009-05-02 22:22 . 2009-05-02 22:22 5433520 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-05-02 21:09 . 2009-05-02 21:09 -------- d-----w- c:\program files\Common Files\Xing Shared
2009-05-02 21:09 . 2009-05-02 21:09 -------- d-----w- c:\program files\Xing
2009-05-02 19:27 . 2009-05-02 11:32 -------- d-----w- c:\program files\AnMing
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-27 15:21 . 2008-12-30 16:25 -------- d-----w- c:\program files\QuickTime
2009-04-27 15:20 . 2008-12-30 16:25 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Apple Computer
2009-04-27 14:32 . 2008-07-23 12:33 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Nero
2009-04-27 14:32 . 2009-02-28 16:47 -------- d-----w- c:\program files\Common Files\Nero
2009-04-25 17:24 . 2009-03-26 22:42 -------- d-----w- c:\program files\Activision
2009-03-29 11:48 . 2003-04-16 12:00 461370 ----a-w- c:\windows\system32\perfh015.dat
2009-03-29 11:48 . 2003-04-16 12:00 80664 ----a-w- c:\windows\system32\perfc015.dat
2009-03-26 17:37 . 2008-08-17 12:35 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"SpeedX"="c:\progra~1\MyPortal\Speed-X\SpeedX.exe" [2006-06-27 46718]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-02-27 921600]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
c:\documents and settings\Pawe\Menu Start\Programy\Autostart\
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]
D-Link AirPlus.lnk - c:\program files\D-Link AirPlus\AirPlus.exe [2008-2-29 262144]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 6"
[HKLM\~\startupfolder\C:^Documents and Settings^Paweł^Menu Start^Programy^Autostart^Super internet TV Updater.exe]
path=c:\documents and settings\Paweł\Menu Start\Programy\Autostart\Super internet TV Updater.exe
backup=c:\windows\pss\Super internet TV Updater.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Program Files\\EA Sports\\FIFA 08\\FIFA08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre1.6.0_06\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"d:\\Program Files\\PacSteamT\\SteamApps\\common\\zuma deluxe\\Zuma.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"d:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe"=
"d:\\Program Files\\Techland\\FIM Speedway GP3\\sgp3.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-07-31 20616]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [2009-03-11 78848]
R3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM);c:\windows\system32\drivers\vacs2xkd.sys [2009-05-03 42880]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-05-03 16512]
S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\PAWE~1\USTAWI~1\Temp\ewdmaudn.sys --> c:\docume~1\PAWE~1\USTAWI~1\Temp\ewdmaudn.sys [?]
S3 hid7906;hid7906;c:\windows\system32\drivers\hid7906.sys [2009-06-12 53921]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 26248]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
Notify-WgaLogon - (no file)
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\windows\system32\imon.dll
DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.eska.pl/streamplayers/OggX.ocx
DPF: {4D21BDFC-A621-4DE6-87DA-7C952D0ADF7E} - hxxp://www.bochnia.pl/push04.cab
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath -
.
.
------- Skojarzenia plików -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-19 11:20
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-1220945662-1972579041-1417001333-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f7,9b,14,e9,72,0e,f9,05,10,9f,df,85,e7,6a,f4,08,14,e6,3d,06,3a,22,c8,
92,34,71,43,89,0b,e5,11,57,7b,bc,48,fd,af,b2,c9,31,f4,0a,1d,c4,39,6b,3e,a6,\
"??"=hex:5f,97,28,fc,56,77,7a,6a,1e,27,8f,ff,2c,db,1a,aa
[HKEY_USERS\S-1-5-21-1220945662-1972579041-1417001333-1003\Software\SecuROM\License information*]
"datasecu"=hex:eb,7b,db,08,64,6f,4c,c0,bf,55,d9,69,20,0c,8b,88,03,8d,91,cd,e4,
91,c6,6f,c9,e7,8b,3b,b5,73,b8,fd,19,f0,de,56,b4,25,0d,33,ca,d4,95,a9,e0,f4,\
"rkeysecu"=hex:77,2c,b4,d3,40,d2,fc,8b,ac,0c,12,3b,02,16,12,24
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(848)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Czas ukończenia: 2009-06-19 11:25
ComboFix-quarantined-files.txt 2009-06-19 09:25
Przed: 5 384 003 584 bajtów wolnych
Po: 6 203 518 976 bajtów wolnych
186 --- E O F --- 2008-06-29 19:26
Re: HijackThis i Combo proszę o sprawdzenie
19 Cze 2009, 14:33
Pobierz Malwarebytes' Anti-Malware Uruchom pełne skanowanie. Jeżeli coś znajdzie, to usuń. Następnie daj log na forum.
Przeskanuj system programem SDFix i daj raport z niego. Instrukcja
otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967.html
Przeskanuj obszar całego systemu Dr.WEB CureIt!
Po tym daj nowy log z Combofixa.
Przeskanuj system programem SDFix i daj raport z niego. Instrukcja
otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967.htmlPrzeskanuj obszar całego systemu Dr.WEB CureIt!
Po tym daj nowy log z Combofixa.