Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
Oczyszczacz komputera, IE sam sie zamyka, Firefox brak www
20 Cze 2008, 15:49
Witam,
niestety cos sie przyczepilo na dobre uniemozliwiajac prace na pc.
zalaczam logi z gory dziekujac za pomoc w rozwiazaniu problemu.
pozdrawiam
[code]ComboFix 08-06-19.2 - home 2008-06-20 10:13:18.1 - NTFSx86
ausgeführt von:: C:\rafal\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMb3562b65.xml
C:\WINDOWS\explorer.exe.tmp
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cdyoidex.ini
C:\WINDOWS\system32\cwqbfssw.dll
C:\WINDOWS\system32\EfMpAJlm.ini
C:\WINDOWS\system32\EfMpAJlm.ini2
C:\WINDOWS\system32\giirggqa.exe
C:\WINDOWS\system32\hbgxesxs.exe
C:\WINDOWS\system32\myudavnk.dll
C:\WINDOWS\system32\qqqjsywt.dll
C:\WINDOWS\system32\sooyxpcy.ini
C:\WINDOWS\system32\tuncynxt.exe
C:\WINDOWS\system32\xedioydc.dll
C:\WINDOWS\system32\yjrvvins.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Legacy_XPROTECTOR
-------\Service_NPF
-------\Service_XPROTECTOR
((((((((((((((((((((((( Dateien erstellt von 2008-05-20 bis 2008-06-20 ))))))))))))))))))))))))))))))
.
2008-06-17 20:54 . 2008-06-17 20:54 <DIR> d-------- C:\Dokumente und Einstellungen\home\Anwendungsdaten\ipla
2008-06-17 20:54 . 2008-06-17 20:54 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ipla
2008-06-17 20:42 . 2003-08-29 00:55 423,424 --a------ C:\WINDOWS\system32\WMAVDS32.ax
2008-06-17 20:41 . 2008-06-19 22:42 <DIR> d-------- C:\Programme\IPLA
2008-06-05 15:42 . 2008-06-05 15:42 <DIR> d-------- C:\Programme\TomTom DesktopSuite
2008-06-05 13:47 . 2008-06-05 13:47 <DIR> d-------- C:\Programme\Trend Micro
2008-06-05 13:16 . 2008-06-05 13:16 <DIR> d-------- C:\Programme\CCleaner
2008-06-04 23:27 . 2008-06-04 23:37 <DIR> d-------- C:\Programme\CeRegEditor
2008-06-04 18:07 . 2008-06-04 18:08 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-04 18:05 . 2004-09-18 10:58 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Vorlagen
2008-06-04 18:05 . 2004-09-18 11:49 <DIR> dr------- C:\Dokumente und Einstellungen\Administrator\Startmen
2008-06-04 18:05 . 2004-09-18 11:49 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung
2008-06-04 18:05 . 2004-09-18 11:49 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen
2008-06-04 18:05 . 2004-09-18 11:49 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Favoriten
2008-06-04 18:05 . 2004-09-18 11:49 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Druckumgebung
2008-06-04 18:05 . 2004-09-18 11:49 <DIR> dr-h----- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten
2008-06-04 18:05 . 2008-06-04 18:05 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator
2008-06-04 17:58 . 2008-06-04 18:36 <DIR> d-------- C:\SDFix
2008-06-04 17:34 . 2008-06-04 17:37 <DIR> d-------- C:\Programme\Panda Security
2008-06-04 17:16 . 2008-06-04 17:16 <DIR> d-------- C:\Programme\Opera
2008-05-29 12:52 . 2008-05-29 12:52 <DIR> d-------- C:\Programme\MagicISO
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 05:58 --------- d-----w C:\Dokumente und Einstellungen\home\Anwendungsdaten\uTorrent
2008-06-06 14:08 --------- d-----w C:\Programme\Microsoft ActiveSync
2008-06-05 12:36 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-06-05 11:29 --------- d-----w C:\Programme\GetRight
2008-06-04 16:52 --------- d-----w C:\Programme\Spybot - Search & Destroy
2008-05-23 20:05 --------- d-----w C:\Programme\uTorrent
2008-05-21 10:37 --------- d-----w C:\Programme\Subdownloader
2008-05-07 20:00 --------- d-----w C:\Programme\MKVtoolnix
2008-05-07 13:38 --------- d-----w C:\Programme\OpenOffice.org1.1.4
2008-05-06 11:06 --------- d-----w C:\Programme\Burrrn
2007-11-04 22:00 28,528 ----a-w C:\Dokumente und Einstellungen\home\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2006-06-13 13:45 732 ---ha-w C:\Dokumente und Einstellungen\home\hpothb07.dat
2005-03-13 18:02 36 ----a-w C:\Dokumente und Einstellungen\home\klextlock.dat
2000-06-05 15:47 32,768 ----a-w C:\Programme\mozilla firefox\plugins\AppSub32.dll
2006-08-14 22:58 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
2005-05-01 09:44 56 --sh--r C:\WINDOWS\system32\65B677F65A.sys
2007-03-11 20:48 13,198 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{820D1A4F-36FC-49C1-B783-B0BBD58FBD9A}]
C:\WINDOWS\system32\mlJApMfE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:57 15360]
"H/PC Connection Agent"="C:\Programme\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 16:57 1289000]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="C:\WINDOWS\Hcontrol.exe" [2002-01-08 15:22 53248]
"SynTPLpr"="C:\Programme\Synaptics\SynTP\SynTPLpr.exe" [2003-12-12 14:14 110592]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2003-12-12 14:14 618496]
"ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-03 22:10 339968]
"emMON"="HCWemMON.exe" [2006-05-31 11:24 61440 C:\WINDOWS\HCWemMON.exe]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 11:29 40960]
"b06518f9"="C:\WINDOWS\system32\ycpxyoos.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2004-08-04 00:57 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"vidc.dvsd"= pdvcodec.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Tlen.pl\\tlen.exe"=
"C:\\Programme\\SJLabs\\SJphone\\SJphone.exe"=
"C:\\Programme\\BPFTP Server\\bpftpserver.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Programme\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"C:\Programme\Microsoft ActiveSync\rapimgr.exe"= C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Programme\Microsoft ActiveSync\wcescomm.exe"= C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe"= C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Programme\\Gadu-Gadu\\gg.exe"=
"C:\\Programme\\uTorrent\\uTorrent.exe"=
"C:\\Programme\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"C:\\Programme\\Mozilla Firefox\\firefox.exe"=
"C:\\Programme\\NAPI-PROJEKT\\napisy.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule_tcp
"4672:UDP"= 4672:UDP:emule_udp
"17173:TCP"= 17173:TCP:BitComet 17173 TCP
"17173:UDP"= 17173:UDP:BitComet 17173 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys [2003-06-26 10:45]
R1 ts_lb;ts_lb;C:\WINDOWS\system32\drivers\ts_lb.sys [2006-02-08 22:17]
R2 port_nt;port_nt;c:\windows\system32\drivers\port_nt.sys [2000-10-24 00:00]
R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2005-04-13 16:56]
S3 CV2K1;CommView Network Monitor;C:\WINDOWS\system32\DRIVERS\cv2k1.sys [2006-04-29 00:31]
S3 GC75CFlt;GC75 MCL Filter;C:\WINDOWS\system32\DRIVERS\gc75cflt.sys [2002-09-24 11:30]
S3 GvCOMM;GC75 Multi Channel Link;C:\WINDOWS\system32\DRIVERS\gvcomm.sys [2002-09-24 11:30]
S3 ulusba;NEC 616 Command Port Driver;C:\WINDOWS\system32\DRIVERS\ulusba.sys [2003-06-23 03:00]
S3 ulusbc;NEC 616 CONTROL Driver;C:\WINDOWS\system32\DRIVERS\ulusbc.sys [2003-06-23 03:00]
S3 ulusbe;NEC 616 ENUMERATION Driver;C:\WINDOWS\system32\DRIVERS\ulusbe.sys [2003-06-23 03:00]
S3 ulusbm;NEC 616 Modem Driver;C:\WINDOWS\system32\DRIVERS\ulusbm.sys [2003-06-23 03:00]
S3 ulusbo;NEC 616 OBEX Port Driver;C:\WINDOWS\system32\DRIVERS\ulusbo.sys [2003-07-24 03:00]
S3 USB28xxBGA;WinTV HVR-900;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-09-13 11:21]
S3 USB28xxOEM;WinTV OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-09-13 11:21]
S3 WLAN_USB;Wireless LAN USB Driver;C:\WINDOWS\system32\DRIVERS\MA111nd5.sys [2004-09-29 11:31]
S3 WlanUIB;NETGEAR 802.11b USB Driver;C:\WINDOWS\system32\DRIVERS\MA111nd5.sys [2004-09-29 11:31]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [2001-01-03 00:53]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8354ce3-9d3c-11d9-be95-00042391c9ec}]
\Shell\AutoRun\command - J:\InstallTomTomHOME.exe
.
Inhalt des "geplante Tasks" Ordners
"2006-09-12 15:05:13 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1147186029.job"
- C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************[/code]
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [nofollow]http://www.gmer.net[/nofollow]
Rootkit scan 2008-06-20 10:22:34
Windows 5.1.2600 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostart Eintr„ge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\System32\CSCDLL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Programme\Gemeinsame Dateien\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\ATKOSD.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-06-20 10:30:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-20 08:30:23
32 Verzeichnis(se), 2,280,312,832 Bytes frei
34 Verzeichnis(se), 2,286,755,840 Bytes frei
178 --- E O F --- 2007-10-10 02:02:08
------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:55, on 2008-06-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\Hcontrol.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\HCWemMON.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\ATKOSD.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = hxxp://isa.omega.szn.pl:8080/wpad.dat
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programme\GetRight\xx2gr.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programme\Desktop Sidebar\sbhelp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\cgmopenbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {820D1A4F-36FC-49C1-B783-B0BBD58FBD9A} - C:\WINDOWS\system32\mlJApMfE.dll (file missing)
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Programme\Gemeinsame Dateien\justDo\Jd2002.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\Hcontrol.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [emMON] HCWemMON.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [b06518f9] rundll32.exe "C:\WINDOWS\system32\ycpxyoos.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O4 - Global Startup: AutoStart IR.lnk = C:\Programme\WinTV\Ir.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Download Flash Files - C:\PROGRA~1\Leesoft\FLASHH~1\save.htm
O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Programme\Gemeinsame Dateien\justDo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Programme\Desktop Sidebar\sbhelp.dll/menuhandler.html
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Programme\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Programme\Gemeinsame Dateien\justDo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Programme\Gemeinsame Dateien\justDo\IECatcher.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Flash Hunter - {6163F81A-7F01-45E1-996C-EDCA4388941E} - C:\PROGRA~1\Leesoft\FLASHH~1\save.htm (HKCU)
O9 - Extra 'Tools' menuitem: &Flash Hunter - {6163F81A-7F01-45E1-996C-EDCA4388941E} - C:\PROGRA~1\Leesoft\FLASHH~1\save.htm (HKCU)
O16 - DPF: {2DF91772-19DC-47AE-B52F-B8E2FE545625} (Spd2 Class) - hxxp://www.lemontv.pl/lmctrls.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - hxxp://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - hxxp://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - hxxp://skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B76B7A1-E5DF-4DA4-9676-3E4FBD27EF65}: NameServer = 192.168.0.1
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Programme\Gemeinsame Dateien\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 8374 bytes
[/code]
niestety cos sie przyczepilo na dobre uniemozliwiajac prace na pc.
zalaczam logi z gory dziekujac za pomoc w rozwiazaniu problemu.
pozdrawiam
[code]ComboFix 08-06-19.2 - home 2008-06-20 10:13:18.1 - NTFSx86
ausgeführt von:: C:\rafal\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMb3562b65.xml
C:\WINDOWS\explorer.exe.tmp
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cdyoidex.ini
C:\WINDOWS\system32\cwqbfssw.dll
C:\WINDOWS\system32\EfMpAJlm.ini
C:\WINDOWS\system32\EfMpAJlm.ini2
C:\WINDOWS\system32\giirggqa.exe
C:\WINDOWS\system32\hbgxesxs.exe
C:\WINDOWS\system32\myudavnk.dll
C:\WINDOWS\system32\qqqjsywt.dll
C:\WINDOWS\system32\sooyxpcy.ini
C:\WINDOWS\system32\tuncynxt.exe
C:\WINDOWS\system32\xedioydc.dll
C:\WINDOWS\system32\yjrvvins.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Legacy_XPROTECTOR
-------\Service_NPF
-------\Service_XPROTECTOR
((((((((((((((((((((((( Dateien erstellt von 2008-05-20 bis 2008-06-20 ))))))))))))))))))))))))))))))
.
2008-06-17 20:54 . 2008-06-17 20:54 <DIR> d-------- C:\Dokumente und Einstellungen\home\Anwendungsdaten\ipla
2008-06-17 20:54 . 2008-06-17 20:54 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ipla
2008-06-17 20:42 . 2003-08-29 00:55 423,424 --a------ C:\WINDOWS\system32\WMAVDS32.ax
2008-06-17 20:41 . 2008-06-19 22:42 <DIR> d-------- C:\Programme\IPLA
2008-06-05 15:42 . 2008-06-05 15:42 <DIR> d-------- C:\Programme\TomTom DesktopSuite
2008-06-05 13:47 . 2008-06-05 13:47 <DIR> d-------- C:\Programme\Trend Micro
2008-06-05 13:16 . 2008-06-05 13:16 <DIR> d-------- C:\Programme\CCleaner
2008-06-04 23:27 . 2008-06-04 23:37 <DIR> d-------- C:\Programme\CeRegEditor
2008-06-04 18:07 . 2008-06-04 18:08 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-04 18:05 . 2004-09-18 10:58 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Vorlagen
2008-06-04 18:05 . 2004-09-18 11:49 <DIR> dr------- C:\Dokumente und Einstellungen\Administrator\Startmen
2008-06-04 18:05 . 2004-09-18 11:49 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung
2008-06-04 18:05 . 2004-09-18 11:49 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen
2008-06-04 18:05 . 2004-09-18 11:49 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Favoriten
2008-06-04 18:05 . 2004-09-18 11:49 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Druckumgebung
2008-06-04 18:05 . 2004-09-18 11:49 <DIR> dr-h----- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten
2008-06-04 18:05 . 2008-06-04 18:05 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator
2008-06-04 17:58 . 2008-06-04 18:36 <DIR> d-------- C:\SDFix
2008-06-04 17:34 . 2008-06-04 17:37 <DIR> d-------- C:\Programme\Panda Security
2008-06-04 17:16 . 2008-06-04 17:16 <DIR> d-------- C:\Programme\Opera
2008-05-29 12:52 . 2008-05-29 12:52 <DIR> d-------- C:\Programme\MagicISO
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 05:58 --------- d-----w C:\Dokumente und Einstellungen\home\Anwendungsdaten\uTorrent
2008-06-06 14:08 --------- d-----w C:\Programme\Microsoft ActiveSync
2008-06-05 12:36 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-06-05 11:29 --------- d-----w C:\Programme\GetRight
2008-06-04 16:52 --------- d-----w C:\Programme\Spybot - Search & Destroy
2008-05-23 20:05 --------- d-----w C:\Programme\uTorrent
2008-05-21 10:37 --------- d-----w C:\Programme\Subdownloader
2008-05-07 20:00 --------- d-----w C:\Programme\MKVtoolnix
2008-05-07 13:38 --------- d-----w C:\Programme\OpenOffice.org1.1.4
2008-05-06 11:06 --------- d-----w C:\Programme\Burrrn
2007-11-04 22:00 28,528 ----a-w C:\Dokumente und Einstellungen\home\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2006-06-13 13:45 732 ---ha-w C:\Dokumente und Einstellungen\home\hpothb07.dat
2005-03-13 18:02 36 ----a-w C:\Dokumente und Einstellungen\home\klextlock.dat
2000-06-05 15:47 32,768 ----a-w C:\Programme\mozilla firefox\plugins\AppSub32.dll
2006-08-14 22:58 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
2005-05-01 09:44 56 --sh--r C:\WINDOWS\system32\65B677F65A.sys
2007-03-11 20:48 13,198 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{820D1A4F-36FC-49C1-B783-B0BBD58FBD9A}]
C:\WINDOWS\system32\mlJApMfE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:57 15360]
"H/PC Connection Agent"="C:\Programme\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 16:57 1289000]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="C:\WINDOWS\Hcontrol.exe" [2002-01-08 15:22 53248]
"SynTPLpr"="C:\Programme\Synaptics\SynTP\SynTPLpr.exe" [2003-12-12 14:14 110592]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2003-12-12 14:14 618496]
"ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-03 22:10 339968]
"emMON"="HCWemMON.exe" [2006-05-31 11:24 61440 C:\WINDOWS\HCWemMON.exe]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 11:29 40960]
"b06518f9"="C:\WINDOWS\system32\ycpxyoos.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2004-08-04 00:57 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"vidc.dvsd"= pdvcodec.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Tlen.pl\\tlen.exe"=
"C:\\Programme\\SJLabs\\SJphone\\SJphone.exe"=
"C:\\Programme\\BPFTP Server\\bpftpserver.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Programme\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"C:\Programme\Microsoft ActiveSync\rapimgr.exe"= C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Programme\Microsoft ActiveSync\wcescomm.exe"= C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe"= C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Programme\\Gadu-Gadu\\gg.exe"=
"C:\\Programme\\uTorrent\\uTorrent.exe"=
"C:\\Programme\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"C:\\Programme\\Mozilla Firefox\\firefox.exe"=
"C:\\Programme\\NAPI-PROJEKT\\napisy.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule_tcp
"4672:UDP"= 4672:UDP:emule_udp
"17173:TCP"= 17173:TCP:BitComet 17173 TCP
"17173:UDP"= 17173:UDP:BitComet 17173 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys [2003-06-26 10:45]
R1 ts_lb;ts_lb;C:\WINDOWS\system32\drivers\ts_lb.sys [2006-02-08 22:17]
R2 port_nt;port_nt;c:\windows\system32\drivers\port_nt.sys [2000-10-24 00:00]
R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2005-04-13 16:56]
S3 CV2K1;CommView Network Monitor;C:\WINDOWS\system32\DRIVERS\cv2k1.sys [2006-04-29 00:31]
S3 GC75CFlt;GC75 MCL Filter;C:\WINDOWS\system32\DRIVERS\gc75cflt.sys [2002-09-24 11:30]
S3 GvCOMM;GC75 Multi Channel Link;C:\WINDOWS\system32\DRIVERS\gvcomm.sys [2002-09-24 11:30]
S3 ulusba;NEC 616 Command Port Driver;C:\WINDOWS\system32\DRIVERS\ulusba.sys [2003-06-23 03:00]
S3 ulusbc;NEC 616 CONTROL Driver;C:\WINDOWS\system32\DRIVERS\ulusbc.sys [2003-06-23 03:00]
S3 ulusbe;NEC 616 ENUMERATION Driver;C:\WINDOWS\system32\DRIVERS\ulusbe.sys [2003-06-23 03:00]
S3 ulusbm;NEC 616 Modem Driver;C:\WINDOWS\system32\DRIVERS\ulusbm.sys [2003-06-23 03:00]
S3 ulusbo;NEC 616 OBEX Port Driver;C:\WINDOWS\system32\DRIVERS\ulusbo.sys [2003-07-24 03:00]
S3 USB28xxBGA;WinTV HVR-900;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-09-13 11:21]
S3 USB28xxOEM;WinTV OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-09-13 11:21]
S3 WLAN_USB;Wireless LAN USB Driver;C:\WINDOWS\system32\DRIVERS\MA111nd5.sys [2004-09-29 11:31]
S3 WlanUIB;NETGEAR 802.11b USB Driver;C:\WINDOWS\system32\DRIVERS\MA111nd5.sys [2004-09-29 11:31]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [2001-01-03 00:53]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8354ce3-9d3c-11d9-be95-00042391c9ec}]
\Shell\AutoRun\command - J:\InstallTomTomHOME.exe
.
Inhalt des "geplante Tasks" Ordners
"2006-09-12 15:05:13 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1147186029.job"
- C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************[/code]
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [nofollow]http://www.gmer.net[/nofollow]
Rootkit scan 2008-06-20 10:22:34
Windows 5.1.2600 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostart Eintr„ge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\System32\CSCDLL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Programme\Gemeinsame Dateien\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\ATKOSD.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-06-20 10:30:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-20 08:30:23
32 Verzeichnis(se), 2,280,312,832 Bytes frei
34 Verzeichnis(se), 2,286,755,840 Bytes frei
178 --- E O F --- 2007-10-10 02:02:08
------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:55, on 2008-06-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\Hcontrol.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\HCWemMON.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\ATKOSD.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = hxxp://isa.omega.szn.pl:8080/wpad.dat
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programme\GetRight\xx2gr.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programme\Desktop Sidebar\sbhelp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\cgmopenbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {820D1A4F-36FC-49C1-B783-B0BBD58FBD9A} - C:\WINDOWS\system32\mlJApMfE.dll (file missing)
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Programme\Gemeinsame Dateien\justDo\Jd2002.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\Hcontrol.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [emMON] HCWemMON.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [b06518f9] rundll32.exe "C:\WINDOWS\system32\ycpxyoos.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O4 - Global Startup: AutoStart IR.lnk = C:\Programme\WinTV\Ir.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Download Flash Files - C:\PROGRA~1\Leesoft\FLASHH~1\save.htm
O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Programme\Gemeinsame Dateien\justDo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Programme\Desktop Sidebar\sbhelp.dll/menuhandler.html
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Programme\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Programme\Gemeinsame Dateien\justDo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Programme\Gemeinsame Dateien\justDo\IECatcher.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Flash Hunter - {6163F81A-7F01-45E1-996C-EDCA4388941E} - C:\PROGRA~1\Leesoft\FLASHH~1\save.htm (HKCU)
O9 - Extra 'Tools' menuitem: &Flash Hunter - {6163F81A-7F01-45E1-996C-EDCA4388941E} - C:\PROGRA~1\Leesoft\FLASHH~1\save.htm (HKCU)
O16 - DPF: {2DF91772-19DC-47AE-B52F-B8E2FE545625} (Spd2 Class) - hxxp://www.lemontv.pl/lmctrls.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - hxxp://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - hxxp://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - hxxp://skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B76B7A1-E5DF-4DA4-9676-3E4FBD27EF65}: NameServer = 192.168.0.1
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Programme\Gemeinsame Dateien\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 8374 bytes
[/code]
20 Cze 2008, 16:15
fix w hijackthis
Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:
Plik
zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
[obrazek nie jest już dostępny]
Rozpocznie się usuwanie i powstanie log, daj ten log na forum.
Logi dajesz na wklej.org a w poście dajesz tylko link
O2 - BHO: (no name) - {820D1A4F-36FC-49C1-B783-B0BBD58FBD9A} - C:\WINDOWS\system32\mlJApMfE.dll (file missing)
O4 - HKLM\..\Run: [emMON] HCWemMON.exe
O4 - HKLM\..\Run: [b06518f9] rundll32.exe "C:\WINDOWS\system32\ycpxyoos.dll",b
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:
- Kod:
File::
C:\WINDOWS\system32\ycpxyoos.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{820D1A4F-36FC-49C1-B783-B0BBD58FBD9A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"b06518f9"=-
Plik
zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
[obrazek nie jest już dostępny]
Rozpocznie się usuwanie i powstanie log, daj ten log na forum.
Logi dajesz na wklej.org a w poście dajesz tylko link
20 Cze 2008, 17:25
fix w hijackthis (...)
- przeprowadzone
(...)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę (...)
Rozpocznie się usuwanie i powstanie log, daj ten log na forum.
(...)
- [code]http://www.wklej.org/id/e1801e29bd[/code]
jest poprawa, firefox otwiera juz google, allegro itd.
niestety IE nadal kiedy chce sam sie zamyka.
dziekuje za zainteresowanie!
- przeprowadzone
(...)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę (...)
Rozpocznie się usuwanie i powstanie log, daj ten log na forum.
(...)
- [code]http://www.wklej.org/id/e1801e29bd[/code]
jest poprawa, firefox otwiera juz google, allegro itd.
niestety IE nadal kiedy chce sam sie zamyka.
dziekuje za zainteresowanie!
20 Cze 2008, 17:29
Log wyglada na czysty
usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.
Przeczyść komputer Ccleanerem
Wykonaj optymalizację autostartu
Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja
Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum
lub
Dr.WEB CureIt!
usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.
Przeczyść komputer Ccleanerem
Wykonaj optymalizację autostartu
Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja
Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum
lub
Dr.WEB CureIt!