problem z java

[rozpruwacz]

hey
mam maly problem z java...otoz pewnego pieknego dnia wchodze sobie na inernet mozilla...i zaczelo mi wywalac jave...wiec zainstalowalem jeszcze raz...znowu to samo..inna wersja..to samo... wyswietla mi sie komunikat:

java.lang.NullPointerException
at com.sun.deploy.net.proxy.DynamicProxyManager.reset(Unknown Source)
at com.sun.deploy.net.proxy.DeployProxySelector.reset(Unknown Source)
at sun.plugin.AppletViewer.initEnvironment(Unknown Source)

wiecie moze co z tym zrobic ??.. jak naprawic?? mam windows xp sp2...

z gory dziekuje

Pozdrawiam

[Dawid255151]

Wklej loga zobaczymy czego to może być wina

[rozpruwacz]

w konsoli java takie cos:

ava Plug-in 1.6.0_05
Using JRE version 1.6.0_05 Java HotSpot(TM) Client VM
User home directory = C:\Documents and Settings\rozpruwacz
java.lang.NullPointerException
at com.sun.deploy.net.proxy.DynamicProxyManager.reset(Unknown Source)
at com.sun.deploy.net.proxy.DeployProxySelector.reset(Unknown Source)
at sun.plugin.AppletViewer.initEnvironment(Unknown Source)


----------------------------------------------------
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
p: reload proxy configuration
q: hide console
r: reload policy configuration
s: dump system and deployment properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to <n>
----------------------------------------------------

a to np w konsoli bledow podczas przegladania fotki...gdzie najbardzie widac krzaczenia


Ostrzeżenie: Nieznana własność "align". Deklaracja opuszczona.
Plik źródłowy: http://www.fotka.pl/konto.php
Wiersz: 0

[Dawid255151]

Chodzi mi o wklejenie loga z HijackThis, ComboFix

[rozpruwacz]

wiec tak oto hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:17:07, on 2008-04-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
E:\programy\TuneUpUtilities\WinStylerThemeSvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINNT\Explorer.EXE
E:\programy\Ad-Aware SE Personal\aawservice.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINNT\system32\acs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\UAService7.exe
C:\WINNT\System32\alg.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\ATK0100\HControl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINNT\vsnp2std.exe
C:\WINNT\RTHDCPL.EXE
E:\programy\ZoneAlarm\zlclient.exe
E:\programy\steganos\SteganosHotKeyService.exe
E:\programy\steganos\fredirstarter.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\WINNT\ATK0100\ATKOSD.exe
C:\Program Files\Apoint2K\Apvfb.exe
C:\Program Files\Apoint2K\Apntex.exe
E:\programy\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
E:\programy\Tlen.pl\tlen.exe
D:\Angels Online\angel.dat
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINNT\system32\wbem\wmiprvse.exe
C:\WINNT\system32\CF17675.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\programy\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [HControl] C:\WINNT\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [snp2std] C:\WINNT\vsnp2std.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\programy\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\programy\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\programy\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\programy\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\programy\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6581CA58-14D5-42BC-B10C-567560C6F464}: NameServer = 192.168.1.4,194.204.159.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\programy\Ad-Aware SE Personal\aawservice.exe
O23 - Service: Usługa konfiguracji ASUS (ACS) - Unknown owner - C:\WINNT\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\programy\TuneUpUtilities\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINNT\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

--
End of file - 6933 bytes




EDIT



no i z combofixa



ComboFix 08-04-22.5 - rozpruwacz 2008-04-25 14:21:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.761 [GMT 2:00]
Running from: E:\laptop\programy\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
E:\programy\TuneUpUtilities\WinStylerThemeHelper.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2008-03-25 to 2008-04-25 )))))))))))))))))))))))))))))))
.

2008-04-25 14:29 . 2008-04-25 14:29 <DIR> d-------- C:\WINNT\system32\xircom
2008-04-25 14:29 . 2008-04-25 14:29 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-04-25 14:16 . 2008-04-25 14:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-25 13:46 . 2008-02-22 02:33 69,632 --a------ C:\WINNT\system32\javacpl.cpl
2008-04-25 13:44 . 2008-04-25 13:44 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-25 02:26 . 2008-04-25 02:26 <DIR> d-------- C:\Program Files\HyCam2
2008-04-18 16:49 . 2008-04-25 13:46 <DIR> d-------- C:\Program Files\Java
2008-04-17 23:46 . 2008-04-17 23:55 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\POPWWPROFILES
2008-04-11 22:54 . 2008-04-11 22:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\n7-89-o9-3r-4t-r9
2008-04-11 22:51 . 2008-04-11 22:51 <DIR> d-------- C:\Documents and Settings\rozpruwacz\Dane aplikacji\GameHouse
2008-04-11 16:07 . 2008-04-23 18:46 <DIR> d-------- C:\Tlen_pliki
2008-04-06 16:52 . 2008-04-06 16:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2008-04-06 16:51 . 2008-04-06 16:51 <DIR> d-------- C:\Program Files\Reallusion
2008-04-06 16:51 . 2007-05-23 18:28 5,627,904 --a------ C:\WINNT\system32\RLVirDev.ocx
2008-04-06 16:51 . 2006-05-16 11:58 73,728 --a------ C:\WINNT\system32\ISUSPM.cpl
2008-04-05 00:08 . 2008-04-05 00:15 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-04-04 22:39 . 2008-04-04 22:39 <DIR> d-------- C:\WINNT\Downloaded Installations
2008-04-04 00:38 . 2008-04-04 00:50 <DIR> d-------- C:\Documents and Settings\rozpruwacz\Dane aplikacji\Steganos
2008-04-04 00:37 . 2008-04-04 00:40 <DIR> d-------- C:\Program Files\Steganos Safe Professional 2006 Admin
2008-04-04 00:16 . 2008-04-04 00:16 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems
2008-04-04 00:15 . 2008-04-04 00:15 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-02 16:38 . 2004-08-04 00:44 21,504 --a------ C:\WINNT\system32\hidserv.dll
2008-04-01 14:45 . 2008-04-01 14:45 <DIR> dr-h----- C:\Documents and Settings\rozpruwacz\Dane aplikacji\SecuROM
2008-03-31 23:38 . 2008-03-31 23:38 <DIR> d-------- C:\Documents and Settings\rozpruwacz\Dane aplikacji\DivX
2008-03-31 23:37 . 2008-03-31 23:37 <DIR> d-------- C:\Program Files\Media Player Classic
2008-03-31 23:28 . 2008-03-31 23:28 <DIR> d-------- C:\Program Files\Codec
2008-03-31 21:40 . 2008-03-31 21:40 <DIR> d-------- C:\Program Files\DirectShow Pack
2008-03-31 21:35 . 2008-03-31 21:35 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
2008-03-31 21:30 . 2008-03-31 21:30 <DIR> d-------- C:\Program Files\MarBit
2008-03-25 21:52 . 2008-03-25 23:49 <DIR> d-------- C:\Program Files\ChomikBox
2008-03-25 11:34 . 2008-03-25 11:34 268 --ah----- C:\sqmdata19.sqm
2008-03-25 11:34 . 2008-03-25 11:34 244 --ah----- C:\sqmnoopt19.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-25 12:33 23,382,048 --sha-w C:\WINNT\system32\drivers\fidbox.dat
2008-04-25 12:29 318,332 --sha-w C:\WINNT\system32\drivers\fidbox.idx
2008-04-25 12:29 2,203,136 ----a-w C:\WINNT\Internet Logs\xDB1C.tmp
2008-04-25 12:06 --------- d-----w C:\Documents and Settings\rozpruwacz\Dane aplikacji\Skype
2008-04-19 18:32 297,472 ----a-w C:\WINNT\Internet Logs\xDB1B.tmp
2008-04-17 21:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-15 14:09 1,934,672 ----a-w C:\WINNT\Internet Logs\tvDebug.zip
2008-04-13 16:41 270,848 ----a-w C:\WINNT\Internet Logs\xDB19.tmp
2008-04-13 16:41 2,092,032 ----a-w C:\WINNT\Internet Logs\xDB1A.tmp
2008-04-06 16:38 565,248 ----a-w C:\WINNT\Internet Logs\xDB17.tmp
2008-04-06 16:38 2,053,120 ----a-w C:\WINNT\Internet Logs\xDB18.tmp
2008-04-06 14:51 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-04 22:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-03 22:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-01 12:45 108,144 ----a-w C:\WINNT\system32\CmdLineExt.dll
2008-03-31 21:36 --------- d-----w C:\Program Files\Common Files\Real
2008-03-26 10:27 313,344 ----a-w C:\WINNT\Internet Logs\xDB15.tmp
2008-03-26 10:27 1,932,288 ----a-w C:\WINNT\Internet Logs\xDB16.tmp
2008-03-22 14:37 95,744 ----a-w C:\WINNT\Internet Logs\xDB14.tmp
2008-03-22 10:24 65,536 ----a-w C:\WINNT\Internet Logs\xDB12.tmp
2008-03-22 10:24 1,928,192 ----a-w C:\WINNT\Internet Logs\xDB13.tmp
2008-03-21 11:04 17,408 ----a-w C:\WINNT\Internet Logs\xDB10.tmp
2008-03-21 11:04 1,928,192 ----a-w C:\WINNT\Internet Logs\xDB11.tmp
2008-03-21 10:54 367,104 ----a-w C:\WINNT\Internet Logs\xDBE.tmp
2008-03-21 10:54 1,927,680 ----a-w C:\WINNT\Internet Logs\xDBF.tmp
2008-03-20 21:41 1,926,656 ----a-w C:\WINNT\Internet Logs\xDBD.tmp
2008-03-16 17:31 352,256 ----a-w C:\WINNT\Internet Logs\xDBB.tmp
2008-03-16 17:31 1,882,624 ----a-w C:\WINNT\Internet Logs\xDBC.tmp
2008-03-16 12:38 --------- d-----w C:\Documents and Settings\rozpruwacz\Dane aplikacji\Ahead
2008-03-16 12:37 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
2008-03-16 12:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-03-16 12:02 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-16 12:00 --------- d-----w C:\Program Files\Nero
2008-03-16 12:00 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-03-15 13:14 --------- d-----w C:\Program Files\InTune
2008-03-13 21:31 --------- d-----w C:\Documents and Settings\rozpruwacz\Dane aplikacji\fltk.org
2008-03-12 21:04 184,320 ----a-w C:\WINNT\Internet Logs\xDB9.tmp
2008-03-12 21:04 1,841,664 ----a-w C:\WINNT\Internet Logs\xDBA.tmp
2008-03-09 17:38 291,840 ----a-w C:\WINNT\Internet Logs\xDB7.tmp
2008-03-09 17:38 1,836,544 ----a-w C:\WINNT\Internet Logs\xDB8.tmp
2008-03-02 18:49 89,600 ----a-w C:\WINNT\Internet Logs\xDB5.tmp
2008-03-02 18:49 1,823,744 ----a-w C:\WINNT\Internet Logs\xDB6.tmp
2008-03-01 22:22 34,304 ----a-w C:\WINNT\Internet Logs\xDB4.tmp
2008-03-01 22:16 391,168 ----a-w C:\WINNT\Internet Logs\xDB504.tmp
2008-02-28 16:15 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InterAction studios
2008-02-27 16:12 --------- d-----w C:\Documents and Settings\rozpruwacz\Dane aplikacji\Media Player Classic
2008-02-25 23:56 262,656 ----a-w C:\WINNT\Internet Logs\xDB2.tmp
2008-02-25 23:55 1,771,008 ----a-w C:\WINNT\Internet Logs\xDB3.tmp
2008-02-20 13:42 2,276,864 ----a-w C:\WINNT\system32\TUKernel.exe
2008-02-11 01:42 691,545 ----a-w C:\WINNT\unins000.exe
2008-02-10 23:21 122,880 ----a-w C:\WINNT\system32\UAService7.exe
2008-02-10 13:35 315,392 ----a-w C:\WINNT\HideWin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 02:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINNT\ATK0100\HControl.exe" [2006-08-23 23:22 110592]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-06-02 19:58 176128]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 19:22 638976]
"snp2std"="C:\WINNT\vsnp2std.exe" [2006-09-15 07:21 675840]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 15:49 16377344 C:\WINNT\RTHDCPL.exe]
"ZoneAlarm Client"="E:\programy\ZoneAlarm\zlclient.exe" [2007-11-14 17:05 919016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINNT\system32\CTFMON.EXE" [2004-08-04 02:44 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="cmd.exe" [2004-08-04 02:44 395776 C:\WINNT\system32\cmd.exe]
"tscuninstall"="C:\WINNT\system32\tscupgrd.exe" [2004-08-04 02:33 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SLEE_16_DRIVER;Steganos Live Encryption Engine 16 [Driver];C:\WINNT\system32\drivers\Sleen16.sys [2007-10-11 13:24]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINNT\ATK0100\ASNDIS5.SYS [2004-05-28 11:13]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINNT\system32\DRIVERS\snp2sxp.sys [2007-03-30 08:41]
S3 SinoTPM;Driver For SINOSUN Trusted Platform Module;C:\WINNT\system32\DRIVERS\SinoTpm.sys [2006-06-12 18:21]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINNT\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-18 15:15:04 C:\WINNT\Tasks\1-Click Maintenance.job"
- E:\programy\TuneUpUtilities\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-25 14:33:55
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\ADSM_PData_0150

scan completed successfully
hidden files: 24

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\C:\WINNT\TEMP\mc21.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINNT\system32\winlogon.exe
E:\programy\TuneUpUtilities\WinStylerThemeHelper.dll

PROCESS: C:\WINNT\system32\lsass.exe
E:\programy\TuneUpUtilities\WinStylerThemeHelper.dll

PROCESS: C:\WINNT\system32\csrss.exe
E:\programy\TuneUpUtilities\WinStylerThemeHelper.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINNT\system32\ati2evxx.exe
E:\programy\TuneUpUtilities\WinStylerThemeSvc.exe
C:\WINNT\system32\ati2evxx.exe
E:\programy\Ad-Aware SE Personal\aawservice.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\WINNT\system32\acs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\UAService7.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\Apoint2K\hidfind.exe
C:\Program Files\Apoint2K\Apvfb.exe
C:\WINNT\ATK0100\ATKOSD.exe
.
**************************************************************************
.
Completion time: 2008-04-25 14:35:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-25 12:35:43

Pre-Run: 923,475,968 bajtów wolnych
Post-Run: 1,399,996,416 bajt˘w wolnych

192

[Bozz]

Poczytaj: http://mozillapl.org/forum/about-24686.html

Dawid nie podejrzewaj o każdy błąd wirusa...

[rozpruwacz]

dziekuje.. pomoglo

[kamuflasz]

A ja mimo to na loga spojrzałem i znalazłem kilka brudasów:D

Kod: Zaznacz wszystko

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'USŁUGA LOKALNA')
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE (Najpierw usuń potem sfixuj)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

należy sfiksować w HJT

[rozpruwacz]

najzabawniejsze ze te 2


O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE (Najpierw usuń potem sfixuj)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

nie sa wyswietlane w tym panelu...tylko zapisane do pliku z logiem ale dzieki wielkie