Wyłączanie się programów

INSTALKI.pl - programy, gry, sterowniki

Logi, zabezpieczenie komputera, danych. Programy antywirusowe antyspyware, firewall itp.

Regulamin forum

1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
Wyślij odpowiedź
 
Beto
  • Beto
  • Posty: 15
  • Dołączenie: 22 Paź 2006, 19:12

Wyłączanie się programów

02 Kwi 2008, 15:41

Combofix
Kod:
ComboFix 08-04-01.2 - luki 2008-04-02 15:35:25.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.637 [GMT 2:00]
Running from: C:\Documents and Settings\luki\Pulpit\ComboFix.exe
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-03-02 to 2008-04-02  )))))))))))))))))))))))))))))))
.

2008-04-01 20:56 . 2008-04-01 20:56   <DIR>   d--------   C:\Program Files\TVUPlayer
2008-04-01 20:56 . 2008-04-01 20:56   <DIR>   d--------   C:\Documents and Settings\luki\Dane aplikacji\TVU networks
2008-04-01 20:56 . 2008-04-01 20:56   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\TVU networks
2008-04-01 20:55 . 2008-04-01 20:55   <DIR>   d--------   C:\ppmaterecord
2008-04-01 20:54 . 2008-04-01 20:55   <DIR>   d--------   C:\Program Files\PPMate
2008-04-01 20:54 . 2008-04-01 20:54   <DIR>   d--------   C:\Program Files\Common Files\Synacast
2008-04-01 20:54 . 2008-04-01 20:54   <DIR>   d--------   C:\Documents and Settings\luki\Dane aplikacji\PPMate
2008-04-01 20:51 . 2008-04-01 20:51   <DIR>   d--------   C:\Program Files\TVAnts
2008-04-01 20:22 . 2008-04-01 20:22   <DIR>   d--------   C:\Program Files\FREE Hi-Q Recorder
2008-04-01 20:22 . 2008-04-01 20:32   <DIR>   d--------   C:\My Recordings
2008-04-01 20:22 . 2008-04-01 20:22   671,744   --a------   C:\WINDOWS\isRS-000.tmp
2008-04-01 18:06 . 2008-04-01 18:06   0   --a------   C:\WINDOWS\PowerReg.dat
2008-03-31 20:10 . 2008-03-31 20:10   <DIR>   d--------   C:\Documents and Settings\luki\Dane aplikacji\Hewlett-Packard
2008-03-31 18:51 . 2008-03-31 18:51   <DIR>   d--------   C:\Documents and Settings\luki\Dane aplikacji\Folder przesyłania Share-to-Web
2008-03-27 19:27 . 2007-10-12 16:14   3,734,536   --a------   C:\WINDOWS\system32\d3dx9_36.dll
2008-03-27 19:27 . 2007-10-12 16:14   1,374,232   --a------   C:\WINDOWS\system32\D3DCompiler_36.dll
2008-03-27 19:27 . 2007-10-02 10:56   444,776   --a------   C:\WINDOWS\system32\d3dx10_36.dll
2008-03-27 19:27 . 2007-10-22 04:39   267,272   --a------   C:\WINDOWS\system32\xactengine2_10.dll
2008-03-27 19:26 . 2008-03-27 19:26   <DIR>   d--------   C:\Program Files\OpenAL
2008-03-27 19:26 . 2007-12-11 13:00   785,464   -ra------   C:\WINDOWS\system32\tmp43F.tmp
2008-03-27 19:26 . 2007-12-11 13:00   785,464   -ra------   C:\WINDOWS\system32\tmp43E.tmp
2008-03-27 19:26 . 2008-03-27 19:26   409,600   --a------   C:\WINDOWS\system32\wrap_oal.dll
2008-03-27 19:26 . 2008-03-27 19:26   114,688   --a------   C:\WINDOWS\system32\OpenAL32.dll
2008-03-26 21:15 . 2008-03-26 21:15   <DIR>   d--------   C:\Program Files\Medal of Honor Airborne
2008-03-26 20:59 . 2008-03-26 20:59   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2008-03-26 20:59 . 2008-03-26 20:59   <DIR>   d--------   C:\WINDOWS\system32\AGEIA
2008-03-26 20:59 . 2008-03-26 20:59   <DIR>   d--------   C:\Program Files\AGEIA Technologies
2008-03-26 15:30 . 2008-03-26 15:30   <DIR>   d--------   C:\Program Files\DDS Converter 2
2008-03-26 15:24 . 2008-03-26 15:24   <DIR>   d--------   C:\Program Files\OEdit
2008-03-22 13:03 . 2008-03-22 13:03   116   --a------   C:\WINDOWS\NeroDigital.ini
2008-03-20 11:52 . 2008-03-20 11:52   <DIR>   d--------   C:\Program Files\Veoh Networks
2008-03-19 18:11 . 2008-03-19 18:14   706   --a------   C:\WINDOWS\Thps3.INI
2008-03-18 15:40 . 2008-03-18 15:40   32   --a------   C:\WINDOWS\go
2008-03-18 15:23 . 2008-03-18 15:42   <DIR>   d--------   C:\Documents and Settings\luki\Dane aplikacji\Hide IP NG
2008-03-12 19:13 . 2008-03-12 19:13   <DIR>   d--------   C:\Program Files\Trend Micro
2008-03-12 16:35 . 2008-03-12 16:35   <DIR>   d--------   C:\Program Files\WapSter
2008-03-12 16:35 . 2008-03-12 16:35   <DIR>   d--------   C:\Documents and Settings\luki\WapSter
2008-03-12 16:32 . 2008-03-12 16:32   <DIR>   d--------   C:\Gadu-Gadu
2008-03-12 15:13 . 2008-04-02 15:34   <DIR>   d--------   C:\Documents and Settings\luki\Pulpit
2008-03-11 16:38 . 2008-03-11 16:38   91,700   --a------   C:\WINDOWS\system32\drivers\klin.dat
2008-03-11 16:38 . 2008-03-11 16:38   85,860   --a------   C:\WINDOWS\system32\drivers\klick.dat
2008-03-11 16:37 . 2008-03-11 16:37   <DIR>   d--------   C:\Program Files\Kaspersky Lab
2008-03-11 16:37 . 2008-03-27 15:01   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-03-11 16:37 . 2008-04-02 15:37   16,027,680   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-11 16:37 . 2008-04-02 15:37   305,696   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-11 16:37 . 2008-04-01 20:58   215,096   --ahs----   C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-11 16:37 . 2008-04-01 20:58   31,244   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-11 16:34 . 2008-03-11 16:34   <DIR>   d--------   C:\kav
2008-03-09 12:15 . 2008-03-09 12:15   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Macrovision
2008-03-09 11:53 . 2008-03-09 11:53   <DIR>   d--------   C:\Program Files\Common Files\Macromedia Shared
2008-03-09 11:53 . 2002-01-05 08:10   57,344   ---------   C:\WINDOWS\system32\mfc70enu.dll
2008-03-09 11:52 . 2008-03-09 11:52   <DIR>   d--------   C:\Program Files\Macromedia
2008-03-07 15:23 . 2004-04-19 05:37   1,814,528   ---------   C:\WINDOWS\UNNeroVision.exe
2008-03-07 15:23 . 2004-04-21 08:10   96,891   ---------   C:\WINDOWS\UNNeroVision.cfg
2008-03-07 15:21 . 2001-07-06 15:41   569,344   --a------   C:\WINDOWS\system32\imagr5.dll
2008-03-07 15:21 . 2001-07-06 13:44   544,768   --a------   C:\WINDOWS\system32\imagx5.dll
2008-03-07 15:21 . 2001-07-06 19:24   283,920   --a------   C:\WINDOWS\system32\ImagXpr5.dll
2008-03-07 15:21 . 2001-06-26 09:15   38,912   --a------   C:\WINDOWS\system32\picn20.dll
2008-03-06 20:45 . 2008-03-06 20:45   <DIR>   d--------   C:\Program Files\CDDVDDataRecovery
2008-03-06 20:38 . 2008-03-06 20:38   <DIR>   d--------   C:\Program Files\Common Files\Ahead
2008-03-06 20:38 . 2008-03-27 17:39   <DIR>   d--------   C:\Program Files\Ahead
2008-03-06 20:38 . 2000-06-26 12:45   106,496   --a------   C:\WINDOWS\system32\TwnLib20.dll
2008-03-04 10:42 . 2008-03-04 10:42   <DIR>   d--------   C:\Documents and Settings\luki\Dane aplikacji\foobar2000

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 12:43   ---------   d-----w   C:\Documents and Settings\luki\Dane aplikacji\MegauploadToolbar
2008-04-01 16:01   ---------   d-----w   C:\Documents and Settings\luki\Dane aplikacji\uTorrent
2008-04-01 14:11   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-03-31 16:50   ---------   d-----w   C:\Program Files\HP
2008-03-27 16:30   ---------   d-----w   C:\Program Files\WebServ
2008-03-27 16:28   ---------   d-----w   C:\Program Files\Google
2008-03-27 16:27   ---------   d-----w   C:\Program Files\Astonsoft
2008-03-27 15:59   81,920   ----a-w   C:\Documents and Settings\luki\Dane aplikacji\ezpinst.exe
2008-03-27 15:59   47,360   ----a-w   C:\Documents and Settings\luki\Dane aplikacji\pcouffin.sys
2008-03-27 15:59   ---------   d-----w   C:\Documents and Settings\luki\Dane aplikacji\Vso
2008-03-26 18:58   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2008-03-12 17:34   737,280   ----a-w   C:\WINDOWS\iun6002.exe
2008-03-09 09:52   ---------   d-----w   C:\Program Files\Common Files\Macromedia
2008-03-06 18:40   ---------   d-----w   C:\Documents and Settings\luki\Dane aplikacji\Ahead
2008-03-04 19:51   ---------   d-----w   C:\Documents and Settings\luki\Dane aplikacji\ppStream
2008-03-04 11:44   107,888   ----a-w   C:\WINDOWS\system32\CmdLineExt.dll
2008-02-21 16:31   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-02-19 06:47   ---------   d-----w   C:\Program Files\DirectX
2008-02-17 13:07   ---------   d-----w   C:\Program Files\SopCast
2008-02-12 19:04   ---------   d-----w   C:\Documents and Settings\luki\Dane aplikacji\Microsoft Games
2008-02-11 21:40   ---------   d-----w   C:\Program Files\MSXML 4.0
2008-02-11 17:13   805   ----a-w   C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-11 17:13   60,800   ----a-w   C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-11 17:13   123,952   ----a-w   C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-11 17:13   10,740   ----a-w   C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-11 17:13   ---------   d-----w   C:\Program Files\Symantec
2008-02-11 17:13   ---------   d-----w   C:\Program Files\Common Files\Symantec Shared
2008-02-11 12:59   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-02-11 12:53   ---------   d-----w   C:\Program Files\Norton AntiVirus
2008-02-08 17:37   219,664   ----a-w   C:\WINDOWS\system32\klogon.dll
2008-02-08 17:35   23,604   ----a-w   C:\WINDOWS\system32\drivers\klopp.dat
2008-02-07 09:49   ---------   d-----w   C:\Program Files\Lavalys
2008-02-06 09:38   ---------   d-----w   C:\Program Files\NAPI-PROJEKT
2008-02-04 10:33   47,880   ----a-w   C:\WINDOWS\BricoPackUninst.cmd
2007-11-19 15:40   560   ----a-w   C:\Program Files\Global.sw
2004-05-27 09:15   116,314   ----a-w   C:\WINDOWS\Fonts\disneyt1.zip
2006-05-03 10:06   163,328   --sh--r   C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47   31,744   --sh--r   C:\WINDOWS\system32\msfDX.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-03-13_15.01.06.46   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-02-19 06:42:16   53,248   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-03-27 17:27:31   53,248   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-02-19 06:42:17   12,800   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-03-27 17:27:31   12,800   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-02-19 06:42:17   473,600   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-03-27 17:27:31   473,600   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-02-13 13:27:09   2,676,224   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-27 17:27:27   2,676,224   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-02-13 13:27:11   2,846,720   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-27 17:27:27   2,846,720   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-02-13 13:27:13   563,712   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-27 17:27:28   563,712   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-02-13 13:27:14   567,296   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-27 17:27:28   567,296   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-02-19 06:42:18   576,000   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-27 17:27:29   576,000   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-02-13 13:27:16   577,024   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-27 17:27:29   577,024   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-02-13 13:27:17   577,536   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-27 17:27:29   577,536   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-02-13 13:27:18   577,536   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-27 17:27:30   577,536   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-02-13 13:27:18   578,560   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-27 17:27:30   578,560   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-02-13 13:27:22   578,560   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-27 17:27:31   578,560   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-02-19 06:42:18   145,920   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-03-27 17:27:32   145,920   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-02-19 06:42:19   159,232   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-03-27 17:27:32   159,232   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-02-19 06:42:19   364,544   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-03-27 17:27:32   364,544   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-02-19 06:42:20   178,176   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-03-27 17:27:32   178,176   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-02-19 06:42:16   223,232   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-03-27 17:27:31   223,232   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2000-08-31 07:00:00   163,328   ----a-w   C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
+ 2000-08-31 06:00:00   163,328   ----a-w   C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
- 2007-10-27 15:46:20   31,720   ----a-r   C:\WINDOWS\Installer\{2FDFD600-7338-4738-90D5-FC4ACA08DC36}\ARPPRODUCTICON.exe
+ 2008-04-01 12:34:56   31,720   ----a-r   C:\WINDOWS\Installer\{2FDFD600-7338-4738-90D5-FC4ACA08DC36}\ARPPRODUCTICON.exe
+ 2008-03-27 17:26:59   10,134   ----a-r   C:\WINDOWS\Installer\{5695B707-C5A9-4EF4-9534-31A798683362}\ARPPRODUCTICON.exe
+ 2008-03-31 16:51:00   45,056   ----a-r   C:\WINDOWS\Installer\{CDA4C20C-511B-458E-A8AF-C7854380223F}\_486AD40031E5_4A05_BAE5_67FC693FE0EF.exe
+ 2008-03-31 16:51:00   49,152   ----a-r   C:\WINDOWS\Installer\{CDA4C20C-511B-458E-A8AF-C7854380223F}\ShareWizard.exe
+ 2008-03-31 16:51:00   49,152   ----a-r   C:\WINDOWS\Installer\{CDA4C20C-511B-458E-A8AF-C7854380223F}\ShareWizardIcon.exe
+ 2008-03-31 16:51:00   49,152   ----a-r   C:\WINDOWS\Installer\{CDA4C20C-511B-458E-A8AF-C7854380223F}\Unload.exe
- 2000-08-31 07:00:00   28,160   ----a-w   C:\WINDOWS\Nircmd.exe
+ 2000-08-31 06:00:00   28,160   ----a-w   C:\WINDOWS\Nircmd.exe
+ 2007-04-20 06:57:28   53,248   ----a-w   C:\WINDOWS\system32\AgCPanelFrench.dll
+ 2007-04-20 06:57:28   53,248   ----a-w   C:\WINDOWS\system32\AgCPanelGerman.dll
+ 2007-04-20 06:57:28   53,248   ----a-w   C:\WINDOWS\system32\AgCPanelJapanese.dll
+ 2007-04-20 06:57:28   53,248   ----a-w   C:\WINDOWS\system32\AgCPanelKorean.dll
+ 2007-04-20 06:57:28   53,248   ----a-w   C:\WINDOWS\system32\AgCPanelPortugese.dll
+ 2007-04-20 06:57:28   53,248   ----a-w   C:\WINDOWS\system32\AgCPanelSimplifiedChinese.dll
+ 2007-04-20 06:57:28   53,248   ----a-w   C:\WINDOWS\system32\AgCPanelSpanish.dll
+ 2007-04-20 06:57:28   53,248   ----a-w   C:\WINDOWS\system32\AgCPanelSwedish.dll
+ 2007-04-20 06:57:30   53,248   ----a-w   C:\WINDOWS\system32\AgCPanelTraditionalChinese.dll
+ 2007-06-12 08:22:58   207,277   ----a-w   C:\WINDOWS\system32\AGEIA\AG1011\app.bin
+ 2007-04-16 08:24:38   122,249   ----a-w   C:\WINDOWS\system32\AGEIA\AG1011\diag.bin
+ 2007-06-12 08:22:58   214,141   ----a-w   C:\WINDOWS\system32\AGEIA\AG1021\app.bin
+ 2007-07-10 10:13:42   113,313   ----a-w   C:\WINDOWS\system32\AGEIA\AG1021\diag.bin
- 2008-02-11 12:37:00   16,384   ----a-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-03-26 12:12:17   16,384   ----a-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-02-11 12:37:00   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2008-03-26 12:12:17   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
- 2008-02-11 12:37:00   49,152   ----a-w   C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-26 12:12:17   49,152   ----a-w   C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
- 2006-09-28 14:05:20   2,414,360   ----a-w   C:\WINDOWS\system32\d3dx9_31.dll
+ 2006-09-28 15:05:20   2,414,360   ----a-w   C:\WINDOWS\system32\d3dx9_31.dll
- 2006-11-29 11:06:18   3,426,072   ----a-w   C:\WINDOWS\system32\d3dx9_32.dll
+ 2006-11-29 12:06:18   3,426,072   ----a-w   C:\WINDOWS\system32\d3dx9_32.dll
+ 2007-06-26 10:15:22   117,888   -c--a-w   C:\WINDOWS\system32\DRVSTORE\PhysX32_28DEC1919B015F1DB41BE86D222D95CA59F30701\physX32.sys
+ 2003-03-20 09:57:22   225,280   ----a-w   C:\WINDOWS\system32\HPptp03.dll
+ 2002-04-24 10:42:18   364,544   ----a-w   C:\WINDOWS\system32\LCodcCMP.dll
- 2008-02-12 11:28:35   62,480   ----a-w   C:\WINDOWS\system32\perfc009.dat
+ 2008-03-30 07:53:47   62,480   ----a-w   C:\WINDOWS\system32\perfc009.dat
- 2008-02-12 11:28:36   79,408   ----a-w   C:\WINDOWS\system32\perfc015.dat
+ 2008-03-30 07:53:47   79,408   ----a-w   C:\WINDOWS\system32\perfc015.dat
- 2008-02-12 11:28:36   401,200   ----a-w   C:\WINDOWS\system32\perfh009.dat
+ 2008-03-30 07:53:47   401,200   ----a-w   C:\WINDOWS\system32\perfh009.dat
- 2008-02-12 11:28:36   458,022   ----a-w   C:\WINDOWS\system32\perfh015.dat
+ 2008-03-30 07:53:47   458,022   ----a-w   C:\WINDOWS\system32\perfh015.dat
+ 2007-06-19 07:59:36   70,400   ----a-w   C:\WINDOWS\system32\PhysXLoader.dll
- 2000-08-31 07:00:00   161,792   ----a-w   C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 06:00:00   161,792   ----a-w   C:\WINDOWS\system32\swreg.exe
+ 2006-10-18 09:32:38   807,032   ----a-w   C:\WINDOWS\system32\wmv9dmod.dll
- 2007-07-19 22:54:28   18,280   ----a-w   C:\WINDOWS\system32\x3daudio1_2.dll
+ 2007-10-22 02:37:16   17,928   ----a-w   C:\WINDOWS\system32\X3DAudio1_2.dll
- 2006-07-28 07:30:32   236,824   ----a-w   C:\WINDOWS\system32\xactengine2_3.dll
+ 2006-07-28 08:30:32   236,824   ----a-w   C:\WINDOWS\system32\xactengine2_3.dll
- 2006-12-08 10:02:00   251,672   ----a-w   C:\WINDOWS\system32\xactengine2_5.dll
+ 2006-12-08 11:02:00   251,672   ----a-w   C:\WINDOWS\system32\xactengine2_5.dll
- 2007-07-19 22:57:12   267,112   ----a-w   C:\WINDOWS\system32\xactengine2_9.dll
+ 2007-07-19 23:57:12   267,112   ----a-w   C:\WINDOWS\system32\xactengine2_9.dll
- 2006-07-28 07:30:14   62,744   ----a-w   C:\WINDOWS\system32\xinput1_2.dll
+ 2006-07-28 08:30:14   62,744   ----a-w   C:\WINDOWS\system32\xinput1_2.dll
+ 2006-12-01 21:56:00   96,256   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-01 23:25:52   1,101,824   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-01 23:25:56   1,093,120   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 23:25:58   69,632   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-01 23:26:00   57,856   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-01 23:08:00   40,960   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 23:08:00   45,056   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 23:08:00   65,536   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 23:08:00   57,344   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 23:08:00   61,440   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 23:08:00   61,440   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 23:08:00   61,440   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 23:08:00   49,152   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 23:08:00   49,152   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 23:46:44   65,536   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-08-02 10:35 7110656]
"nwiz"="nwiz.exe" [2005-08-02 10:35 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-08-02 10:35 86016]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-07-13 04:37 14679552 C:\WINDOWS\RTHDCPL.EXE]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 01:04 84640]
"NAV CfgWiz"="C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe" [2003-11-20 20:20 123824]
"BootWarn"="C:\Program Files\Norton SystemWorks\Norton Antivirus\BootWarn.exe" [ ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-09-06 14:56 157696]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 02:05 200704]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 19:22 26248]
"CamMonitor"="C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 00:23 90112]
"Share-to-Web Namespace Daemon"="C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42 69632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-04-26 15:44:03 1183744]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-08-03 11:10:00 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"D:\\PPStream\\PPStream.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"D:\\Opera\\Opera.exe"=
"D:\\eMule\\emule.exe"=
"C:\\kav\\kav7.0\\english\\setup.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"C:\\Program Files\\WapSter\\AQQ\\AQQ.exe"=
"C:\\Gadu-Gadu\\gg.exe"=
"C:\\PROGRA~1\\WapSter\\AQQ\\AQQ.exe"=
"D:\\gry\\Counter-strike\\hl.exe"=
"D:\\gry\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"D:\\gry\\The Club\\Launcher.exe"=
"D:\\gry\\The Club\\TheClub.exe"=
"D:\\PES 2008\\PES2008.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\PPMate\\ppmate.exe"=
"C:\\Program Files\\PPMate\\ppamnet.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 14:28]
S3 aeqhloader;aeqhloader;C:\DOCUME~1\luki\USTAWI~1\Temp\Rar$EX04.953\AequiHack\aeqhloader.sys []
S3 ĄŐĄŘ°ę¤¤ĄÍ1;ĄŐĄŘ°ę¤¤ĄÍ1;D:\Gods_hack_Pack\nvid999.sys []
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;C:\Documents and Settings\luki\Pulpit\ms\IlvMoney1105.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-04-01 17:50:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-02 15:37:46
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PX° ¤ ¤ Í 1 ]
"ImagePath"="\??\D:\Gods_hack_Pack\nvid999.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\PROGRA~1\Google\GOOGLE~1\GOA66E~1.DLL
.
Completion time: 2008-04-02 15:38:32
ComboFix-quarantined-files.txt  2008-04-02 13:38:24
ComboFix2.txt  2008-03-13 14:01:50
Pre-Run: 9,865,850,880 bajtów wolnych
Post-Run: 9,852,325,888 bajtów wolnych
.
2008-03-12 19:54:34   --- E O F --- 


Hijackthis
Kod:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:29:46, on 2008-04-02
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\gry\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Winamp\winamp.exe
C:\Program Files\WapSter\AQQ\AQQ.exe
D:\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [BootWarn] C:\Program Files\Norton SystemWorks\Norton Antivirus\BootWarn.exe /a
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_28.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) - Unknown owner - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - D:\gry\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 9087 bytes


Niedawno ściągnęłem jakiś plik, okazało się, że to był trojan. Usunęłem go Kasperskym i myślałem, że po problemie.
Jednak nie, niektóre programy: gg, ie itp. włączają się a po 5 sekundach wyłączają.
 
kamuflasz
  • kamuflasz
  • Posty: 889
  • Dołączenie: 04 Mar 2005, 13:06
  • Miejscowość: Zielona Góra

02 Kwi 2008, 18:05

To sfixuj w HJT, jak się nie da ręcznie usuń te pliki w trybie awaryjnym
Kod:
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe (file missing)


Przeczyść autostart z programów, których mało co używasz. Masz ich za dużo moim zdaniem.
http://instalki.pl/forum/viewtopic.php?t=10892


szczególnych zagrożeń w Hijacku nie stwierdzono.

Jeżeli poradnik/demonstracja jest na forum to nie ma potrzeby podawania innych stron.
Edit by Bozz
 
pp3088
  • pp3088
  • Posty: 999
  • Dołączenie: 11 Sie 2006, 23:59
  • Miejscowość: Szczecin

02 Kwi 2008, 20:26

Wklej do Notatnika:
File::
C:\Documents and Settings\luki\Dane aplikacji\MegauploadToolbar
C:\DOCUME~1\luki\USTAWI~1\Temp\Rar$EX04.953\AequiHack\aeqhloader.sys
D:\Gods_hack_Pack\nvid999.sys



>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe)
– podobnie jak na tym obrazku -Image
(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: \Qoobox.
Po tym nowy log z Combofix.
 
huber2t
  • huber2t
  • Posty: 2798
  • Dołączenie: 21 Mar 2008, 10:07

10 Kwi 2008, 20:22

Pokaz log z Combofix
 
pp3088
  • pp3088
  • Posty: 999
  • Dołączenie: 11 Sie 2006, 23:59
  • Miejscowość: Szczecin

10 Kwi 2008, 21:43

Ewidentnie jest napisane by dał nowy log. Nie musisz powtarzać.
Wyślij odpowiedź
Switch to full style

Powered by phpBB © phpBB Group.

phpBB Mobile / SEO by Artodia.

Strona główna