Szymon22 Napisano Marzec 4, 2010 Zgłoś Share Napisano Marzec 4, 2010 Witam. Odnosze wrażenie że mój komputer złapał KEYLOGGERA. Wie ktoś może jak można sie pozbyć tago paskudztwa bez reinstalacji systemu? Antywirus którego mam na kompie to Avast Home Edition. Skan z Hijack: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:29:46, on 2010-03-04 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\PROGRAMY\AVAST\aswUpdSv.exe E:\PROGRAMY\AVAST\ashServ.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\Explorer.EXE E:\WINDOWS\RTHDCPL.EXE E:\Program Files\ASUS\Six Engine\SixEngine.exe E:\WINDOWS\system32\RUNDLL32.EXE E:\WINDOWS\system32\rundll32.exe E:\PROGRAMY\AVAST\ashDisp.exe E:\PROGRAMY\MS OFFICE 2007\Office12\GrooveMonitor.exe E:\WINDOWS\system32\ctfmon.exe E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\system32\PnkBstrA.exe E:\WINDOWS\system32\PnkBstrB.exe E:\PROGRAMY\Alcohol 120\StarWind\StarWindService.exe E:\WINDOWS\system32\svchost.exe E:\PROGRAMY\AVAST\ashMaiSv.exe E:\PROGRAMY\AVAST\ashWebSv.exe E:\PROGRAMY\Nowe Gadu-Gadu\gg.exe E:\PROGRAMY\Nowe Gadu-Gadu\spellchecker_gg.exe E:\Program Files\Internet Explorer\iexplore.exe E:\Program Files\Internet Explorer\iexplore.exe E:\Program Files\Internet Explorer\iexplore.exe E:\Program Files\Internet Explorer\iexplore.exe E:\PROGRAMY\AVAST\ashSimpl.exe E:\Program Files\Internet Explorer\iexplore.exe E:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/portal/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRAMY\MS OFFICE 2007\Office12\GrooveShellExtensions.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Six Engine] "E:\Program Files\ASUS\Six Engine\SixEngine.exe" -r O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [avast!] E:\PROGRAMY\AVAST\ashDisp.exe O4 - HKLM\..\Run: [GrooveMonitor] "E:\PROGRAMY\MS OFFICE 2007\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "E:\WINDOWS\TEMP\E_S214.tmp" /EF "HKLM" O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://E:\PROGRAMY\MSOFFI~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRAMY\MSOFFI~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRAMY\MSOFFI~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRAMY\MSOFFI~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O13 - Gopher Prefix: O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{DF16973A-A9A0-4D93-A60A-5714CEE8A137}: NameServer = 217.116.100.65 79.163.127.70 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRAMY\MS OFFICE 2007\Office12\GrooveSystemServices.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\PROGRAMY\AVAST\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - E:\PROGRAMY\AVAST\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - E:\PROGRAMY\AVAST\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - E:\PROGRAMY\AVAST\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - E:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - E:\WINDOWS\system32\PnkBstrB.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\PROGRAMY\Alcohol 120\StarWind\StarWindService.exe -- End of file - 6845 bytes Screen menedżera zadań: Proces który podejrzewam to smss.exe. Jeśli trzeba to dam link to skana pliku którym sie zainfekował mój sprzęt. EDIT: Skan pliku smss.exe: VirSCAN.org Scanned Report : Scanned time : 2010/02/18 15:39:17 (CET) Scanner results: Wszystkie skanery zgłosiły brak szkodliwego oprogramowania! File Name : smss.exe File Size : 50688 byte File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit MD5 : 059568113b0940bcdfd5f17b698ce9e9 SHA1 : fb36ec08805c937ac39edf8b92b6b844aa46d3df Online report : http://virscan.org/report/b8ea2e7341b92c84112754a218c45657.html Scanner Engine Ver Sig Ver Sig Date Time Scan result a-squared 4.5.0.8 20100218210847 2010-02-18 4.35 - AhnLab V3 2010.02.18.00 2010.02.18 2010-02-18 1.57 - AntiVir 8.2.1.170 7.10.4.95 2010-02-18 0.34 - Antiy 2.0.18 20100218.3856333 2010-02-18 0.12 - Arcavir 2009 201002181107 2010-02-18 0.04 - Authentium 5.1.1 201002181041 2010-02-18 1.80 - AVAST! 4.7.4 100218-0 2010-02-18 0.01 - AVG 8.5.720 271.1.1/2695 2010-02-18 0.23 - BitDefender 7.81008.5097040 7.30440 2010-02-18 5.17 - ClamAV 0.95.3 10406 2010-02-18 0.02 - Comodo 3.13.579 3409 2010-02-18 0.94 - CP Secure 1.3.0.5 2010.02.18 2010-02-18 0.05 - Dr.Web 5.0.1.12222 2010.02.18 2010-02-18 5.44 - F-Prot 4.4.4.56 20100217 2010-02-17 1.74 - F-Secure 7.02.73807 2010.02.18.10 2010-02-18 0.12 - Fortinet 11.511- 11.511 2010-02-18 0.18 - GData 19.10567/19.762 20100218 2010-02-18 6.34 - ViRobot 20100218 2010.02.18 2010-02-18 0.43 - Ikarus T3.1.01.80 2010.02.18.75226 2010-02-18 4.57 - JiangMin 13.0.900 2010.02.08 2010-02-08 7.41 - Kaspersky 5.5.10 2010.02.18 2010-02-18 0.07 - KingSoft 2009.2.5.15 2010.2.18.7 2010-02-18 0.62 - McAfee 5.3.00 5895 2010-02-17 3.63 - Microsoft 1.5406 2010.02.18 2010-02-18 7.55 - Norman 6.01.09 6.01.00 2010-02-10 4.00 - Panda 9.05.01 2010.02.17 2010-02-17 2.35 - Trend Micro 9.120-1004 6.856.03 2010-02-17 0.03 - Quick Heal 10.00 2010.02.18 2010-02-18 1.97 - Rising 20.0 22.34.01.03 2010-02-09 2.21 - Sophos 3.04.1 4.50 2010-02-18 3.31 - Sunbelt 3.9.2405.2 5684 2010-02-17 2.84 - Symantec 1.3.0.24 20100217.005 2010-02-17 0.05 - nProtect 20100218.01 7275921 2010-02-18 4.42 - The Hacker 6.5.1.4 v00198 2010-02-18 0.38 - VBA32 3.12.12.2 20100216.0919 2010-02-16 2.56 - VirusBuster 4.5.11.10 10.119.62/2030909 2010-02-18 2.37 - virus total http://www.virustotal.com/pl/analisis/92ae...4172-1267699234 skan pliku którym mógł sie zainfekować mój komp: http://www.virustotal.com/pl/analisis/586f...f949-1267718233 W32/Zhelatin.K.gen!Eldorado grożne to? Spybot screen: Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Marzec 4, 2010 Zgłoś Share Napisano Marzec 4, 2010 smss.exe to plik systemowy, choć czasem coś się do niego doczepi. Daj logi z Malwarebytes' Anti-Malware, RSITa oraz GMERa. Link do komentarza Udostępnij na innych stronach More sharing options...
Szymon22 Napisano Marzec 4, 2010 Autor Zgłoś Share Napisano Marzec 4, 2010 To jest chyba log z rsita. Logfile of random's system information tool 1.06 (written by random/random) Run by Szymon at 2010-03-04 18:36:15 Microsoft Windows XP Professional Dodatek Service Pack 3 System drive E: has 36 GB (11%) free of 317 GB Total RAM: 3327 MB (67% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:36:16, on 2010-03-04 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\PROGRAMY\AVAST\aswUpdSv.exe E:\PROGRAMY\AVAST\ashServ.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\Explorer.EXE E:\WINDOWS\RTHDCPL.EXE E:\Program Files\ASUS\Six Engine\SixEngine.exe E:\WINDOWS\system32\RUNDLL32.EXE E:\WINDOWS\system32\rundll32.exe E:\PROGRAMY\AVAST\ashDisp.exe E:\PROGRAMY\MS OFFICE 2007\Office12\GrooveMonitor.exe E:\WINDOWS\system32\ctfmon.exe E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\system32\PnkBstrA.exe E:\WINDOWS\system32\PnkBstrB.exe E:\PROGRAMY\Alcohol 120\StarWind\StarWindService.exe E:\WINDOWS\system32\svchost.exe E:\PROGRAMY\AVAST\ashMaiSv.exe E:\PROGRAMY\AVAST\ashWebSv.exe E:\PROGRAMY\Nowe Gadu-Gadu\gg.exe E:\PROGRAMY\Nowe Gadu-Gadu\spellchecker_gg.exe E:\Program Files\Internet Explorer\iexplore.exe E:\Program Files\Internet Explorer\iexplore.exe E:\Program Files\Internet Explorer\iexplore.exe E:\Program Files\Internet Explorer\iexplore.exe E:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe E:\Program Files\Internet Explorer\iexplore.exe E:\WINDOWS\system32\msiexec.exe E:\Documents and Settings\Szymon\Pulpit\RSIT.exe E:\Program Files\Trend Micro\HijackThis\Szymon.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/portal/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRAMY\MS OFFICE 2007\Office12\GrooveShellExtensions.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Six Engine] "E:\Program Files\ASUS\Six Engine\SixEngine.exe" -r O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [avast!] E:\PROGRAMY\AVAST\ashDisp.exe O4 - HKLM\..\Run: [GrooveMonitor] "E:\PROGRAMY\MS OFFICE 2007\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "E:\WINDOWS\TEMP\E_S214.tmp" /EF "HKLM" O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://E:\PROGRAMY\MSOFFI~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRAMY\MSOFFI~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRAMY\MSOFFI~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRAMY\MSOFFI~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O13 - Gopher Prefix: O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{DF16973A-A9A0-4D93-A60A-5714CEE8A137}: NameServer = 217.116.100.65 79.163.127.70 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRAMY\MS OFFICE 2007\Office12\GrooveSystemServices.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\PROGRAMY\AVAST\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - E:\PROGRAMY\AVAST\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - E:\PROGRAMY\AVAST\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - E:\PROGRAMY\AVAST\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - E:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - E:\WINDOWS\system32\PnkBstrB.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\PROGRAMY\Alcohol 120\StarWind\StarWindService.exe -- End of file - 7517 bytes ======Scheduled tasks folder====== E:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job E:\WINDOWS\tasks\User_Feed_Synchronization-{B2749C36-173E-427D-AEDD-47DEFE646F23}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - E:\PROGRAMY\MS OFFICE 2007\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}] EpsonToolBandKicker Class - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {D4027C7F-154A-4066-A1AD-4243D8127440} {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=E:\WINDOWS\RTHDCPL.EXE [2008-05-16 16862720] "Alcmtr"=E:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "Six Engine"=E:\Program Files\ASUS\Six Engine\SixEngine.exe [2008-06-03 5964800] "NvCplDaemon"=E:\WINDOWS\system32\NvCpl.dll [2008-06-16 13533184] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=E:\WINDOWS\system32\NvMcTray.dll [2008-06-16 86016] "AdslTaskBar"=stmctrl.dll,TaskBar [] "avast!"=E:\PROGRAMY\AVAST\ashDisp.exe [2009-09-15 81000] "GrooveMonitor"=E:\PROGRAMY\MS OFFICE 2007\Office12\GrooveMonitor.exe [2008-10-25 31072] "EPSON Stylus DX4000 Series"=E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE [2006-02-21 131072] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=E:\WINDOWS\system32\ctfmon.exe [2009-10-16 15360] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] E:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\wpdshserviceobj.dll [2009-10-16 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=E:\PROGRAMY\MS OFFICE 2007\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "E:\PROGRAMY\Nowe Gadu-Gadu\gg.exe"="E:\PROGRAMY\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu" "E:\PROGRAMY\Xfire\Xfire.exe"="E:\PROGRAMY\Xfire\Xfire.exe:*:Enabled:Xfire" "D:\GRY\METIN 2\metin2.bin"="D:\GRY\METIN 2\metin2.bin:*:Enabled:metin2" "D:\GRY\METIN 2\metin2client.bin"="D:\GRY\METIN 2\metin2client.bin:*:Enabled:metin2client" "D:\GRY\Counter-Strike\hl.exe"="D:\GRY\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher" "D:\GRY\Postal 10th Anniversary\PostalChristmas\System\PostalChristmas.exe"="D:\GRY\Postal 10th Anniversary\PostalChristmas\System\PostalChristmas.exe:*:Enabled:PostalChristmas" "E:\GRY\TITAN QUEST\Titan Quest.exe"="E:\GRY\TITAN QUEST\Titan Quest.exe:*:Enabled:Titan Quest" "D:\m22\haosf3000UpByMrC.exe"="D:\m22\haosf3000UpByMrC.exe:*:Enabled:haosf3000UpByMrC" "E:\PROGRAMY\uTORRENT\uTorrent.exe"="E:\PROGRAMY\uTORRENT\uTorrent.exe:*:Enabled:?Torrent" "D:\m22\123wulin_up_by_MrC.exe"="D:\m22\123wulin_up_by_MrC.exe:*:Enabled:123wulin_up_by_MrC" "D:\GRY\newlongju\mc.exe"="D:\GRY\newlongju\mc.exe:*:Enabled:mc" "E:\PROGRAMY\HAMACHI\hamachi.exe"="E:\PROGRAMY\HAMACHI\hamachi.exe:*:Enabled:Hamachi Client" "E:\Documents and Settings\Szymon\Pulpit\Warcraft III\Warcraft III.exe"="E:\Documents and Settings\Szymon\Pulpit\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III" "D:\m22\kxyt2_S2.exe"="D:\m22\kxyt2_S2.exe:*:Enabled:kxyt2_S2" "D:\m22\metin_TianYunMt2.exe"="D:\m22\metin_TianYunMt2.exe:*:Enabled:metin_TianYunMt2" "E:\GRY\Crysis\Bin32\Crysis.exe"="E:\GRY\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis" "D:\m22\Kopia metin_vipmt2.exe"="D:\m22\Kopia metin_vipmt2.exe:*:Enabled:Kopia metin_vipmt2" "D:\m22\KacMt2.exe"="D:\m22\KacMt2.exe:*:Enabled:KacMt2" "D:\m22\YmYtupByMrCybucH.exe"="D:\m22\YmYtupByMrCybucH.exe:*:Enabled:YmYtupByMrCybucH" "E:\GRY\Call of Duty 4 - Modern Warfare\iw3mp.exe"="E:\GRY\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) " "E:\GRY\Call of Duty - World at War\CoDWaWmp.exe"="E:\GRY\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R): World at War Multiplayer" "E:\GRY\Soldat\Soldat.exe"="E:\GRY\Soldat\Soldat.exe:*:Enabled:http://soldat.pl" "E:\PROGRAMY\Garena\Garena.exe"="E:\PROGRAMY\Garena\Garena.exe:*:Enabled:Garena" "E:\GRY\Counter-Strike\hl.exe"="E:\GRY\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher" "D:\m22\thebestmt2pl_by_olech.exe"="D:\m22\thebestmt2pl_by_olech.exe:*:Enabled:thebestmt2pl_by_olech" "E:\WINDOWS\system32\dpvsetup.exe"="E:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "E:\WINDOWS\system32\rundll32.exe"="E:\WINDOWS\system32\rundll32.exe:*:Enabled:Uruchamia plik DLL jako aplikację" "D:\PROGRAMY\Ares\Ares.exe"="D:\PROGRAMY\Ares\Ares.exe:*:Enabled:Ares p2p for windows" "D:\m22\DX2.XyLongju_Spol_By_Lost.exe"="D:\m22\DX2.XyLongju_Spol_By_Lost.exe:*:Enabled:DX2.XyLongju_Spol_By_Lost" "E:\GRY\Call of Duty - World at War\CoDWaW.exe"="E:\GRY\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R): World at War Campaign/Coop" "D:\m22\GodMt2-Reloaded.exe"="D:\m22\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded" "D:\GRY\PoP\Prince of Persia.exe"="D:\GRY\PoP\Prince of Persia.exe:*:Enabled:Prince of Persia Dx" "D:\GRY\PoP\PrinceOfPersia_Launcher.exe"="D:\GRY\PoP\PrinceOfPersia_Launcher.exe:*:Enabled:Prince of Persia Update" "D:\m22\GHwww_Up_By_MrCybucH.exe"="D:\m22\GHwww_Up_By_MrCybucH.exe:*:Enabled:GHwww_Up_By_MrCybucH" "D:\m22\JdYt2_up_by_MrCybucH.exe"="D:\m22\JdYt2_up_by_MrCybucH.exe:*:Enabled:JdYt2_up_by_MrCybucH" "D:\GRY\STRANGLEHOLD\Binaries\Retail-Stranglehold.exe"="D:\GRY\STRANGLEHOLD\Binaries\Retail-Stranglehold.exe:*:Enabled:Stranglehold" "D:\GRY\BLACK SITE AREA 51\Binaries\Blacksite.exe"="D:\GRY\BLACK SITE AREA 51\Binaries\Blacksite.exe:*:Enabled:Blacksite" "E:\PROGRAMY\MS OFFICE 2007\Office12\OUTLOOK.EXE"="E:\PROGRAMY\MS OFFICE 2007\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "E:\PROGRAMY\MS OFFICE 2007\Office12\GROOVE.EXE"="E:\PROGRAMY\MS OFFICE 2007\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "E:\PROGRAMY\MS OFFICE 2007\Office12\ONENOTE.EXE"="E:\PROGRAMY\MS OFFICE 2007\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "D:\PROGRAMY\STEAM\SteamApps\szymon2244\dark messiah might and magic multi-player\mm.exe"="D:\PROGRAMY\STEAM\SteamApps\szymon2244\dark messiah might and magic multi-player\mm.exe:*:Enabled:mm" "D:\m22\xh.exe"="D:\m22\xh.exe:*:Enabled:xh" "D:\PROGRAMY\STEAM\steam\games\Borderlands\Binaries\Borderlands.exe"="D:\PROGRAMY\STEAM\steam\games\Borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands" "E:\GRY\Counter-Strike\hlds.exe"="E:\GRY\Counter-Strike\hlds.exe:*:Enabled:HLDS Launcher" "D:\m22\LongjuPVP up by MrCybucH4Fun.exe"="D:\m22\LongjuPVP up by MrCybucH4Fun.exe:*:Enabled:LongjuPVP up by MrCybucH4Fun" "E:\GRY\Wolfenstein - Enemy Territory\ET.exe"="E:\GRY\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET" "D:\m22\HMT2.exe"="D:\m22\HMT2.exe:*:Enabled:HMT2" "D:\m22\dx1.SdLongju up by MrCybucH.exe"="D:\m22\dx1.SdLongju up by MrCybucH.exe:*:Enabled:dx1.SdLongju up by MrCybucH" "D:\m22\HMT22.exe"="D:\m22\HMT22.exe:*:Enabled:HMT22" "H:\Counter-Strike\hl.exe"="H:\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher" "E:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="E:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine.exe" "D:\m22\mm.exe"="D:\m22\mm.exe:*:Enabled:mm" "D:\GRY\Unreal Antologia\UT2004\System\UT2004.exe"="D:\GRY\Unreal Antologia\UT2004\System\UT2004.exe:*:Enabled:UT2004" "E:\GRY\NFSU2\speed2.exe"="E:\GRY\NFSU2\speed2.exe:*:Enabled:speed2" "D:\GRY\FLATOUT 2\FlatOut2.exe"="D:\GRY\FLATOUT 2\FlatOut2.exe:*:Enabled:FlatOut2" "E:\GRY\Wings of War\wow.exe"="E:\GRY\Wings of War\wow.exe:*:Enabled:wow" "D:\m22\ZYLJ up by mrcybuch.exe"="D:\m22\ZYLJ up by mrcybuch.exe:*:Enabled:ZYLJ up by mrcybuch" "D:\m22\yt2wwwS2 up by mrcybuch.exe"="D:\m22\yt2wwwS2 up by mrcybuch.exe:*:Enabled:yt2wwwS2 up by mrcybuch" "D:\GRY\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe"="D:\GRY\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (CLI)" "D:\GRY\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe"="D:\GRY\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (SRV)" "E:\GRY\Counter-Strike Source\hl2.exe"="E:\GRY\Counter-Strike Source\hl2.exe:*:Enabled:hl2" "D:\m22\mc.exe"="D:\m22\mc.exe:*:Enabled:mc" "D:\m22\napsimt2_by_hemp_www.przeklej.pl.exe"="D:\m22\napsimt2_by_hemp_www.przeklej.pl.exe:*:Enabled:napsimt2_by_hemp_www.przeklej.pl" "E:\WINDOWS\system32\mmc.exe"="E:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console" "E:\PROGRAMY\STEAM\Steam.exe"="E:\PROGRAMY\STEAM\Steam.exe:*:Enabled:Steam" "D:\PROGRAMY\STEAM\SteamApps\szymon2244\dark messiah might and magic multi-player\runme.exe"="D:\PROGRAMY\STEAM\SteamApps\szymon2244\dark messiah might and magic multi-player\runme.exe:*:Enabled:Dark Messiah Might and Magic Multi-Player" "D:\PROGRAMY\STEAM\SteamApps\szymon2244\team fortress 2\hl2.exe"="D:\PROGRAMY\STEAM\SteamApps\szymon2244\team fortress 2\hl2.exe:*:Enabled:hl2" "D:\m22\wz1980_s2_up by mrcybuch.exe"="D:\m22\wz1980_s2_up by mrcybuch.exe:*:Enabled:wz1980_s2_up by mrcybuch" "E:\Program Files\Electronic Arts\EADM\Core.exe"="E:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager" "E:\GRY\TimeShift\bin\TimeShift.exe"="E:\GRY\TimeShift\bin\TimeShift.exe:*:Enabled:TimeShift" "D:\m22\60.18.147Mt2.exe"="D:\m22\60.18.147Mt2.exe:*:Enabled:60.18.147Mt2" "D:\GRY\Left 4 Dead\left4dead.exe"="D:\GRY\Left 4 Dead\left4dead.exe:*:Enabled:left4dead" "D:\GRY\KILLING FLOOR\System\KillingFloor.exe"="D:\GRY\KILLING FLOOR\System\KillingFloor.exe:*:Enabled:KillingFloor" "D:\GRY\S.T.A.L.K.E.R. - Zew Prypeci\bin\xrEngine.exe"="D:\GRY\S.T.A.L.K.E.R. - Zew Prypeci\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Zew Prypeci (CLI)" "D:\GRY\S.T.A.L.K.E.R. - Zew Prypeci\bin\dedicated\xrEngine.exe"="D:\GRY\S.T.A.L.K.E.R. - Zew Prypeci\bin\dedicated\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Zew Prypeci (SRV)" "D:\GRY\CoD2\CoD2MP_s.exe"="D:\GRY\CoD2\CoD2MP_s.exe:*:Enabled:CoD2MP_s" "D:\m24\wz1980_s2_up by mrcybuch.exe"="D:\m24\wz1980_s2_up by mrcybuch.exe:*:Enabled:wz1980_s2_up by mrcybuch" "D:\m24\u867 up by mrcybuch.exe"="D:\m24\u867 up by mrcybuch.exe:*:Enabled:u867 up by mrcybuch" "D:\m24\metin2modpl.bin"="D:\m24\metin2modpl.bin:*:Enabled:metin2modpl" "D:\m24\Metin2Mod.bin"="D:\m24\Metin2Mod.bin:*:Enabled:Metin2Mod" "D:\m22\Priv-Metin2 Spolszczenie.exe"="D:\m22\Priv-Metin2 Spolszczenie.exe:*:Enabled:Priv-Metin2 Spolszczenie" "D:\m22\AvalonMT2.exe"="D:\m22\AvalonMT2.exe:*:Enabled:AvalonMT2" "D:\m22\Edonia.exe"="D:\m22\Edonia.exe:*:Enabled:Edonia" "D:\m24\Edonia.exe"="D:\m24\Edonia.exe:*:Enabled:Edonia" "D:\m22\Longju99.exe"="D:\m22\Longju99.exe:*:Enabled:Longju99" "D:\m22\Kopia Longju99.exe"="D:\m22\Kopia Longju99.exe:*:Enabled:Kopia Longju99" "D:\m24\Kopia Longju99.exe"="D:\m24\Kopia Longju99.exe:*:Enabled:Kopia Longju99" "D:\m22\Luncher xLasT.exe"="D:\m22\Luncher xLasT.exe:*:Enabled:Luncher xLasT" "D:\GRY\WoW\WORLD OF WARCRAFT\World of Warcraft\WoW-3.1.1.9806-to-3.1.1.9835-enGB-downloader.exe"="D:\GRY\WoW\WORLD OF WARCRAFT\World of Warcraft\WoW-3.1.1.9806-to-3.1.1.9835-enGB-downloader.exe:*:Enabled:WoW-3.1.1.9806-to-3.1.1.9835-enGB-downloader" "D:\GRY\WoW\WORLD OF WARCRAFT\World of Warcraft\Launcher.exe"="D:\GRY\WoW\WORLD OF WARCRAFT\World of Warcraft\Launcher.exe:*:Enabled:Launcher" "D:\GRY\TmNationsForever\TmForever.exe"="D:\GRY\TmNationsForever\TmForever.exe:*:Enabled:TmForever" "E:\GRY\SCPT\Splinter Cell Pandora Tomorrow\pandora.exe"="E:\GRY\SCPT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:pandora" "E:\GRY\Hidden & Dangerous 2\HD2.exe"="E:\GRY\Hidden & Dangerous 2\HD2.exe:*:Enabled:HD2" "E:\WINDOWS\system32\PnkBstrA.exe"="E:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "E:\WINDOWS\system32\PnkBstrB.exe"="E:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Program Files\BBC2beta\BFBC2BetaUpdater.exe"="C:\Program Files\BBC2beta\BFBC2BetaUpdater.exe:*:Enabled:Battlefield Bad Company 2 - BETA" "C:\Program Files\BBC2beta\BFBC2Game.exe"="C:\Program Files\BBC2beta\BFBC2Game.exe:*:Enabled:EA Battlefield: Bad Company? 2 - BETA" "D:\PROGRAMY\STEAM\SteamApps\common\aliens vs predator demo\AvP.exe"="D:\PROGRAMY\STEAM\SteamApps\common\aliens vs predator demo\AvP.exe:*:Enabled:Aliens vs Predator Demo" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a26263ea-cbba-11de-aab3-002215562948}] shell\AutoRun\command - H:\fk.exe shell\open\command - H:\fk.exe ======List of files/folders created in the last 1 months====== 2010-03-04 18:36:15 ----D---- E:\rsit 2010-03-04 17:49:43 ----D---- E:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2010-03-01 20:34:00 ----D---- E:\Documents and Settings\Szymon\Dane aplikacji\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 2010-02-26 22:00:46 ----D---- E:\Program Files\Pando Networks 2010-02-24 10:26:21 ----A---- E:\WINDOWS\War3Unin.exe 2010-02-23 22:59:47 ----HD---- E:\WINDOWS\$NtUninstallKB979306$ 2010-02-21 18:08:59 ----A---- E:\WINDOWS\lsb_un20.exe 2010-02-20 15:30:35 ----D---- E:\Documents and Settings\Szymon\Dane aplikacji\GlarySoft 2010-02-20 15:16:24 ----D---- E:\Program Files\Glary Utilities 2010-02-19 00:18:49 ----D---- E:\Documents and Settings\Szymon\Dane aplikacji\Dev-Cpp 2010-02-17 21:54:24 ----D---- E:\Program Files\Microsoft Silverlight 2010-02-17 21:51:56 ----D---- E:\Program Files\Common Files\Merge Modules 2010-02-17 21:51:07 ----D---- E:\Program Files\Microsoft SDKs 2010-02-17 20:55:50 ----D---- E:\WINDOWS\system32\URTTEMP 2010-02-16 20:42:13 ----D---- E:\Documents and Settings\Szymon\Dane aplikacji\Toribash 2010-02-15 16:47:04 ----D---- E:\Program Files\SkanerOnline 2010-02-13 00:24:19 ----D---- E:\Documents and Settings\Szymon\Dane aplikacji\Bioshock 2010-02-13 00:22:05 ----D---- E:\WINDOWS\system32\NtmsData 2010-02-12 10:24:01 ----D---- E:\WINDOWS\B83FC356B7C0441F8A4DD71E088E7974.TMP 2010-02-11 04:16:10 ----A---- E:\WINDOWS\system32\xfcodec.dll 2010-02-10 22:57:16 ----HD---- E:\WINDOWS\$NtUninstallKB978262$ 2010-02-10 22:57:13 ----HD---- E:\WINDOWS\$NtUninstallKB971468$ 2010-02-10 22:55:08 ----HD---- E:\WINDOWS\$NtUninstallKB978037$ 2010-02-10 22:55:05 ----HD---- E:\WINDOWS\$NtUninstallKB975713$ 2010-02-10 22:55:02 ----HD---- E:\WINDOWS\$NtUninstallKB978251$ 2010-02-10 22:54:58 ----HD---- E:\WINDOWS\$NtUninstallKB975560$ 2010-02-10 22:54:28 ----HD---- E:\WINDOWS\$NtUninstallKB977914$ 2010-02-10 22:54:23 ----HD---- E:\WINDOWS\$NtUninstallKB978706$ 2010-02-10 22:54:13 ----HD---- E:\WINDOWS\$NtUninstallKB977165$ 2010-02-09 22:55:23 ----D---- E:\WINDOWS\Downloaded Installations 2010-02-09 16:24:00 ----A---- E:\WINDOWS\system32\pbsvc_bc2.exe 2010-02-08 20:29:41 ----A---- E:\WINDOWS\pit2007.ini 2010-02-08 20:29:40 ----A---- E:\WINDOWS\pit2009.ini 2010-02-06 20:24:00 ----D---- E:\Documents and Settings\Szymon\Dane aplikacji\Gearbox Software ======List of files/folders modified in the last 1 months====== 2010-03-04 18:31:48 ----SHD---- E:\WINDOWS\Installer 2010-03-04 18:31:48 ----RD---- E:\Program Files 2010-03-04 18:29:31 ----HD---- E:\Program Files\InstallShield Installation Information 2010-03-04 18:29:31 ----D---- E:\GRY 2010-03-04 18:28:54 ----D---- E:\WINDOWS\system32 2010-03-04 18:11:08 ----D---- E:\Documents and Settings\Szymon\Dane aplikacji\uTorrent 2010-03-04 18:00:16 ----D---- E:\WINDOWS\Temp 2010-03-04 17:22:12 ----D---- E:\Documents and Settings\Szymon\Dane aplikacji\Hamachi 2010-03-04 16:57:54 ----D---- E:\WINDOWS\Prefetch 2010-03-04 16:31:15 ----D---- E:\WINDOWS\system32\CatRoot2 2010-03-04 16:27:22 ----D---- E:\Documents and Settings\Szymon\Dane aplikacji\Xfire 2010-03-04 16:13:29 ----A---- E:\WINDOWS\system32\PerfStringBackup.INI 2010-03-03 22:16:29 ----A---- E:\WINDOWS\SchedLgU.Txt 2010-03-02 16:42:07 ----D---- E:\Documents and Settings\Szymon\Dane aplikacji\gtk-2.0 2010-03-01 22:48:43 ----D---- E:\WINDOWS 2010-03-01 20:20:07 ----HD---- E:\WINDOWS\inf 2010-03-01 20:20:07 ----D---- E:\WINDOWS\system32\DirectX 2010-03-01 20:19:20 ----D---- E:\Program Files\Common Files\Adobe AIR 2010-02-23 23:00:05 ----RSHD---- E:\WINDOWS\system32\dllcache 2010-02-23 23:00:03 ----D---- E:\WINDOWS\ie8updates 2010-02-23 23:00:01 ----HD---- E:\WINDOWS\$hf_mig$ 2010-02-23 22:59:58 ----A---- E:\WINDOWS\imsins.BAK 2010-02-20 16:07:04 ----D---- E:\WINDOWS\system32\drivers 2010-02-19 22:08:15 ----D---- E:\WINDOWS\Registration 2010-02-18 10:23:54 ----RSD---- E:\WINDOWS\assembly 2010-02-18 10:23:53 ----D---- E:\WINDOWS\Microsoft.NET 2010-02-17 22:16:16 ----SD---- E:\Documents and Settings\Szymon\Dane aplikacji\Microsoft 2010-02-17 21:54:15 ----D---- E:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2010-02-17 21:53:31 ----SD---- E:\Documents and Settings\All Users\Dane aplikacji\Microsoft 2010-02-17 21:52:59 ----D---- E:\WINDOWS\WinSxS 2010-02-17 21:52:55 ----D---- E:\Program Files\Common Files\Microsoft Shared 2010-02-17 21:51:56 ----D---- E:\Program Files\Common Files 2010-02-17 21:51:55 ----D---- E:\PROGRAMY 2010-02-15 16:47:05 ----SD---- E:\WINDOWS\Downloaded Program Files 2010-02-12 10:23:59 ----D---- E:\Program Files\Common Files\Wise Installation Wizard 2010-02-10 10:51:30 ----A---- E:\WINDOWS\system32\PnkBstrB.exe 2010-02-09 16:24:00 ----A---- E:\WINDOWS\system32\PnkBstrA.exe 2010-02-08 22:45:04 ----D---- E:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts 2010-02-06 16:38:08 ----D---- E:\Documents and Settings\All Users\Dane aplikacji\TrackMania ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; E:\WINDOWS\system32\drivers\Aavmker4.sys [2009-09-15 27408] R1 AsIO;AsIO; E:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400] R1 aswSP;avast! Self Protection; E:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768] R1 aswTdi;avast! Network Shield Support; E:\WINDOWS\system32\drivers\aswTdi.sys [2009-09-15 52368] R1 intelppm;Sterownik procesora Intel; E:\WINDOWS\system32\DRIVERS\intelppm.sys [2009-10-16 40448] R1 vmm;Virtual Machine Monitor; \??\E:\WINDOWS\system32\Drivers\vmm.sys [] R2 aswFsBlk;aswFsBlk; E:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560] R2 aswMon2;avast! Standard Shield Support; E:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160] R2 atksgt;atksgt; E:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-02-20 271360] R2 lirsgt;lirsgt; E:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-02-20 18048] R3 Arp1394;Protokół klienta 1394 ARP; E:\WINDOWS\system32\DRIVERS\arp1394.sys [2009-10-16 60800] R3 aswRdr;aswRdr; E:\WINDOWS\system32\drivers\aswRdr.sys [2009-09-15 23152] R3 hamachi;Hamachi Network Interface; E:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-11-12 25280] R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; E:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2009-10-16 144384] R3 HidUsb;Sterownik Microsoft klasy HID; E:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); E:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-20 4800000] R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller; E:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-02-02 36864] R3 MTsensor;ATK0110 ACPI UTILITY; E:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 NIC1394;Sterownik sieci 1394; E:\WINDOWS\system32\DRIVERS\nic1394.sys [2009-10-16 61824] R3 nv;nv; E:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-06-16 6002816] R3 Stmatm;ATM/ADSL miniport; E:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 60255] R3 TaurusUsb;ADSL Modem USB Service; E:\WINDOWS\system32\DRIVERS\torususb.sys [2006-07-05 683791] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; E:\WINDOWS\system32\DRIVERS\usbehci.sys [2009-10-16 30208] R3 usbhub;Standardowy sterownik koncentratora USB Microsoft; E:\WINDOWS\system32\DRIVERS\usbhub.sys [2009-10-16 59520] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; E:\WINDOWS\system32\DRIVERS\usbuhci.sys [2009-10-16 20608] R3 VPCNetS2;Virtual Machine Network Services Driver; E:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2008-02-05 59960] S3 amen7ipw;amen7ipw; E:\WINDOWS\system32\drivers\amen7ipw.sys [] S3 EagleNT;EagleNT; \??\E:\WINDOWS\system32\drivers\EagleNT.sys [] S3 GarenaPEngine;GarenaPEngine; \??\E:\DOCUME~1\Szymon\USTAWI~1\Temp\XQR19.tmp [] S3 k750bus;Sony Ericsson 750 driver (WDM); E:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-07-07 55216] S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; E:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-07-07 6576] S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; E:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-07-07 89872] S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; E:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-07-07 81728] S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; E:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-07-07 79488] S3 Mkd2kfNt;Mkd2kfNt; E:\WINDOWS\system32\drivers\Mkd2kfNt.sys [2008-10-17 131072] S3 Mkd2Nadr;Mkd2Nadr; E:\WINDOWS\system32\drivers\Mkd2Nadr.sys [2008-10-17 79104] S3 PnkBstrK;PnkBstrK; \??\E:\WINDOWS\system32\drivers\PnkBstrK.sys [] S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; E:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Klasa PRINTER USB Microsoft; E:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Sterownik skanera USB; E:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Sterownik magazynu masowego USB; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; E:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-10-16 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; E:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-10-16 82944] S4 IntelIde;IntelIde; E:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aswUpdSv;avast! iAVS4 Control Service; E:\PROGRAMY\AVAST\aswUpdSv.exe [2009-09-15 18752] R2 avast! Antivirus;avast! Antivirus; E:\PROGRAMY\AVAST\ashServ.exe [2009-09-15 138680] R2 NVSvc;NVIDIA Display Driver Service; E:\WINDOWS\system32\nvsvc32.exe [2008-06-16 159812] R2 PnkBstrA;PnkBstrA; E:\WINDOWS\system32\PnkBstrA.exe [2010-02-09 75064] R2 PnkBstrB;PnkBstrB; E:\WINDOWS\system32\PnkBstrB.exe [2010-02-10 215128] R2 StarWindService;StarWind iSCSI Service; E:\PROGRAMY\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600] R3 avast! Mail Scanner;avast! Mail Scanner; E:\PROGRAMY\AVAST\ashMaiSv.exe [2009-09-15 254040] R3 avast! Web Scanner;avast! Web Scanner; E:\PROGRAMY\AVAST\ashWebSv.exe [2009-09-15 352920] S3 aspnet_state;Usuga stanu ASP.NET; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; e:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; E:\PROGRAMY\MS OFFICE 2007\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 npggsvc;nProtect GameGuard Service; E:\WINDOWS\system32\GameMon.des [2009-10-28 3390312] S3 odserv;Microsoft Office Diagnostics Service; E:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; E:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; E:\WINDOWS\system32\svchost.exe [2009-10-16 14336] S4 NetTcpPortSharing;Usługa udostępniania portów Net.Tcp; E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Log z szybkiego skanowania w malwarebytes: Malwarebytes' Anti-Malware 1.44 Wersja bazy definicji: 3824 Windows 5.1.2600 Dodatek Service Pack 3 Internet Explorer 8.0.6001.18702 2010-03-04 18:44:01 mbam-log-2010-03-04 (18-44-01).txt Typ skanowania: Szybkie skanowanie Przeskanowane obiekty: 116890 Upłynęło: 3 minute(s), 16 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 0 Zainfekowane wartości rejestru: 0 Zainfekowane pliki rejestru: 0 Zainfekowane foldery: 0 Zainfekowane pliki: 0 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: (Nie wykryto groźnych plików) Zainfekowane wartości rejestru: (Nie wykryto groźnych plików) Zainfekowane pliki rejestru: (Nie wykryto groźnych plików) Zainfekowane foldery: (Nie wykryto groźnych plików) Zainfekowane pliki: (Nie wykryto groźnych plików) Sorka za post pod postem. Potem je scale. Jak zrobić log w tym GMER-ze ? Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Marzec 4, 2010 Zgłoś Share Napisano Marzec 4, 2010 Nie scalisz, bo nie masz takich uprawnień. W mojej sygnaturce jest link do FAQ, w nim masz skróconą instrukcję użycia GMERa. Zaraz obadam logi. [edit] Generalnie czysto, tylko jakieś pozostałości po jakimś starym szkodniku. Otwórz notatnik, wklej do niego to co poniżej Windows Registry Editor Version 5.00 [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a26263ea-cbba-11de-aab3-002215562948}] zapisz to jako fix.reg i uruchom. To powinno załatwić sprawę, choć poczekam jeszcze na log z GMERa. Jeśli chodzi o wyniki skanowania plików, to najprawdopodobniej ten drugi plik jest czysty, tylko zawiera jakieś dziwne funkcje, których nie lubią skanery heurystyczne. Zapomniałem poprzednim razem napisać, że antywirusa to Ty nie masz. Usuń Avasta i zainstaluj coś co działa np. Avirę wraz z Comodo Firewall, lub cały pakiet Comodo Internet Security. Link do komentarza Udostępnij na innych stronach More sharing options...
Szymon22 Napisano Marzec 6, 2010 Autor Zgłoś Share Napisano Marzec 6, 2010 Skan z GMER'a zaraz dodam. Niewiem tylko czy infekcja nieposzerzyła sie troche dalej. Komp zaczoł mi nieco przymulać. Co do antywira to pobrałem trial nod'a 32 i kilka szkodników usunoł. Zastanawiam się czy niezrobić reinstalacji systemu. Czy jak przeinstaluje Windowsa XP z poziomu starego XP to czy keylogger sie usunie? Log z GMERa GMER 1.0.14.14116 - http://www.gmer.net Rootkit scan 2010-03-06 12:56:58 Windows 5.1.2600 Dodatek Service Pack 3 ---- System - GMER 1.0.14 ---- SSDT sptd.sys ZwCreateKey [0xBA6D10B0] SSDT sptd.sys ZwEnumerateKey [0xBA6D684C] SSDT sptd.sys ZwEnumerateValueKey [0xBA6D6BEC] SSDT sptd.sys ZwOpenKey [0xBA6D1090] SSDT 88707CB0 ZwOpenProcess SSDT 887080D0 ZwOpenThread SSDT sptd.sys ZwQueryKey [0xBA6D6CC4] SSDT sptd.sys ZwQueryValueKey [0xBA6D6B44] SSDT sptd.sys ZwSetValueKey [0xBA6D6D56] ---- Kernel code sections - GMER 1.0.14 ---- ? E:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text USBPORT.SYS!DllUnload B93BC8AC 5 Bytes JMP 8A7011B8 ? System32\Drivers\ax1mx89y.SYS Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.14 ---- .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[1612] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D56E9 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[1612] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9B5D E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[1612] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D1E1 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[1612] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406AD9EC E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[1612] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4061492C E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[1612] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A47AF E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[1612] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A46E1 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[1612] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A474C E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[1612] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A45B2 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[1612] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A4614 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[1612] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A4812 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[1612] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A4676 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[1612] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 406ADA48 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[1612] ole32.dll!OleLoadFromStream 77519C85 5 Bytes JMP 407A4B17 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\PROGRAMY\ESET\ESET NOD32 Antivirus\ekrn.exe[1656] kernel32.dll!SetUnhandledExceptionFilter 7C844935 4 Bytes [ C2, 04, 00, 00 ] .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[2580] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D56E9 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[2580] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9B5D E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[2580] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D1E1 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[2580] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406AD9EC E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[2580] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4061492C E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[2580] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A47AF E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[2580] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A46E1 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[2580] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A474C E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[2580] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A45B2 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[2580] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A4614 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[2580] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A4812 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[2580] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A4676 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[2580] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 406ADA48 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[2580] ole32.dll!OleLoadFromStream 77519C85 5 Bytes JMP 407A4B17 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[3908] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D56E9 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[3908] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9B5D E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[3908] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D1E1 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[3908] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406AD9EC E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[3908] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4061492C E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[3908] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A47AF E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[3908] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A46E1 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[3908] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A474C E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[3908] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A45B2 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[3908] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A4614 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[3908] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A4812 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[3908] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A4676 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[3908] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 406ADA48 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\IEXPLORE.EXE[3908] ole32.dll!OleLoadFromStream 77519C85 5 Bytes JMP 407A4B17 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6D1ABA] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6D1C00] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6D1B82] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6D272E] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6D2604] sptd.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6E4B9A] sptd.sys ---- User IAT/EAT - GMER 1.0.14 ---- IAT E:\Program Files\Internet Explorer\IEXPLORE.EXE[1612] @ E:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] E:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT E:\Program Files\Internet Explorer\IEXPLORE.EXE[2580] @ E:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] E:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT E:\Program Files\Internet Explorer\IEXPLORE.EXE[3908] @ E:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] E:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 8A6FE1D8 AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) Device \Driver\usbuhci \Device\USBPDO-0 897BA1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A7031D8 Device \Driver\dmio \Device\DmControl\DmConfig 8A7031D8 Device \Driver\dmio \Device\DmControl\DmPnP 8A7031D8 Device \Driver\dmio \Device\DmControl\DmInfo 8A7031D8 Device \Driver\usbuhci \Device\USBPDO-1 897BA1D8 Device \Driver\00000034 \Device\00000052 sptd.sys Device \Driver\usbuhci \Device\USBPDO-2 897BA1D8 Device \Driver\usbehci \Device\USBPDO-3 89798440 Device \Driver\usbuhci \Device\USBPDO-4 897BA1D8 AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET) Device \Driver\usbuhci \Device\USBPDO-5 897BA1D8 Device \Driver\usbuhci \Device\USBPDO-6 897BA1D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 8A6911D8 Device \Driver\usbehci \Device\USBPDO-7 89798440 Device \Driver\Ftdisk \Device\HarddiskVolume2 8A6911D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 8A6911D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{122AE03C-0404-4FC9-98C7-C379D6078958} 89488980 Device \Driver\NetBT \Device\NetBt_Wins_Export 89488980 Device \Driver\NetBT \Device\NetbiosSmb 89488980 Device \Driver\NetBT \Device\NetBT_Tcpip_{DF16973A-A9A0-4D93-A60A-5714CEE8A137} 89488980 Device \Driver\usbuhci \Device\USBFDO-0 897BA1D8 Device \Driver\usbuhci \Device\USBFDO-1 897BA1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 896851D8 Device \Driver\usbuhci \Device\USBFDO-2 897BA1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 896851D8 Device \Driver\usbehci \Device\USBFDO-3 89798440 Device \Driver\NetBT \Device\NetBT_Tcpip_{BE78BE3E-5CA1-45B1-BF36-CD28BDFC3EF5} 89488980 Device \Driver\usbuhci \Device\USBFDO-4 897BA1D8 Device \Driver\Ftdisk \Device\FtControl 8A6911D8 Device \Driver\usbuhci \Device\USBFDO-5 897BA1D8 Device \Driver\usbuhci \Device\USBFDO-6 897BA1D8 Device \Driver\usbehci \Device\USBFDO-7 89798440 Device \Driver\ax1mx89y \Device\Scsi\ax1mx89y1Port5Path0Target0Lun0 897581D8 Device \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target14Lun0 8A7021D8 Device \Driver\mv61xx \Device\Scsi\mv61xx1 8A7021D8 Device \Driver\ax1mx89y \Device\Scsi\ax1mx89y1 897581D8 Device \FileSystem\Cdfs \Cdfs 897C91D8 ---- Threads - GMER 1.0.14 ---- Thread 4:644 88706930 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -524526427 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1936860535 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 E:\PROGRAMY\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x27 0x22 0x10 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEB 0x35 0xEC 0x17 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xCB 0x68 0x2D 0x18 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 E:\PROGRAMY\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x27 0x22 0x10 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEB 0x35 0xEC 0x17 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xCB 0x68 0x2D 0x18 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@E:\Documents and Settings\All Users\Menu Start\Programy\Electronic Arts\Władca Pierścieni\xae - Podbój\x2122\ Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Ac Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Ac@Order 0x08 0x00 0x00 0x00 ... ---- Files - GMER 1.0.14 ---- File E:\Documents and Settings\Szymon\Cookies\szymon@hotfile[1].txt 0 bytes File E:\Documents and Settings\Szymon\Recent\Atomic Erotix.lnk 567 bytes ---- EOF - GMER 1.0.14 ---- Prosze o jak najszybszą odpowiedź. Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Marzec 6, 2010 Zgłoś Share Napisano Marzec 6, 2010 Jeśli zwolnił po instalacji NOD32, to jest to normalne, bo jednak NOD jest cięższy niż Avast!, ale i skuteczniejszy. W logach nic nie widzę. Przeskanuj kompa za pomocą programów Malwarebytes' Anti-Malware, Dr.Web CureIt! oraz a-squared Free. Jeśli coś jest to powinny to coś znaleźć. Link do komentarza Udostępnij na innych stronach More sharing options...
Szymon22 Napisano Marzec 13, 2010 Autor Zgłoś Share Napisano Marzec 13, 2010 Ostatnio pojawiła mi się taka ikona: Czy to może być jakiś wir albo coś innego? Dodam że system mi sie wtedy aktualizował i po następnym uruchomieniu ten plik sam sie otworzył. Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Marzec 13, 2010 Zgłoś Share Napisano Marzec 13, 2010 http://windows.microsoft.com/pl-pl/windows...r-choice-update Link do komentarza Udostępnij na innych stronach More sharing options...
Szymon22 Napisano Marzec 24, 2010 Autor Zgłoś Share Napisano Marzec 24, 2010 Mam kilka procesów svchost.exe. Czy może to być spowodowane wirusem? Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Marzec 24, 2010 Zgłoś Share Napisano Marzec 24, 2010 Tak, ale niekoniecznie. svchost jest używany przez różne usługi systemowe. Wpisz w wierszu poleceń komendę tasklist /svc i wklej tutaj to, co zwrócić, to się zobaczy. Link do komentarza Udostępnij na innych stronach More sharing options...
Szymon22 Napisano Marzec 24, 2010 Autor Zgłoś Share Napisano Marzec 24, 2010 Microsoft Windows XP [Wersja 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. E:\Documents and Settings\Szymon>tasklist /svc Nazwa obrazu PID Usługi ========================= ====== ============================================= System Idle Process 0 Brak System 4 Brak smss.exe 784 Brak csrss.exe 852 Brak winlogon.exe 876 Brak services.exe 920 Eventlog, PlugPlay lsass.exe 932 PolicyAgent, ProtectedStorage, SamSs svchost.exe 1100 DcomLaunch, TermService svchost.exe 1604 RpcSs svchost.exe 1852 AudioSrv, BITS, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, LanmanServer, lanmanworkstation, Netman, Nla, RasMan, Schedule, seclogon, SENS, SharedAccess, ShellHWDetection, srservice, TapiSrv, Themes, TrkWks, W32Time, winmgmt, wscsvc, wuauserv, WZCSVC svchost.exe 1984 Dnscache svchost.exe 244 LmHosts, RemoteRegistry, SSDPSRV spoolsv.exe 508 Spooler explorer.exe 1220 Brak RTHDCPL.exe 1372 Brak SixEngine.exe 1392 Brak rundll32.exe 1424 Brak rundll32.exe 1668 Brak GrooveMonitor.exe 1684 Brak egui.exe 1708 Brak ctfmon.exe 1712 Brak ExprOElauncher.exe 1732 Brak svchost.exe 1780 WebClient ekrn.exe 1832 ekrn jqs.exe 232 JavaQuickStarterService nvsvc32.exe 316 NVSvc PnkBstrA.exe 476 PnkBstrA PnkBstrB.exe 560 PnkBstrB StarWindService.exe 1336 StarWindService svchost.exe 1544 stisvc wmiapsrv.exe 2176 WmiApSrv alg.exe 2640 ALG Xfire.exe 3836 Brak IEXPLORE.EXE 2716 Brak IEXPLORE.EXE 2852 Brak IEXPLORE.EXE 4048 Brak IEXPLORE.EXE 1036 Brak IEXPLORE.EXE 2148 Brak wmiprvse.exe 256 Brak cmd.exe 3012 Brak tasklist.exe 3848 Brak E:\Documents and Settings\Szymon> Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Marzec 24, 2010 Zgłoś Share Napisano Marzec 24, 2010 Nie widać nic groźnego. Link do komentarza Udostępnij na innych stronach More sharing options...
Kwikhodron Napisano Maj 11, 2010 Zgłoś Share Napisano Maj 11, 2010 Na kompie mam chyba keyloggera. Wklejam log z hijackThis i załączam screen procesów, sam nie potrafię nic się z nich dowiedzieć. C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Norton Ghost\Agent\VProTray.exe C:\Program Files\EXPERTool\TBPanel.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Nowe Gadu-Gadu\gg.exe C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe C:\WINDOWS\system32\wscntfy.exe F:\Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\user\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (file missing) O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe" -r O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe" O4 - HKCU\..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B41D5340-9ABB-4D2C-8E82-7183E8122202}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS1\Services\Tcpip\..\{B41D5340-9ABB-4D2C-8E82-7183E8122202}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS2\Services\Tcpip\..\{B41D5340-9ABB-4D2C-8E82-7183E8122202}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OBNOAATNZ - Unknown owner - C:\DOCUME~1\user\USTAWI~1\Temp\OBNOAATNZ.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: PVK - Unknown owner - C:\DOCUME~1\user\USTAWI~1\Temp\PVK.exe (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 7376 bytes Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Maj 11, 2010 Zgłoś Share Napisano Maj 11, 2010 Załóż własny temat, załącz w nim log z Malwarebytes' Anti-Malware oraz ściągnij i uruchom OTL, pozaznaczaj opcje: Scan All Users, LOP Check, Purity Check. Zaznacz też opcję Use Safelist w Extra registry. Wklej oba wygenerowane przez OTL logi. To się obaczy. Nie zaszkodziłby też log z GMERa. Link do komentarza Udostępnij na innych stronach More sharing options...