Skocz do zawartości
ttestadura

Log Hijack

Przez ttestadura, w Centrum Bezpieczeństwa

Rekomendowane odpowiedzi

ttestadura Newbie

ttestadura

Opublikowano
Opublikowano (edytowane)

Prosze o sprawdzenie . Od pewnego czasu dostataje powiadomienia o tym ze ktos zamieszcza oferty handlowe na roznego typu serwisach typu allegro uzywajac mojego adresu email i zaczalem sie zastanawiac czy moj komp nie zostal botem w miedzy czasie ! Pozatym pomio tego ze nic nie robie i żadna aplikacjia "jawna " nie dziala w tle (typu skan antywira itp) to non stop mama zajete okolo 1/4 pojemnosci pamieci ram .W moim przypadku jest to okolo 500mb.

 

Logfile of HijackThis v1.99.1

Scan saved at 03:20:53, on 2008-01-21

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\PowerS.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\everestultimate300\everestultimate300\everest.bin

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Właściciel\Pulpit\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Program Files\everestultimate300\everestultimate300\everest.exe

O4 - Startup: Registration Silent Hunter III.LNK = X:\Ubisoft\SilentHunterIII\Support\Register\RegistrationReminder.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm

O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0E2B8D6C-BDCA-4F5C-B8D4-5AA9AE84DC0C}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS1\Services\Tcpip\..\{0E2B8D6C-BDCA-4F5C-B8D4-5AA9AE84DC0C}: NameServer = 194.204.159.1 217.98.63.164

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Kaspersky Internet Security Home Edition 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Edytowane przez ttestadura

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach
ttestadura Newbie

ttestadura

Opublikowano
Opublikowano

nie ma wiecej szczegółów , tylko tyle - co chwila ktos albo cos zaklada konta w serwisach czy portalach albo zamieszcza drobne ogloszenia handlowei uzywajac moich namiarow i ciagle zajeta mniej wiecej 25procentach pamiec ram

 

ostatnio przyszlo powiadomienie ze na gumtree. pl jakas ku...... spredaje winde vista i podal w namiarach moj mail i miasto w ktorym mieszkam tylko imie i nazwisko bylo inne

 

 

 

 

ComboFix 08-01-20.1 - Waciciel 2008-01-21 10:05:58.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1586 [GMT 1:00]

Running from: C:\Documents and Settings\Waciciel\Pulpit\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat

C:\WINDOWS\system32\ffddfbacfc_g.dll

 

----- Unknown downloads made by BITS: ----

http://javadl.sun.com

.

((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 )))))))))))))))))))))))))))))))

.

 

2008-01-21 10:04 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-21 03:33 . 2008-01-20 13:27 1,152,188,744 --a------ C:\czysta formalnosc.mpg

2008-01-19 20:49 . 2008-01-19 22:21 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2008-01-19 01:20 . 2008-01-19 01:20 <DIR> d-------- C:\Program Files\GameShadow

2008-01-17 01:37 . 2007-12-10 13:37 6,775,412,670 --a------ C:\proc-cohof.rar

2008-01-17 01:37 . 2008-01-14 23:37 461,653,610 --a------ C:\Faces Of Death IV[fajaone] Fuck The pankracy[www.tnttorrentelite.info].rmvb

2008-01-17 01:37 . 2008-01-14 19:36 405,587,996 --a------ C:\Faces Of Death II .www.tnttorrentelite.info.rmvb

2008-01-17 01:37 . 2008-01-14 23:40 402,357,711 --a------ C:\Faces Of Death III [fajaone] Fuck The pankracy [www.tnttorrentelite.info].rmvb

2008-01-17 01:37 . 2008-01-14 02:01 244,533,216 --a------ C:\Faces Of Death V[fajaone] Fuck The pankracy[www.tnttorrentelite.info].rmvb

2008-01-15 23:47 . <DIR> C:\Documents and Settings\Właściciel\Dane aplikacji\GibbHill Properties Ltd

2008-01-13 20:17 . 2008-01-13 20:17 <DIR> d-------- C:\Program Files\AviSynth 2.5

2008-01-13 20:16 . 2008-01-15 00:21 <DIR> d-------- C:\Program Files\Easy RealMedia Tools

2008-01-13 20:16 . 2008-01-13 20:16 <DIR> d-------- C:\Program Files\AC3Filter

2008-01-13 20:16 . 2004-05-25 16:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.cpl

2008-01-13 19:24 . <DIR> C:\Documents and Settings\Właściciel\Dane aplikacji\Creative

2008-01-13 19:21 . 2008-01-13 19:21 <DIR> d-------- C:\Program Files\Real Alternative

2008-01-13 19:04 . 2008-01-13 19:04 <DIR> d--h----- C:\Program Files\Creative Installation Information

2008-01-13 19:04 . 2008-01-13 19:04 <DIR> d-------- C:\Program Files\Common Files\Creative

2008-01-13 19:04 . 1999-12-13 02:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE

2008-01-13 19:04 . 1999-11-18 02:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE

2008-01-13 19:02 . 2000-12-13 03:21 7,572,224 --------- C:\WINDOWS\system32\CT8MGM.SF2

2008-01-13 19:02 . 2000-05-11 01:00 90,112 --------- C:\WINDOWS\Updreg.EXE

2008-01-13 06:52 . 1999-09-22 08:18 2,167,684 -ra------ C:\WINDOWS\system32\ct2mgm.sf2

2008-01-13 06:52 . 2005-07-07 09:14 1,389,056 -ra------ C:\WINDOWS\system32\drivers\P17.sys

2008-01-13 06:52 . 2005-06-13 06:03 137,728 -ra------ C:\WINDOWS\system32\P17res.dll

2008-01-13 06:52 . 2005-06-27 11:37 133,632 --a------ C:\WINDOWS\system32\CtDvInst.dll

2008-01-13 06:52 . 2005-05-03 12:38 64,512 --a------ C:\WINDOWS\system32\P17.dll

2008-01-13 06:52 . 2003-10-02 11:48 53,248 -ra------ C:\WINDOWS\system32\P17CPI.dll

2008-01-13 06:39 . 2008-01-13 06:39 29 --a------ C:\WINDOWS\sfbm.INI

2008-01-11 08:05 . 2008-01-11 08:05 <DIR> d-------- C:\WINDOWS\Close Combat Cross of Iron

2008-01-11 07:47 . 2008-01-11 07:47 <DIR> d-------- C:\WINDOWS\42AC0AAAEC164B84B09E53F01146A5D1.TMP

2008-01-11 07:46 . 2008-01-11 07:46 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\BufferZone

2008-01-11 03:29 . 2008-01-11 03:29 <DIR> d-------- C:\Program Files\BitComet

2008-01-11 03:29 . 2008-01-17 01:56 <DIR> d-------- C:\Downloads

2008-01-11 02:56 . 2008-01-11 02:56 <DIR> d-------- C:\Program Files\XviD

2008-01-11 02:56 . 2002-01-05 14:40 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll

2008-01-11 02:39 . 2008-01-11 02:43 <DIR> d-------- C:\Program Files\Softstunt RM RMVB Converter

2008-01-08 02:16 . 2008-01-08 02:16 630,784 --a------ C:\WINDOWS\system32\divxdec.ax

2008-01-06 18:50 . 2008-01-11 03:57 <DIR> d-------- C:\divx

2008-01-05 15:21 . 2008-01-05 15:21 <DIR> d-------- C:\Program Files\CCleaner

2008-01-05 15:13 . 2008-01-05 15:14 <DIR> d-------- C:\Program Files\autorunss

2008-01-05 03:07 . 2008-01-05 03:07 <DIR> d-------- C:\WINDOWS\system32\windows media

2008-01-05 03:07 . 2008-01-05 03:07 <DIR> d--h----- C:\WINDOWS\msdownld.tmp

2008-01-05 01:50 . 2008-01-05 01:50 360,576 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL

2008-01-04 22:59 . 2008-01-04 22:59 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe

2008-01-04 22:59 . 2008-01-04 22:59 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb

2008-01-04 22:58 . 2008-01-04 22:58 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-01-04 22:58 . 2008-01-04 22:58 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll

2008-01-04 22:58 . 2008-01-04 22:58 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

2008-01-04 22:56 . 2008-01-04 22:56 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-01-04 22:56 . 2008-01-04 22:56 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

2008-01-04 21:12 . 2008-01-04 21:12 <DIR> d-------- C:\Program Files\Ss-Tools

2008-01-04 21:06 . 2008-01-04 21:06 <DIR> d-------- C:\Program Files\NT Registry Optimizer

2008-01-01 12:42 . 2008-01-05 15:07 2,298 --a------ C:\WINDOWS\TSCTNDBG.INI

2007-12-27 14:01 . 2007-12-27 14:01 <DIR> d-------- C:\Program Files\Microsoft Games

2007-12-26 13:09 . 2007-12-26 13:09 <DIR> d-------- C:\Program Files\Google

2007-12-26 13:09 . <DIR> C:\Documents and Settings\Właściciel\Dane aplikacji\Google

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-21 09:09 16,902,176 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-01-21 09:08 1,060,896 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

2008-01-20 09:24 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab

2008-01-20 09:22 233,480 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-01-20 09:22 104,444 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx

2008-01-19 00:21 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-01-16 05:47 --------- d-----w C:\Program Files\eMule

2008-01-13 18:24 --------- d-----w C:\Program Files\Creative

2008-01-11 07:13 155,995 ----a-w C:\WINDOWS\Java\Packages\WDJL39BZ.ZIP

2008-01-11 02:42 --------- d-----w C:\Program Files\DivX

2008-01-11 01:49 --------- d-----w C:\Program Files\EWKS2008

2008-01-11 01:43 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2008-01-06 22:05 --------- d-s---w C:\Documents and Settings\Właściciel\Dane aplikacji\Microsoft

2008-01-05 01:36 --------- d-----w C:\Program Files\Futuremark

2008-01-05 00:50 360,576 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS

2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2007-12-30 20:17 --------- d-----w C:\Documents and Settings\Właściciel\Dane aplikacji\Adobe

2007-12-23 12:29 --------- d-----w C:\Program Files\Gadu-Gadu

2007-12-20 18:29 91,492 ----a-w C:\WINDOWS\system32\drivers\klin.dat

2007-12-20 14:52 1,700,352 ----a-w C:\WINDOWS\system32\gdiplus.dll

2007-12-12 20:32 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat

2007-11-30 23:30 --------- d-----w C:\Program Files\PC Connectivity Solution

2007-11-30 23:30 --------- d-----w C:\Program Files\DIFX

2007-11-30 23:30 --------- d-----w C:\Documents and Settings\Właściciel\Dane aplikacji\PC Suite

2007-11-30 23:30 --------- d-----w C:\Documents and Settings\Właściciel\Dane aplikacji\Nokia

2007-11-30 23:30 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\PC Suite

2007-11-30 23:28 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Installations

2007-11-28 22:59 --------- d-----w C:\Program Files\Folder Lock

2007-11-28 22:55 --------- d-----w C:\Program Files\Debugging Tools for Windows

2007-11-27 11:58 --------- d-----w C:\Program Files\Paragon Software

2007-11-24 02:19 --------- d-----w C:\Documents and Settings\Właściciel\Dane aplikacji\AdobeUM

2007-11-24 02:17 --------- d-----w C:\Program Files\Common Files\Adobe

2007-11-16 10:32 737,280 ----a-w C:\WINDOWS\iun6002.exe

2007-11-16 05:56 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll

2007-11-16 05:56 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll

2007-11-15 06:44 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2007-11-09 20:03 35,363 ----a-w C:\WINDOWS\system32\windrvNT.sys

2006-06-23 13:48 32,768 ----a-w C:\WINDOWS\inf\UpdateUSB.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EVEREST AutoStart"="C:\Program Files\everestultimate300\everestultimate300\everest.exe" [2006-06-27 23:00 47104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43 8466432]

"nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43 81920]

"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2007-01-29 23:02 200768]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"PowerS"="C:\WINDOWS\PowerS.exe" [2001-08-03 17:56 159800]

"P17Helper"="P17.dll" [2005-05-03 12:38 64512 C:\WINDOWS\system32\P17.dll]

"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 10:51 57344]

"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]

"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 13:23 200704]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

 

C:\Documents and Settings\Waciciel\Menu Start\Programy\Autostart\

Registration Silent Hunter III.LNK - X:\Ubisoft\SilentHunterIII\Support\Register\RegistrationReminder.exe [2003-11-06 17:42:02 864256]

 

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-11-17 19:16:53 1205840]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Remote Controller.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Remote Controller.lnk

backup=C:\WINDOWS\pss\Remote Controller.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Scheduler.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Scheduler.lnk

backup=C:\WINDOWS\pss\Scheduler.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2006-03-02 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]

--a------ 2007-03-03 13:12 341488 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

 

R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-08-16 18:42]

R0 NoDevice;A virtual encrypted disk;C:\WINDOWS\system32\DRIVERS\ved.sys [2007-06-21 14:17]

R2 BT878;BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT878.SYS [2003-03-26 22:48]

R2 BTTUNER;BtTuner, WDM TV Tuner;C:\WINDOWS\system32\drivers\BTTUNER.SYS [2002-02-22 13:36]

R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.SYS [2002-02-22 13:36]

R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2007-01-04 13:48]

R3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\everestultimate300\everestultimate300\kerneld.wnt [2006-06-27 23:00]

S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2007-01-04 13:47]

S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys []

 

*Newly Created Service* - PROCEXP90

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-21 10:09:18

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

disk error: C:\WINDOWS\

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\catchme]

"ImagePath"="\??\C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\catchme.sys"

.

Completion time: 2008-01-21 10:16:20

ComboFix-quarantined-files.txt 2008-01-21 09:15:27

 

 

s[ciach!]........ wbil mi sie na konto w jaks sposob bo teraz posprawdzalem te powiadomienia i okazlo sie ze wszystkie zostaly aktywowane z mojego adresu email

 

musial mi sie wbic na komp i pewnie wykorzysal autouzupelnianie hasel ( wa mac ale glupi bylem ze mialem to wlaczone wlaczone)

 

co teraz poczac , przecież uzywajac moich danych ten ktos moze mnie na ladna mine wpierd.....

 

znalazem tez teraz oferte sprzedzy samochodu na gratka.pl powiazana z moim adresem email

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach
Gość
Ten temat został zamknięty. Brak możliwości dodania odpowiedzi.
Tematy
×
×
  • Dodaj nową pozycję...