Kilka Problemów (log Hijack)

s3in · 14 Maja 2008

Yo, mam następujące problemy

- Włączam ściąganie filmu np. na noc. Kiedy po ściągnięciu włączam go często jest go tylko ok. 75%, pasek czasu do końca filmu leci a sam obraz/dźwięk już nie.

- Od pewnego czasu pewna część piosenek na moim kompie które wcześniej działały teraz nie są do odtworzenia - wyskakują z błędem "Program Windows Media Player nie może uzyskać dostępu do pliku. Plik może być w użyciu, nie masz dostępu do komputera, na którym jest przechowywany plik lub ustawienia serwera proxy są niepoprawne.

- Strasznie opóźnienie internetu, warpy w grach

Domyślam się że chociaż część z tych problemów związana jest z jakimiś wirusami / spyware.

Wklejam log hicjacka, jeżeli z czegoś jeszcze mam wkleić logi to mówcie. pozdrawiam

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:31:36, on 2008-05-14

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20696)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

D:\Program Files\Gadu-Gadu\gg.exe

C:\PROGRA~1\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finderg.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe

O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinPrint.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Global Startup: DSLMON.lnk = ?

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Program Files\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Program Files\ICQ6\ICQ.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{9D0606B7-53E0-48AC-8550-3504E2D019F3}: NameServer = 194.204.159.1 217.98.63.164

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: NetTime (NetTimeSvc) - Subjective Software - D:\Program Files\NetTime\NeTmSvNT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--

End of file - 6116 bytes

Edytowane 16 Maja 2008 przez XaD_

s3in · 14 Maja 2008

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - ComboFix

ComboFix 08-05-12.1 - Sejn 2008-05-15 0:13:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.562 [GMT 2:00]
Running from: C:\Documents and Settings\Sejn\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-14 to 2008-05-14 )))))))))))))))))))))))))))))))
.

2008-05-14 20:15 . 2008-05-14 20:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-12 23:03 . 2008-05-12 23:04 <DIR> d-------- C:\WINDOWS\NV13242528.TMP
2008-05-12 23:03 . 2008-04-30 23:32 181,927 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-05-12 21:21 . 2008-05-12 21:21 <DIR> d-------- C:\Program Files\Google
2008-05-10 14:51 . 2008-05-10 14:51 <DIR> d----c--- C:\Documents and Settings\All Users\Dane aplikacji\Avg8
2008-05-06 23:01 . 2008-05-06 23:01 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-06 23:01 . 2008-05-06 23:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-06 22:45 . 2008-05-06 22:45 <DIR> d----c--- C:\Documents and Settings\All Users\Dane aplikacji\Yahoo! Companion
2008-05-06 22:07 . 2008-05-06 22:07 <DIR> d-------- C:\Program Files\AVG
2008-05-06 22:07 . 2008-05-06 22:07 <DIR> d-------- C:\Documents and Settings\Sejn\Dane aplikacji\AVGTOOLBAR
2008-05-05 22:43 . 2008-05-06 21:53 <DIR> d-------- C:\Documents and Settings\Sejn\Dane aplikacji\GanymedeNet
2008-05-05 22:42 . 2008-05-05 22:43 <DIR> d-------- C:\Program Files\Ganymede
2008-05-05 18:54 . 2008-05-05 18:54 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-05 15:24 . 2008-05-05 15:24 <DIR> d-------- C:\WINDOWS\SoftR
2008-05-04 11:45 . 2008-05-14 18:14 <DIR> d-------- C:\Documents and Settings\Sejn\Dane aplikacji\Draco Organizer
2008-04-29 11:20 . 2008-04-29 11:20 15,648 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 11:19 . 2008-04-29 11:19 15,648 --a------ C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 11:19 . 2008-04-29 11:19 12,960 --a------ C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-21 15:08 . 2008-04-21 15:08 13,144 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-04-17 15:23 . 2008-02-12 12:46 285,912 --------- C:\WINDOWS\system32\cfosspeed.dll
2008-04-17 09:38 . 2008-04-17 09:38 <DIR> d-------- C:\Program Files\marbit
2008-04-16 12:03 . 2008-03-20 09:23 263,384 --a------ C:\WINDOWS\system32\drivers\cfosbc.sys
2008-04-16 10:30 . 2008-05-06 22:18 <DIR> d-------- C:\Program Files\SkanerOnline
2008-04-16 09:52 . 2008-04-16 09:52 <DIR> d-------- C:\WINDOWS\Sun
2008-04-16 09:52 . 2008-04-16 10:29 <DIR> d-------- C:\Documents and Settings\Sejn\.housecall6.6
2008-04-16 09:47 . 2008-04-16 09:47 <DIR> d-------- C:\Program Files\Java
2008-04-16 09:47 . 2008-03-25 00:07 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-16 09:44 . 2008-04-16 09:44 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-15 06:31 . 2008-04-15 06:31 <DIR> d-------- C:\Program Files\Elfin
2008-04-14 21:12 . 2008-04-14 21:12 <DIR> d-------- C:\Documents and Settings\Sejn\Dane aplikacji\ICQ Toolbar
2008-04-14 19:22 . 2008-04-14 19:22 249,856 --------- C:\WINDOWS\Setup1.exe
2008-04-14 19:22 . 2008-04-14 19:22 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 17:53 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-14 17:52 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-14 00:27 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\uTorrent
2008-05-12 13:11 --------- d-----w C:\Program Files\DScaler
2008-04-23 15:19 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-17 16:34 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\mIRC
2008-04-17 14:11 --------- d-----w C:\Program Files\RivaTuner v2.08
2008-04-17 14:11 --------- d-----w C:\Program Files\mnProjects
2008-04-17 14:11 --------- d-----w C:\Program Files\ICQToolbar
2008-04-16 18:28 32 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-04-16 04:59 --------- dc--a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-04-15 04:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-15 04:30 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-14 16:51 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-04-10 19:28 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\ICQ
2008-04-04 15:45 37,888 ----a-w C:\WINDOWS\system32\rar.exe
2008-04-03 13:17 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-04-03 13:15 --------- d-----w C:\Program Files\MSBuild
2008-04-03 13:15 --------- d-----w C:\Program Files\Microsoft Works
2008-04-01 19:10 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-03-30 18:32 --------- d-----w C:\Program Files\uTorrent
2008-03-27 16:33 --------- d-----w C:\Program Files\Reflex
2008-03-25 17:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-25 17:07 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\InterTrust
2008-03-24 17:46 --------- d-----w C:\Program Files\eMule
2008-03-23 15:19 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-03-20 16:26 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\Media Player Classic
2008-03-17 21:05 --------- d-----w C:\Program Files\Damian Pasternak
2008-03-17 20:17 --------- d-----w C:\Program Files\ChrisTV PVR
2008-03-17 20:13 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
2008-03-17 20:13 --------- d-----w C:\Program Files\WinFast
2008-03-17 20:13 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-03-17 20:00 --------- d-----w C:\Program Files\C-Media
2008-03-17 19:57 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\InstallShield
2008-03-17 18:01 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\Talkback
2008-03-17 18:00 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\Gadu-Gadu
2008-03-17 17:22 --------- d-----w C:\Program Files\SAGEM
2008-03-17 17:08 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-17 16:47 --------- d-----w C:\Program Files\A4Tech
2008-03-17 15:38 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-17 15:37 --------- d-----w C:\Program Files\MSXML 6.0
2008-03-17 15:37 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-17 15:35 --------- d-----w C:\Program Files\Usługi online
2008-03-17 15:32 --------- d-----w C:\Program Files\Windows Media Connect 2
2001-11-23 12:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-04-30 23:32 13529088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 01:58 144784]
"nwiz"="nwiz.exe" [2008-04-30 23:32 1630208 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-04-30 23:32 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [2008-01-24 11:42 124928 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-04-16 20:28:08 839680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"Windows Printing Driver"= WinPrint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
-ra------ 2002-07-12 18:33 1581056 C:\WINDOWS\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChrisTV Agent]
--a------ 2008-02-11 13:31 275456 C:\Program Files\ChrisTV PVR\ChrisTV_Agent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
--a------ 2005-12-14 16:14 176128 C:\Program Files\A4Tech\Mouse\Amoumain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
--a------ 2005-09-30 06:48 319488 D:\Program Files\WinFast\WFTVFM\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=2 (0x2)
"Spooler"=2 (0x2)
"wuauserv"=3 (0x3)
"wscsvc"=2 (0x2)
"UPS"=3 (0x3)
"SCardSvr"=3 (0x3)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableOvverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"D:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"D:\\Program Files\\ICQ6\\ICQ.exe"=

R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2004-10-04 10:04]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2004-10-04 10:04]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2004-10-04 10:04]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 08:33]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 08:37]
S2 NetTimeSvc;NetTime;D:\Program Files\NetTime\NeTmSvNT.exe [2000-12-31 14:42]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 20:38]
S3 WFIOCTL;WFIOCTL;D:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 14:25]

*Newly Created Service* - CATCHME
*Newly Created Service* - PNKBSTRK
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 00:14:41
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-15 0:15:48
ComboFix-quarantined-files.txt 2008-05-14 22:15:43

Pre-Run: 2,720,980,992 bajtów wolnych
Post-Run: 2,733,273,088 bajtów wolnych

190

Edytowane 16 Maja 2008 przez XaD_

s3in · 15 Maja 2008

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:45:17, on 2008-05-15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\NetTime\NeTmSvNT.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
D:\Program Files\Gadu-Gadu\gg.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D0606B7-53E0-48AC-8550-3504E2D019F3}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: NetTime (NetTimeSvc) - Subjective Software - D:\Program Files\NetTime\NeTmSvNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 4646 bytes

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - ComboFix

ComboFix 08-05-12.1 - Sejn 2008-05-15 20:47:00.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.647 [GMT 2:00]
Running from: C:\Documents and Settings\Sejn\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-15 to 2008-05-15 )))))))))))))))))))))))))))))))
.

2008-05-15 14:24 . 2008-05-15 14:24 <DIR> d----c--- C:\_OTMoveIt
2008-05-14 20:15 . 2008-05-14 20:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-12 23:03 . 2008-05-12 23:04 <DIR> d-------- C:\WINDOWS\NV13242528.TMP
2008-05-12 23:03 . 2008-04-30 23:32 181,927 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-05-12 21:21 . 2008-05-12 21:21 <DIR> d-------- C:\Program Files\Google
2008-05-10 14:51 . 2008-05-10 14:51 <DIR> d----c--- C:\Documents and Settings\All Users\Dane aplikacji\Avg8
2008-05-06 23:01 . 2008-05-06 23:01 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-06 23:01 . 2008-05-06 23:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-06 22:45 . 2008-05-06 22:45 <DIR> d----c--- C:\Documents and Settings\All Users\Dane aplikacji\Yahoo! Companion
2008-05-06 22:07 . 2008-05-06 22:07 <DIR> d-------- C:\Program Files\AVG
2008-05-06 22:07 . 2008-05-06 22:07 <DIR> d-------- C:\Documents and Settings\Sejn\Dane aplikacji\AVGTOOLBAR
2008-05-05 22:43 . 2008-05-06 21:53 <DIR> d-------- C:\Documents and Settings\Sejn\Dane aplikacji\GanymedeNet
2008-05-05 22:42 . 2008-05-05 22:43 <DIR> d-------- C:\Program Files\Ganymede
2008-05-05 18:54 . 2008-05-05 18:54 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-05 15:24 . 2008-05-05 15:24 <DIR> d-------- C:\WINDOWS\SoftR
2008-05-04 11:45 . 2008-05-15 14:37 <DIR> d-------- C:\Documents and Settings\Sejn\Dane aplikacji\Draco Organizer
2008-04-29 11:20 . 2008-04-29 11:20 15,648 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 11:19 . 2008-04-29 11:19 15,648 --a------ C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 11:19 . 2008-04-29 11:19 12,960 --a------ C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-21 15:08 . 2008-04-21 15:08 13,144 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-04-17 15:23 . 2008-02-12 12:46 285,912 --------- C:\WINDOWS\system32\cfosspeed.dll
2008-04-17 09:38 . 2008-04-17 09:38 <DIR> d-------- C:\Program Files\marbit
2008-04-16 12:03 . 2008-03-20 09:23 263,384 --a------ C:\WINDOWS\system32\drivers\cfosbc.sys
2008-04-16 10:30 . 2008-05-06 22:18 <DIR> d-------- C:\Program Files\SkanerOnline
2008-04-16 09:52 . 2008-04-16 09:52 <DIR> d-------- C:\WINDOWS\Sun
2008-04-16 09:52 . 2008-04-16 10:29 <DIR> d-------- C:\Documents and Settings\Sejn\.housecall6.6
2008-04-16 09:47 . 2008-04-16 09:47 <DIR> d-------- C:\Program Files\Java
2008-04-16 09:47 . 2008-03-25 00:07 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-16 09:44 . 2008-04-16 09:44 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-15 06:31 . 2008-04-15 06:31 <DIR> d-------- C:\Program Files\Elfin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 12:33 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-15 12:33 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-14 00:27 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\uTorrent
2008-05-12 13:11 --------- d-----w C:\Program Files\DScaler
2008-04-23 15:19 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-17 16:34 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\mIRC
2008-04-17 14:11 --------- d-----w C:\Program Files\RivaTuner v2.08
2008-04-17 14:11 --------- d-----w C:\Program Files\mnProjects
2008-04-17 14:11 --------- d-----w C:\Program Files\ICQToolbar
2008-04-16 18:28 32 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-04-16 04:59 --------- dc--a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-04-15 04:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-15 04:30 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-14 19:12 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\ICQ Toolbar
2008-04-14 17:22 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-04-14 17:22 249,856 ------w C:\WINDOWS\Setup1.exe
2008-04-14 16:51 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-04-10 19:28 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\ICQ
2008-04-04 15:45 37,888 ----a-w C:\WINDOWS\system32\rar.exe
2008-04-03 13:17 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-04-03 13:15 --------- d-----w C:\Program Files\MSBuild
2008-04-03 13:15 --------- d-----w C:\Program Files\Microsoft Works
2008-04-01 19:10 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-03-30 18:32 --------- d-----w C:\Program Files\uTorrent
2008-03-27 16:33 --------- d-----w C:\Program Files\Reflex
2008-03-25 17:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-25 17:07 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\InterTrust
2008-03-24 17:46 --------- d-----w C:\Program Files\eMule
2008-03-23 15:19 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-03-20 16:26 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\Media Player Classic
2008-03-17 21:05 --------- d-----w C:\Program Files\Damian Pasternak
2008-03-17 20:17 --------- d-----w C:\Program Files\ChrisTV PVR
2008-03-17 20:13 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
2008-03-17 20:13 --------- d-----w C:\Program Files\WinFast
2008-03-17 20:13 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-03-17 20:00 --------- d-----w C:\Program Files\C-Media
2008-03-17 19:57 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\InstallShield
2008-03-17 18:01 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\Talkback
2008-03-17 18:00 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\Gadu-Gadu
2008-03-17 17:22 --------- d-----w C:\Program Files\SAGEM
2008-03-17 17:08 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-17 16:47 --------- d-----w C:\Program Files\A4Tech
2008-03-17 15:38 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-17 15:37 --------- d-----w C:\Program Files\MSXML 6.0
2008-03-17 15:37 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-17 15:35 --------- d-----w C:\Program Files\Usługi online
2008-03-17 15:32 --------- d-----w C:\Program Files\Windows Media Connect 2
2001-11-23 12:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((( snapshot@2008-05-15_ 0.15.36,01 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-14 16:07:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-15 18:35:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-04-30 23:32 13529088]
"nwiz"="nwiz.exe" [2008-04-30 23:32 1630208 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-04-30 23:32 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [2008-01-24 11:42 124928 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-04-16 20:28:08 839680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
-ra------ 2002-07-12 18:33 1581056 C:\WINDOWS\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChrisTV Agent]
--a------ 2008-02-11 13:31 275456 C:\Program Files\ChrisTV PVR\ChrisTV_Agent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
--a------ 2005-12-14 16:14 176128 C:\Program Files\A4Tech\Mouse\Amoumain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
--a------ 2005-09-30 06:48 319488 D:\Program Files\WinFast\WFTVFM\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=2 (0x2)
"Spooler"=2 (0x2)
"wuauserv"=3 (0x3)
"wscsvc"=2 (0x2)
"UPS"=3 (0x3)
"SCardSvr"=3 (0x3)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableOvverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"D:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"D:\\Program Files\\ICQ6\\ICQ.exe"=

R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2004-10-04 10:04]
R2 NetTimeSvc;NetTime;D:\Program Files\NetTime\NeTmSvNT.exe [2000-12-31 14:42]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2004-10-04 10:04]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2004-10-04 10:04]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 08:33]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 08:37]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 20:38]
S3 WFIOCTL;WFIOCTL;D:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 14:25]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 20:48:04
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-15 20:49:15
ComboFix-quarantined-files.txt 2008-05-15 18:49:11
ComboFix2.txt 2008-05-14 22:15:49

Pre-Run: 2,751,344,640 bajtów wolnych
Post-Run: 2,743,304,192 bajtów wolnych

191

a w SDFIX'ie 0 procesów ukrytych itp. Edytowane 16 Maja 2008 przez XaD_

s3in · 18 Maja 2008

Nadal to samo;/ Jakieś pomysły?

Manhunt · 18 Maja 2008

Używasz IE?

Jeśli nie to usuń:

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Program Files\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Program Files\ICQ6\ICQ.exe

Zaznaczas i dajesz "Fix Checked" Edytowane 18 Maja 2008 przez ManhunT666

s3in · 18 Maja 2008

Coś jeszcze jest?

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Combofix log"

ComboFix 08-05-15.3 - Sejn 2008-05-18 16:37:50.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.622 [GMT 2:00]

Running from: C:\Documents and Settings\Sejn\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))

.

2008-05-18 16:33 . 2008-05-13 02:57 <DIR> d----c--- C:\SDFix

2008-05-14 20:15 . 2008-05-14 20:15 <DIR> d-------- C:\Program Files\Trend Micro

2008-05-12 23:03 . 2008-05-12 23:04 <DIR> d-------- C:\WINDOWS\NV13242528.TMP

2008-05-12 23:03 . 2008-04-30 23:32 181,927 --a------ C:\WINDOWS\system32\nvapps.nvb

2008-05-12 21:21 . 2008-05-12 21:21 <DIR> d-------- C:\Program Files\Google

2008-05-10 14:51 . 2008-05-10 14:51 <DIR> d----c--- C:\Documents and Settings\All Users\Dane aplikacji\Avg8

2008-05-06 23:01 . 2008-05-06 23:01 <DIR> d-------- C:\Program Files\Lavasoft

2008-05-06 23:01 . 2008-05-06 23:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-05-06 22:45 . 2008-05-06 22:45 <DIR> d----c--- C:\Documents and Settings\All Users\Dane aplikacji\Yahoo! Companion

2008-05-06 22:07 . 2008-05-06 22:07 <DIR> d-------- C:\Program Files\AVG

2008-05-06 22:07 . 2008-05-06 22:07 <DIR> d-------- C:\Documents and Settings\Sejn\Dane aplikacji\AVGTOOLBAR

2008-05-05 22:43 . 2008-05-06 21:53 <DIR> d-------- C:\Documents and Settings\Sejn\Dane aplikacji\GanymedeNet

2008-05-05 22:42 . 2008-05-05 22:43 <DIR> d-------- C:\Program Files\Ganymede

2008-05-05 18:54 . 2008-05-05 18:54 <DIR> d-------- C:\Program Files\Yahoo!

2008-05-05 15:24 . 2008-05-05 15:24 <DIR> d-------- C:\WINDOWS\SoftR

2008-05-04 11:45 . 2008-05-18 11:53 <DIR> d-------- C:\Documents and Settings\Sejn\Dane aplikacji\Draco Organizer

2008-04-29 11:20 . 2008-04-29 11:20 15,648 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys

2008-04-29 11:19 . 2008-04-29 11:19 15,648 --a------ C:\WINDOWS\system32\drivers\Awrtrd.sys

2008-04-29 11:19 . 2008-04-29 11:19 12,960 --a------ C:\WINDOWS\system32\drivers\Awrtpd.sys

2008-04-21 15:08 . 2008-04-21 15:08 13,144 --a------ C:\WINDOWS\system32\lsdelete.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-18 13:30 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-05-18 13:30 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-05-16 22:41 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\uTorrent

2008-05-12 13:11 --------- d-----w C:\Program Files\DScaler

2008-05-06 20:18 --------- d-----w C:\Program Files\SkanerOnline

2008-04-23 15:19 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE

2008-04-17 16:34 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\mIRC

2008-04-17 14:11 --------- d-----w C:\Program Files\RivaTuner v2.08

2008-04-17 14:11 --------- d-----w C:\Program Files\mnProjects

2008-04-17 14:11 --------- d-----w C:\Program Files\ICQToolbar

2008-04-17 07:38 --------- d-----w C:\Program Files\marbit

2008-04-16 18:28 32 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg

2008-04-16 07:47 --------- d-----w C:\Program Files\Java

2008-04-16 07:44 --------- d-----w C:\Program Files\Common Files\Java

2008-04-16 04:59 --------- dc--a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2008-04-15 04:32 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-15 04:31 --------- d-----w C:\Program Files\Elfin

2008-04-15 04:30 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-04-14 19:12 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\ICQ Toolbar

2008-04-14 17:22 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2008-04-14 17:22 249,856 ------w C:\WINDOWS\Setup1.exe

2008-04-14 16:51 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy

2008-04-10 19:28 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\ICQ

2008-04-04 15:45 37,888 ----a-w C:\WINDOWS\system32\rar.exe

2008-04-03 13:17 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help

2008-04-03 13:15 --------- d-----w C:\Program Files\MSBuild

2008-04-03 13:15 --------- d-----w C:\Program Files\Microsoft Works

2008-04-01 19:10 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft

2008-03-30 18:32 --------- d-----w C:\Program Files\uTorrent

2008-03-27 16:33 --------- d-----w C:\Program Files\Reflex

2008-03-25 17:08 --------- d-----w C:\Program Files\Common Files\Adobe

2008-03-25 17:07 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\InterTrust

2008-03-24 17:46 --------- d-----w C:\Program Files\eMule

2008-03-23 15:19 --------- d-----w C:\Program Files\NAPI-PROJEKT

2008-03-20 16:26 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\Media Player Classic

2008-03-20 07:23 263,384 ----a-w C:\WINDOWS\system32\drivers\cfosbc.sys

2008-03-17 17:08 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2001-11-23 12:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-04-30 23:32 13529088]

"nwiz"="nwiz.exe" [2008-04-30 23:32 1630208 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-04-30 23:32 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="regsvr32 /s /n /i:U shell32" []

"nltide_3"="advpack.dll" [2008-01-24 11:42 124928 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-04-16 20:28:08 839680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"SynchronousMachineGroupPolicy"= 0 (0x0)

"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMBalloonTip"= 1 (0x1)

"MemCheckBoxInRunDlg"= 0 (0x0)

"NoAutoTrayNotify"= 0 (0x0)

"NoResolveTrack"= 0 (0x0)

"NoResolveSearch"= 1 (0x1)

"NoWelcomeScreen"= 1 (0x1)

"NoRecentDocsNetHood"= 1 (0x1)

"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3fhg"= mp3fhg.acm

"msacm.divxa32"= divxa32.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk

backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]

-ra------ 2002-07-12 18:33 1581056 C:\WINDOWS\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChrisTV Agent]

--a------ 2008-02-11 13:31 275456 C:\Program Files\ChrisTV PVR\ChrisTV_Agent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]

--a------ 2005-12-14 16:14 176128 C:\Program Files\A4Tech\Mouse\Amoumain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]

--a------ 2005-09-30 06:48 319488 D:\Program Files\WinFast\WFTVFM\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"UleadBurningHelper"=2 (0x2)

"Spooler"=2 (0x2)

"wuauserv"=3 (0x3)

"wscsvc"=2 (0x2)

"UPS"=3 (0x3)

"SCardSvr"=3 (0x3)

"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableOvverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"D:\\Program Files\\The All-Seeing Eye\\eye.exe"=

"D:\\Program Files\\Gadu-Gadu\\gg.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"D:\\Program Files\\ICQ6\\ICQ.exe"=

R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2004-10-04 10:04]

R2 NetTimeSvc;NetTime;D:\Program Files\NetTime\NeTmSvNT.exe [2000-12-31 14:42]

R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2004-10-04 10:04]

R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2004-10-04 10:04]

R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 08:33]

S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 08:37]

S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 20:38]

S3 WFIOCTL;WFIOCTL;D:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 14:25]

*Newly Created Service* - CATCHME

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-18 16:38:51

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-05-18 16:39:59

ComboFix-quarantined-files.txt 2008-05-18 14:39:54

ComboFix2.txt 2008-05-15 18:49:16

Pre-Run: 2,687,102,976 bajtów wolnych

Post-Run: 2,722,418,688 bajtów wolnych

168

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Hijackthis log"

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:41:28, on 2008-05-18