Pride Napisano 7 Marca 2009 Zgłoś Napisano 7 Marca 2009 (edytowane) Witam. Od wczoraj PC zaczął się dziwnie zachowywać. Tzn. uruchamia się normalnie, ale przy pojawieniu się pulpitu tak jakby się zawiesza. Mogę ruszać myszką i... no właśnie to wszystko. Nic innego nie mogę zrobić. Zainstalowałem wiec NOD 32 (który wykrył trojany 2fil.bat - lecz ich nie usunął, a jedynie poddał kwarantannie). Zrobiłem także logi. Oto rezultat: » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "HijackThis v2.0.2" Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:39:47, on 2009-03-07Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\office keyboard driver\Hotkey.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\RALINK\Common\ApUI.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\GIGABYTE\EnergySaver\GSvr.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\WINDOWS\system32\wuauclt.exeC:\Documents and Settings\Mateusz\Pulpit\HiJackThis.exeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dllO2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dllO2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dllO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [GEST] m‘|\üO4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [Hotkey] C:\Program Files\office keyboard driver\Hotkey.exeO4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitserviceO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_SA3.tmp" /EF "HKCU"O4 - HKCU\..\Run: [Auto EPSON Stylus DX7400 Series na SLAVE] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_S261.tmp" /EF "HKCU"O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /SO4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\ApUI.exeO8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htmO8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htmO8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Usługa licencjonowania programu ABBYY FineReader 9.0 (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe--End of file - 6687 bytes oraz: » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "ComboFix" ComboFix 09-03-06.01 - Mateusz 2009-03-07 12:45:23.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2046.1583 [GMT 1:00]Uruchomiony z: c:\documents and settings\Mateusz\Pulpit\ComboFix.exeAV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) * Utworzono nowy punkt przywracaniaUWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).C:\2.batC:\autorun.infc:\windows\system32\nmdfgds0.dllc:\windows\system32\nmdfgds1.dllc:\windows\system32\olhrwef.exec:\windows\system32\pthreadGC2.dllD:\2.batD:\Autorun.infE:\2.batE:\Autorun.infF:\2.batF:\Autorun.infG:\2.batG:\Autorun.infH:\2.batH:\Autorun.inf.((((((((((((((((((((((((( Pliki utworzone od 2009-02-07 do 2009-03-07 ))))))))))))))))))))))))))))))).2009-03-07 11:03 . 2009-03-07 11:03 <DIR> d-------- c:\program files\ESET2009-03-07 11:03 . 2009-03-07 11:03 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ESET2009-03-04 19:32 . 2009-03-04 19:35 <DIR> d-------- c:\program files\LineAge Utils2009-03-04 16:27 . 2009-03-04 16:27 <DIR> d-------- c:\program files\OpenAL2009-03-02 17:13 . 2009-03-04 22:06 <DIR> d-a------ c:\documents and settings\All Users\Dane aplikacji\TEMP2009-03-01 21:14 . 2009-03-01 21:14 <DIR> d-------- c:\documents and settings\Mateusz\Dane aplikacji\Uniblue2009-03-01 15:33 . 2007-04-23 15:54 108,680 -ra------ c:\windows\system32\drivers\s115mdm.sys2009-03-01 15:33 . 2007-04-23 15:54 100,488 -ra------ c:\windows\system32\drivers\s115mgmt.sys2009-03-01 15:33 . 2007-04-23 15:54 98,568 -ra------ c:\windows\system32\drivers\s115obex.sys2009-03-01 15:33 . 2007-04-23 15:54 83,208 -ra------ c:\windows\system32\drivers\s115bus.sys2009-03-01 15:33 . 2007-04-23 15:54 15,112 -ra------ c:\windows\system32\drivers\s115mdfl.sys2009-03-01 15:33 . 2007-04-23 15:54 12,424 -ra------ c:\windows\system32\drivers\s115whnt.sys2009-03-01 15:33 . 2007-04-23 15:54 12,424 -ra------ c:\windows\system32\drivers\s115wh.sys2009-03-01 15:33 . 2007-04-23 15:54 12,424 -ra------ c:\windows\system32\drivers\s115cmnt.sys2009-03-01 15:33 . 2007-04-23 15:54 12,424 -ra------ c:\windows\system32\drivers\s115cm.sys2009-03-01 15:32 . 2009-03-01 15:35 <DIR> d-------- c:\documents and settings\Mateusz\Dane aplikacji\Teleca2009-03-01 15:29 . 2009-03-02 15:35 <DIR> d-------- c:\program files\Common Files\Teleca Shared2009-03-01 15:29 . 2009-03-01 15:29 <DIR> d-------- c:\documents and settings\Mateusz\Dane aplikacji\Sony Ericsson2009-03-01 15:24 . 2005-02-11 10:21 89,872 --a------ c:\windows\system32\drivers\k750mdm.sys2009-03-01 15:24 . 2005-02-11 10:22 81,728 --a------ c:\windows\system32\drivers\k750mgmt.sys2009-03-01 15:24 . 2005-02-11 10:24 79,488 --a------ c:\windows\system32\drivers\k750obex.sys2009-03-01 15:24 . 2005-02-11 10:19 55,216 --a------ c:\windows\system32\drivers\k750bus.sys2009-03-01 15:24 . 2005-02-11 10:21 6,576 --a------ c:\windows\system32\drivers\k750mdfl.sys2009-03-01 15:24 . 2005-02-11 10:24 6,144 --a------ c:\windows\system32\drivers\k750cmnt.sys2009-03-01 15:24 . 2005-02-11 10:24 6,144 --a------ c:\windows\system32\drivers\k750cm.sys2009-03-01 15:24 . 2005-02-11 10:19 5,744 --a------ c:\windows\system32\drivers\k750whnt.sys2009-03-01 15:24 . 2005-02-11 10:19 5,744 --a------ c:\windows\system32\drivers\k750wh.sys2009-02-27 14:29 . 2009-02-27 14:29 <DIR> d-------- c:\program files\office keyboard driver2009-02-26 09:17 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll2009-02-26 09:17 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll2009-02-26 09:17 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui2009-02-25 20:22 . 2009-02-25 20:22 <DIR> d---s---- c:\documents and settings\Mateusz\UserData2009-02-25 18:25 . 2009-03-05 12:12 <DIR> d-------- c:\documents and settings\Mateusz\Tracing2009-02-25 15:55 . 2009-02-25 15:55 <DIR> d-------- c:\program files\Windows Live SkyDrive2009-02-25 15:55 . 2009-02-25 15:55 <DIR> d-------- c:\program files\Microsoft2009-02-25 15:54 . 2009-02-25 15:55 <DIR> d-------- c:\program files\Windows Live2009-02-25 15:49 . 2009-02-25 15:49 <DIR> d-------- c:\program files\Common Files\Windows Live2009-02-24 09:19 . 2009-02-24 09:19 <DIR> d-------- c:\windows\system32\LogFiles2009-02-23 20:44 . 2009-02-23 20:44 21,419 --a------ c:\windows\system32\drivers\AegisP.sys2009-02-23 20:43 . 2009-02-23 20:43 <DIR> d-------- c:\program files\RALINK2009-02-23 20:43 . 2007-07-28 16:10 483,968 --a------ c:\windows\system32\drivers\rt61.sys2009-02-23 20:42 . 2009-02-23 20:42 <DIR> d-------- c:\program files\Common Files\SWF Studio2009-02-23 17:30 . 2009-02-23 17:30 <DIR> d-------- c:\windows\Sun2009-02-23 17:12 . 2009-02-23 17:12 <DIR> d-------- c:\program files\Java2009-02-23 17:12 . 2009-02-23 17:12 410,984 --a------ c:\windows\system32\deploytk.dll2009-02-23 17:12 . 2009-02-23 17:12 73,728 --a------ c:\windows\system32\javacpl.cpl2009-02-17 13:22 . 2009-02-17 13:22 33,808 --a------ c:\windows\system32\drivers\klbg.sys2009-02-17 13:18 . 2009-02-17 13:18 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files2009-02-14 11:37 . 2001-10-26 18:27 1,817,687 --a--c--- c:\windows\system32\dllcache\bckgres.dll2009-02-14 11:37 . 2001-10-26 18:28 753,236 --a--c--- c:\windows\system32\dllcache\rvseres.dll2009-02-14 11:37 . 2001-10-26 18:29 82,501 --a--c--- c:\windows\system32\dllcache\bckg.dll2009-02-14 11:37 . 2001-10-26 18:29 48,706 --a--c--- c:\windows\system32\dllcache\rvse.dll2009-02-14 11:37 . 2001-10-26 18:29 42,577 --a--c--- c:\windows\system32\dllcache\bckgzm.exe2009-02-14 11:37 . 2001-10-26 18:30 42,574 --a--c--- c:\windows\system32\dllcache\rvsezm.exe2009-02-14 11:05 . 2008-04-14 22:51 124,928 --------- c:\windows\system32\mplay32.exe2009-02-14 11:05 . 2006-12-29 00:31 19,569 --a------ c:\windows\[u]0[/u]00001_.tmp2009-02-13 21:11 . 2009-02-13 21:11 <DIR> d-------- c:\program files\Windows Resource Kits2009-02-13 20:13 . 2009-02-22 11:35 <DIR> d-------- c:\documents and settings\Mateusz\Dane aplikacji\uTorrent2009-02-11 21:59 . 2009-03-04 19:51 53,312 --a------ c:\windows\system32\drivers\pssdklbf.sys2009-02-11 21:59 . 2009-03-04 19:51 36,928 --a------ c:\windows\system32\drivers\pssdk40.sys2009-02-11 21:59 . 2009-03-04 22:06 2,756 --a------ c:\windows\l2control.ini2009-02-11 15:27 . 2009-02-11 15:27 <DIR> d-------- c:\documents and settings\Mateusz\.gstreamer-0.102009-02-10 22:02 . 2009-03-05 12:42 <DIR> d-------- c:\program files\Nowe Gadu-Gadu2009-02-10 22:02 . 2009-03-05 12:43 <DIR> d-------- c:\documents and settings\Mateusz\Dane aplikacji\Nowe Gadu-Gadu2009-02-07 16:15 . 2009-02-07 16:15 56 --a------ c:\windows\Kulki.ini.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-03-07 11:47 16,608 ----a-w c:\windows\gdrv.sys2009-03-06 15:53 --------- d-----w c:\documents and settings\Mateusz\Dane aplikacji\U32009-03-04 15:27 413,696 ----a-w c:\windows\system32\wrap_oal.dll2009-03-04 15:27 110,592 ----a-w c:\windows\system32\OpenAL32.dll2009-03-03 17:25 --------- d-----w c:\program files\mIRC2009-02-27 13:33 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help2009-02-24 14:05 --------- d--h--w c:\program files\InstallShield Installation Information2009-02-23 09:31 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\TrackMania2009-02-23 08:09 --------- d-----w c:\program files\ffdshow2009-02-15 14:32 --------- d-----w c:\documents and settings\Mateusz\Dane aplikacji\Ventrilo2009-02-11 17:44 --------- d-----w c:\program files\FlashGet2009-02-11 16:18 --------- d-----w c:\program files\EWB5122009-02-09 18:56 67,584 ----a-w c:\windows\system32\ff_vfw.dll2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll2009-02-06 13:24 93,336 ----a-w c:\windows\system32\drivers\epfwtdir.sys2009-02-06 13:23 106,208 ----a-w c:\windows\system32\drivers\ehdrv.sys2009-02-06 13:19 113,448 ----a-w c:\windows\system32\drivers\eamon.sys2009-02-05 21:49 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ATI2009-02-05 21:46 --------- d-----w c:\program files\ATI Technologies2009-02-05 21:13 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Fallout32009-02-05 21:12 --------- d-----w c:\program files\MSBuild2009-02-05 21:10 --------- d-----w c:\program files\Reference Assemblies2009-02-05 17:29 98,304 ----a-w c:\windows\system32\CmdLineExt.dll2009-02-05 15:58 --------- d-----w c:\program files\Common Files\Adobe2009-02-04 20:41 --------- d-----w c:\documents and settings\Mateusz\Dane aplikacji\EPSON2009-02-04 20:37 --------- d-----w c:\program files\EPSON2009-02-04 20:36 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\EPSON2009-02-04 16:19 --------- d-----w c:\program files\ALLPlayer2009-02-04 16:12 --------- d-----w c:\program files\Bonjour2009-02-04 16:09 --------- d-----w c:\program files\Common Files\Macrovision Shared2009-02-04 16:03 --------- d-----w c:\program files\Microsoft.NET2009-02-04 16:03 --------- d-----w c:\program files\Microsoft Works2009-02-04 16:02 --------- d-----w c:\program files\Microsoft Visual Studio 82009-02-04 15:58 --------- d-----w c:\documents and settings\Mateusz\Dane aplikacji\Nero2009-02-04 15:57 --------- d-----w c:\program files\Nero2009-02-04 15:57 --------- d-----w c:\program files\Common Files\Nero2009-02-04 15:57 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Nero2009-02-04 15:53 216,064 ----a-w c:\windows\iun3405.exe2009-02-04 15:52 --------- d-----w c:\program files\Common Files\Adobe AIR2009-02-04 15:47 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Lavasoft2009-02-04 15:45 --------- d-----w c:\program files\Lavasoft2009-02-04 15:45 --------- d-----w c:\program files\Common Files\Wise Installation Wizard2009-02-04 15:44 --------- d-----w c:\documents and settings\Mateusz\Dane aplikacji\ABBYY2009-02-04 15:40 --------- d-----w c:\program files\ABBYY FineReader 9.02009-02-04 15:37 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ABBYY2009-02-04 15:33 --------- d-----w c:\program files\DAEMON Tools Lite2009-02-04 15:32 717,296 ----a-w c:\windows\system32\drivers\sptd.sys2009-02-04 15:32 --------- d-----w c:\documents and settings\Mateusz\Dane aplikacji\DAEMON Tools2009-02-03 20:30 --------- d-----w c:\program files\Winamp2009-02-03 20:30 --------- d-----w c:\documents and settings\Mateusz\Dane aplikacji\Winamp2009-02-03 20:12 --------- d-----w c:\documents and settings\Mateusz\Dane aplikacji\Gadu-Gadu2009-02-03 20:09 --------- d-----w c:\program files\Ventrilo2009-02-03 20:07 737,280 ----a-w c:\windows\iun6002.exe2009-02-03 20:07 --------- d-----w c:\program files\FireTune2009-02-03 20:04 --------- d-----w c:\program files\Gadu-Gadu2009-02-03 18:04 --------- d-----w c:\program files\uTorrent2009-02-03 18:04 --------- d-----w c:\program files\RevConnect2009-02-03 17:06 --------- d-----w c:\program files\Common Files\InstallShield2009-02-03 17:01 --------- d-----w c:\program files\Realtek2009-02-03 17:01 --------- d-----w c:\documents and settings\Mateusz\Dane aplikacji\InstallShield2009-02-03 17:00 315,392 ----a-w c:\windows\HideWin.exe2009-02-03 16:57 --------- d-----w c:\program files\Intel2009-02-03 16:57 --------- d-----w c:\program files\Browser Configuration Utility2009-02-03 16:56 --------- d-----w c:\program files\GIGABYTE2009-02-03 16:51 --------- d-----w c:\documents and settings\Mateusz\Dane aplikacji\ATI2009-02-03 16:36 --------- d-----w c:\program files\microsoft frontpage2009-02-03 16:35 --------- d-----w c:\program files\Usługi online.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"EPSON Stylus DX7400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE" [2007-04-12 182272]"Auto EPSON Stylus DX7400 Series na SLAVE"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE" [2007-04-12 182272][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"GEST"="m‘|\ü" [X]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-23 148888]"Hotkey"="c:\program files\office keyboard driver\Hotkey.exe" [2007-06-13 217088]"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]"RTHDCPL"="RTHDCPL.EXE" [2008-06-27 c:\windows\RTHDCPL.exe]"SoundMan"="SOUNDMAN.EXE" [2008-06-18 c:\windows\SoundMan.exe]"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 c:\windows\alcwzrd.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\ApUI.exe [2009-02-23 462848][HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]autocheck lsdelete[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center]"FirewallOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Ventrilo\\Ventrilo.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\FlashGet\\flashget.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208]R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-02-06 93336]R2 ABBYY.Licensing.FineReader.Professional.9.0;Usługa licencjonowania programu ABBYY FineReader 9.0;c:\program files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [2007-09-24 566560]R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2009-02-03 80392]S1 ntiomin;ntiomin; [x]S3 PsSdk40;PsSdk40;c:\windows\system32\drivers\pssdk40.sys [2009-02-11 36928]S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [2009-02-11 53312]S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2009-03-01 83208]S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2009-03-01 15112]S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2009-03-01 108680]S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2009-03-01 100488]S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2009-03-01 98568].- - - - USUNIĘTO PUSTE WPISY - - - -HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exeHKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exeMSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe.------- Skan uzupełniający -------.uInternet Settings,ProxyOverride = *.localIE: &Ściągnij przy pomocy FlashGet'a - c:\program files\FlashGet\jc_link.htmIE: &Ściągnij wszystko przy pomocy FlashGet'a - c:\program files\FlashGet\jc_all.htmIE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000FF - ProfilePath - c:\documents and settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Profiles\yp0estbp.default\FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/FF - plugin: c:\documents and settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Profiles\yp0estbp.default\extensions\{eaf8a4ef-d221-45ca-9deb-d0934b45fa34}\plugins\npOggX.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npOggX.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-03-07 12:47:39Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(1004)c:\windows\system32\Ati2evxx.dll.------------------------ Pozostałe uruchomione procesy ------------------------.c:\windows\system32\ati2evxx.exec:\program files\Lavasoft\Ad-Aware\aawservice.exec:\windows\system32\ati2evxx.exec:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exec:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Java\jre6\bin\jqs.exec:\windows\system32\wdfmgr.exec:\windows\system32\wbem\wmiapsrv.exe.**************************************************************************.Czas ukończenia: 2009-03-07 12:48:43 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt 2009-03-07 11:48:40Przed: 17 807 044 608 bajtów wolnychPo: 18,427,727,872 bajtów wolnych268 --- E O F --- 2009-02-27 13:33:28 Edytowane 7 Marca 2009 przez Pride Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach More sharing options...
Kolobos Napisano 7 Marca 2009 Zgłoś Napisano 7 Marca 2009 Podlacz wszystkie zainfekowane nosniki i uzyj Flash Disinfector. Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach More sharing options...
