AppName: cssrss.exe ModName: user32.dll
Po wł. komputera i zalogowaniu sie do Windows XP, dostaje taki komunikat:
[URL=http://img185.imageshack.us/my.php?image=40542776ae1.jpg][IMG]http://img185.imageshack.us/img185/9284/40542776ae1.th.jpg[/IMG][/URL] [URL=http://img185.imageshack.us/my.php?image=74358684du6.jpg][IMG]http://img185.imageshack.us/img185/5606/74358684du6.th.jpg[/IMG][/URL]
Logfile of HijackThis v1.99.1
Scan saved at 14:16:26, on 2008-01-19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Programy\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Programy\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
D:\Programy\DAEMON Tools\daemon.exe
D:\Programy\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Programy\MICROS~3\rapimgr.exe
D:\Programy\Avant Browser\avant.exe
C:\totalcmd\TOTALCMD.EXE
D:\BAZA\Spy\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Programy\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\Programy\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [OpwareSE2] "D:\Programy\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "d:\Programy\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Programy\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - D:\Programy\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Dodaj do listy blokowanych reklam - D:\Programy\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Otwórz w nowym Avant Browser - D:\Programy\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - D:\Programy\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Podświetl - D:\Programy\Avant Browser\Highlight.htm
O8 - Extra context menu item: Szukaj - D:\Programy\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Programy\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Programy\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Programy\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://slimak.onet.pl/_m/wirusy/ArcaOnline.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
"Silent Runners.vbs", revision 38, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]
"NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"ZoneAlarm Client" = ""d:\Programy\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "D:\Programy\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = "SSVHelper Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{D9872D13-7651-4471-9EEE-F0A00218BEBB}" = "Multiscan"
-> {CLSID}\InProcServer32\(Default) = "d:\Programy\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop"Wallpaper" = "C:\Documents and Settings\Robson\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop"SCRNSAVE.EXE" = "C:\WINDOWS\PHAETO~1.SCR" (Phaeton..scr) [null data]
Startup items in "Robson" & "All Users" startup folders:
--------------------------------------------------------
C:\Documents and Settings\Robson\Menu Start\Programy\Autostart
"OpenOffice.ux.pl 2.1.0" -> shortcut to: "C:\Program Files\OpenOffice.ux.pl 2.1.0\program\quickstart.exe" [null data]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Skrót do ipconfig" -> shortcut to: "C:\WINDOWS\system32\ipconfig.exe /renew" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKLM\Software\Microsoft\Internet Explorer\Toolbar"{D2F8F919-690B-4EA2-9FA7-A203D1E04F75}" = "StylerToolBar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Styler\TB\StylerTB.dll" ["StyleFantasist"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll" ["Sun Microsystems, Inc."]
{FB5F1910-F110-11D2-BB9E-00C04F795683}"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
: ˙ţ[ V e r s i o n ]
: S i g n a t u r e = " $ C H I C A G O $ "
: A d v a n c e d I N F = 2 . 5 , " Y o u n e e d a n e w v e r s i o n o f a d v p a c k . d l l "
:
: [ R e s t o r e H o m e P a g e ]
: A d d R e g = R e s t o r e H o m e P a g e . r e g
:
: [ R e s t o r e B r o w s e r S e t t i n g s ]
: A d d R e g = R e s t o r e B r o w s e r S e t t i n g s . r e g
: D e l R e g = D e l e t e T e m p l a t e s . r e g , D e l e t e A u t o s e a r c h . r e g
:
: [ R e s t o r e H o m e P a g e . r e g ]
: H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " S t a r t P a g e " , 0 , % S T A R T _ P A G E _ U R L %
:
: [ R e s t o r e B r o w s e r S e t t i n g s . r e g ]
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " D e f a u l t _ P a g e _ U R L " , 0 , % S T A R T _ P A G E _ U R L %
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " D e f a u l t _ S e a r c h _ U R L " , 0 , % S E A R C H _ P A G E _ U R L %
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " S e a r c h P a g e " , 0 , % S E A R C H _ P A G E _ U R L %
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 1 " , 0 , " w w w . % s . c o m "
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 2 " , 0 , " w w w . % s . o r g "
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 3 " , 0 , " w w w . % s . n e t "
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 4 " , 0 , " w w w . % s . e d u "
: H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " S e a r c h P a g e " , 0 , % S E A R C H _ P A G E _ U R L %
:
: ; N O T E ( a n d r e w g u ) i e 5 . 5 b # 1 0 8 2 5 9 - a u t o s e a r c h s e t t i n g s a r e n o t p r o p e r l y r e s e t
: H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ S e a r c h U r l " , " P r o v i d e r " , 0 , " "
:
: t m "
: t m "
: H K L M , " S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n t e r n e t S e t t i n g s \ S a f e S i t e s " , % S A F E S I T E _ V A L U E % , 0 , " h t t p : / / i e . s e a r c h . m s n . c o m / * "
:
: [ D e l e t e T e m p l a t e s . r e g ]
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 5 "
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 6 "
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 7 "
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 8 "
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 9 "
:
: [ D e l e t e A u t o s e a r c h . r e g ]
: ; N O T E ( a n d r e w g u ) i e 5 . 5 b # 1 0 8 2 5 9 - a u t o s e a r c h s e t t i n g s a r e n o t p r o p e r l y r e s e t
: H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " A u t o S e a r c h "
:
: [ S t r i n g s ]
: S T A R T _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & p v e r = 6 & a r = m s n h o m e "
: S E A R C H _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & a r = i e s e a r c h "
: S A F E S I T E _ V A L U E = " i e . s e a r c h . m s n . c o m "
:
: ; I M P O R T A N T N O T E :
: ; I E b r a n d i n g d l l ( i e d k c s 3 2 . d l l ) u s e s t h e f o l l o w i n g e n t r i e s t o r e s t o r e t h e d e f a u l t M S v a l u e s .
: ; I n t h e v a n i l l a v e r s i o n o f I E , t h e v a l u e s m u s t b e t h e s a m e a s t h e i r c o r r e s p o n d i n g n o n M S _ * v a l u e s .
: ; F o r e x a m p l e , S T A R T _ P A G E _ U R L a n d M S _ S T A R T _ P A G E _ U R L m u s t h a v e t h e s a m e U R L i n t h e I E v e r s i o n r e l e a s e d b y M S .
: M S _ S T A R T _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & p v e r = 6 & a r = m s n h o m e "
:
Missing lines (compared with English-language version):
[Version]: 2 lines
[RestoreHomePage]: 1 line
[RestoreHomePage.reg]: 1 line
[RestoreBrowserSettings.reg]: 12 lines
[DeleteTemplates.reg]: 5 lines
[DeleteAutosearch.reg]: 1 line
[Strings]: 1 line
[RestoreBrowserSettings]: 2 lines
[Strings]: 3 lines
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------
Moze ktoś z was wie w czym problem ?
Robert.
Odpowiedzi: 5
Czy sytuacja się poprawiła po tym usuwaniu?
.
ComboFix 08-01-20.1 - Robson 2008-01-22 21:07:51.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.566 [GMT 1:00]
Running from: D:\BAZA\Spy\ComboFix.exe
Command switches used :: D:\BAZA\Spy\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE
C:\WINDOWS\Internet Logs\xDB1.tmp
C:\WINDOWS\Internet Logs\xDB2.tmp
C:\WINDOWS\system32\1GfIUz.syz
C:\WINDOWS\system32\4Vr0GH.syz
C:\WINDOWS\system32\6HZNPy.syz
C:\WINDOWS\system32\8UWq9d.syz
C:\WINDOWS\system32\auxqbJ.syz
C:\WINDOWS\system32\DBlbFy.syz
C:\WINDOWS\system32\FjhdeK.syz
C:\WINDOWS\system32\FN47Ko.syz
C:\WINDOWS\system32\FsbAZ8.syz
C:\WINDOWS\system32\gWPrvK.syz
C:\WINDOWS\system32\hCAYdW.syz
C:\WINDOWS\system32\hPuILO.syz
C:\WINDOWS\system32\jnVDWn.syz
C:\WINDOWS\system32\JpfGJi.syz
C:\WINDOWS\system32\nAtAJ9.syz
C:\WINDOWS\system32\nMm8fS.syz
C:\WINDOWS\system32\ozHJfv.syz
C:\WINDOWS\system32\pc17dh.syz
C:\WINDOWS\system32\Pt7G0c.syz
C:\WINDOWS\system32\rq8US5.syz
C:\WINDOWS\system32\sII8tn.syz
C:\WINDOWS\system32\t4g5U9.syz
C:\WINDOWS\system32\tw2g2f.syz
C:\WINDOWS\system32\UjGfIy.syz
C:\WINDOWS\system32\UrLOhm.syz
C:\WINDOWS\system32\xVYl3a.syz
C:\WINDOWS\system32\YvWtgJ.syz
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Internet Logs\xDB1.tmp
C:\WINDOWS\Internet Logs\xDB2.tmp
C:\WINDOWS\system32\1GfIUz.syz
C:\WINDOWS\system32\4Vr0GH.syz
C:\WINDOWS\system32\6HZNPy.syz
C:\WINDOWS\system32\8UWq9d.syz
C:\WINDOWS\system32\auxqbJ.syz
C:\WINDOWS\system32\DBlbFy.syz
C:\WINDOWS\system32\FjhdeK.syz
C:\WINDOWS\system32\FN47Ko.syz
C:\WINDOWS\system32\FsbAZ8.syz
C:\WINDOWS\system32\gWPrvK.syz
C:\WINDOWS\system32\hCAYdW.syz
C:\WINDOWS\system32\hPuILO.syz
C:\WINDOWS\system32\jnVDWn.syz
C:\WINDOWS\system32\JpfGJi.syz
C:\WINDOWS\system32\nAtAJ9.syz
C:\WINDOWS\system32\nMm8fS.syz
C:\WINDOWS\system32\ozHJfv.syz
C:\WINDOWS\system32\pc17dh.syz
C:\WINDOWS\system32\Pt7G0c.syz
C:\WINDOWS\system32\rq8US5.syz
C:\WINDOWS\system32\sII8tn.syz
C:\WINDOWS\system32\t4g5U9.syz
C:\WINDOWS\system32\tw2g2f.syz
C:\WINDOWS\system32\UjGfIy.syz
C:\WINDOWS\system32\UrLOhm.syz
C:\WINDOWS\system32\xVYl3a.syz
C:\WINDOWS\system32\YvWtgJ.syz
.
((((((((((((((((((((((((( Files Created from 2007-12-22 to 2008-01-22 )))))))))))))))))))))))))))))))
.
2008-01-22 20:21 . 2008-01-22 20:21 d-------- C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft
2008-01-21 21:14 . 2008-01-21 21:15 309 --a------ C:\WINDOWS\wcx_ftp.ini
2008-01-20 13:19 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-20 13:07 . 2008-01-20 13:07 d-------- C:\Program Files\Lavalys
2008-01-19 01:47 . 2008-01-19 01:47 d-------- C:\Program Files\Damian Pasternak
2008-01-15 14:51 . 2001-07-21 23:20 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_10021.nls
2008-01-15 14:46 . 2001-07-21 23:20 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_1148.nls
2008-01-15 14:46 . 2001-07-21 23:20 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_1141.nls
2008-01-15 14:46 . 2001-07-21 23:20 66,082 --a------ C:\WINDOWS\system32\c_1148.nls
2008-01-15 14:46 . 2001-07-21 23:20 66,082 --a------ C:\WINDOWS\system32\c_1141.nls
2008-01-15 14:40 . 2001-07-21 23:20 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_20273.nls
2008-01-15 14:40 . 2001-07-21 23:20 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_20106.nls
2008-01-15 14:40 . 2001-07-21 23:20 66,082 --a------ C:\WINDOWS\system32\c_20273.nls
2008-01-15 14:40 . 2001-07-21 23:20 66,082 --a------ C:\WINDOWS\system32\c_20106.nls
2008-01-15 11:50 . 2008-01-15 11:50 18,448 --a------ C:\WINDOWS\system32can4d
2008-01-15 11:47 . 2008-01-22 20:20 d-------- C:\Documents and Settings\Robson\Dane aplikacji\Canon
2008-01-13 04:20 . 2008-01-15 01:34 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-10 18:46 . 2008-01-10 18:46 d-------- C:\Program Files\PITy
2008-01-10 18:39 . 2008-01-10 18:39 d-------- C:\Documents and Settings\Robson\Dane aplikacji\Ahead
2008-01-10 18:35 . 2008-01-10 18:35 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-08 15:28 . 2008-01-08 15:35 d-------- C:\Program Files\ArcaMicroScan
2008-01-07 13:42 . 2008-01-07 13:42 d-------- C:\Program Files\Nero
2008-01-07 13:42 . 2008-01-07 14:04 d-------- C:\Program Files\Common Files\Ahead
2008-01-07 11:25 . 2008-01-19 01:56 d-------- C:\Documents and Settings\Robson\Dane aplikacji\Azureus
2008-01-06 12:07 . 2008-01-20 10:51 d-------- C:\Documents and Settings\Robson\Dane aplikacji\skypePM
2008-01-06 12:07 . 2008-01-06 12:07 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-01-06 12:06 . 2008-01-20 15:06 d-------- C:\Documents and Settings\Robson\Dane aplikacji\Skype
2008-01-06 12:05 . 2008-01-06 12:05 d-------- C:\Program Files\Skype
2008-01-06 12:05 . 2008-01-06 12:05 d-------- C:\Program Files\Common Files\Skype
2008-01-06 12:05 . 2008-01-06 12:05 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-01-03 21:27 . 2008-01-03 21:27 d---s---- C:\Documents and Settings\Robson\UserData
2008-01-02 19:28 . 2008-01-02 19:28 d-------- C:\Documents and Settings\Mama\Dane aplikacji\Teleca
2008-01-02 19:28 . 2008-01-02 19:28 d-------- C:\Documents and Settings\Mama\Dane aplikacji\Sony Ericsson
2008-01-02 11:01 . 2008-01-02 11:01 d-------- C:\Program Files\MSXML 4.0
2008-01-01 11:28 . 2008-01-01 11:28 d-------- C:\Documents and Settings\Robson\Dane aplikacji\Media Player Classic
2008-01-01 11:18 . 2008-01-01 11:18 d-------- C:\Program Files\Sony Ericsson
2008-01-01 11:18 . 2008-01-01 11:18 d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-01-01 11:17 . 2008-01-01 11:17 d-------- C:\WINDOWS\Downloaded Installations
2008-01-01 11:16 . 2008-01-01 11:18 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2008-01-01 11:16 . 2008-01-01 11:16 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-01-01 11:11 . 2008-01-01 11:11 d-------- C:\Program Files\Media Player Classic
2008-01-01 11:11 . 2008-01-01 11:11 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-01-01 11:11 . 2006-09-01 16:14 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-01 11:11 . 2006-09-01 16:14 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-25 23:29 . 2007-12-25 23:29 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-12-25 23:29 . 2007-12-25 23:29 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2007-12-25 23:24 . 2007-12-25 23:24 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-12-25 23:24 . 2007-12-25 23:24 20,520 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys
2007-12-25 23:24 . 2007-12-25 23:24 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys
2007-12-25 23:13 . 2008-01-01 11:21 d-------- C:\Documents and Settings\Robson\Dane aplikacji\Teleca
2007-12-25 23:10 . 2007-04-23 15:54 100,488 -ra------ C:\WINDOWS\system32\drivers\s115mgmt.sys
2007-12-25 23:09 . 2007-04-23 15:54 108,680 -ra------ C:\WINDOWS\system32\drivers\s115mdm.sys
2007-12-25 23:09 . 2007-04-23 15:54 98,568 -ra------ C:\WINDOWS\system32\drivers\s115obex.sys
2007-12-25 23:09 . 2007-04-23 15:54 83,208 -ra------ C:\WINDOWS\system32\drivers\s115bus.sys
2007-12-25 23:09 . 2007-04-23 15:54 15,112 -ra------ C:\WINDOWS\system32\drivers\s115mdfl.sys
2007-12-25 23:09 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115whnt.sys
2007-12-25 23:09 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115wh.sys
2007-12-25 23:09 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115cmnt.sys
2007-12-25 23:09 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115cm.sys
2007-12-25 23:08 . 2008-01-01 11:19 d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-25 23:07 . 2008-01-01 11:19 d-------- C:\Program Files\Common Files\Teleca Shared
2007-12-25 23:07 . 2007-12-25 23:07 d-------- C:\Documents and Settings\Robson\Dane aplikacji\Sony Ericsson
2007-12-25 22:51 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-25 22:48 . 2005-02-11 10:21 89,872 --a------ C:\WINDOWS\system32\drivers\k750mdm.sys
2007-12-25 22:48 . 2005-02-11 10:22 81,728 --a------ C:\WINDOWS\system32\drivers\k750mgmt.sys
2007-12-25 22:48 . 2005-02-11 10:24 79,488 --a------ C:\WINDOWS\system32\drivers\k750obex.sys
2007-12-25 22:48 . 2005-02-11 10:19 55,216 --a------ C:\WINDOWS\system32\drivers\k750bus.sys
2007-12-25 22:48 . 2005-02-11 10:21 6,576 --a------ C:\WINDOWS\system32\drivers\k750mdfl.sys
2007-12-25 22:48 . 2005-02-11 10:24 6,144 --a------ C:\WINDOWS\system32\drivers\k750cmnt.sys
2007-12-25 22:48 . 2005-02-11 10:24 6,144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys
2007-12-25 22:48 . 2005-02-11 10:19 5,744 --a------ C:\WINDOWS\system32\drivers\k750whnt.sys
2007-12-25 22:48 . 2005-02-11 10:19 5,744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys
2007-12-25 22:43 . 2004-08-16 21:00 116,736 --a------ C:\WINDOWS\system32\CNMLM6f.DLL
2007-12-25 22:43 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-25 22:43 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-25 22:43 . 2004-08-16 21:00 7,680 --a------ C:\WINDOWS\system32\CNMVS6f.DLL
2007-12-25 22:37 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-25 22:32 . 2007-12-25 22:32 d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-12-25 22:32 . 2007-12-25 22:32 d-------- C:\Documents and Settings\Robson\Dane aplikacji\ScanSoft
2007-12-25 22:32 . 2007-12-25 22:32 d-------- C:\Documents and Settings\All Users\Dane aplikacji\SSScanWizard
2007-12-25 22:32 . 2007-12-25 22:32 d-------- C:\Documents and Settings\All Users\Dane aplikacji\SSScanAppDataDir
2007-12-25 22:32 . 2007-12-25 22:32 512 --a------ C:\WINDOWS\MAXLINK.INI
2007-12-25 22:31 . 2004-09-07 01:39 557,056 --a------ C:\WINDOWS\system32\CNCC110.DLL
2007-12-25 22:31 . 2002-05-24 04:04 389,180 --a------ C:\WINDOWS\system32\UCS32P.DLL
2007-12-25 22:31 . 2004-08-27 08:10 94,208 --a------ C:\WINDOWS\system32\CNCL110.DLL
2007-12-25 22:31 . 2004-09-07 01:38 90,112 --a------ C:\WINDOWS\system32\CNCI110.DLL
2007-12-25 22:31 . 2004-09-07 01:51 49,152 --a------ C:\WINDOWS\system32\cncisco.dll
2007-12-25 22:30 . 2007-12-25 22:33 d-------- C:\Program Files\Canon
2007-12-25 20:09 . 2007-12-25 20:09 d-------- C:\WINDOWS\Sun
2007-12-25 20:07 . 2007-12-25 22:37 d-------- C:\Program Files\Java
2007-12-25 20:07 . 2007-12-25 20:07 d-------- C:\Program Files\Common Files\Java
2007-12-23 20:31 . 2007-12-23 20:31 d---s---- C:\Documents and Settings\Mama\UserData
2007-12-23 20:21 . 2007-12-23 20:21 d-------- C:\Documents and Settings\Mama\Dane aplikacji\OpenOffice.ux.pl2
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-22 20:09 16,627,744 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-22 20:08 --------- d-----w C:\Documents and Settings\Robson\Dane aplikacji\Avant Browser
2008-01-22 19:40 --------- d-----w C:\Documents and Settings\Robson\Dane aplikacji\OpenOffice.ux.pl2
2008-01-22 15:50 197,252 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-21 18:31 --------- d-----w C:\Documents and Settings\Mama\Dane aplikacji\Avant Browser
2008-01-20 13:10 38,535 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_01_20_13_22_39_small.dmp.zip
2007-12-25 21:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-18 18:53 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\TomTom
2007-12-18 18:30 --------- d-----w C:\Documents and Settings\Robson\Dane aplikacji\InstallShield
2007-12-16 21:19 --------- d-----w C:\Program Files\OpenOffice.ux.pl 2.2.0
2007-12-16 17:11 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2007-12-16 17:06 --------- d-----w C:\Program Files\ZoneAlarmSB
2007-12-15 17:04 --------- d-----w C:\Program Files\VIA Technologies, INC
2007-12-15 17:02 --------- d-----w C:\Documents and Settings\Mama\Dane aplikacji\Gadu-Gadu
2007-12-15 17:00 --------- d-----w C:\Documents and Settings\Robson\Dane aplikacji\Gadu-Gadu
2007-12-15 16:23 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-15 16:08 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier
2007-12-15 15:41 --------- d-----w C:\Program Files\VIA
2007-12-15 15:40 --------- d-----w C:\Program Files\Alwil Software
2007-12-15 15:17 --------- d--h--w C:\Program Files\Uninstall Information
2007-12-15 15:13 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-15 15:10 --------- d-----w C:\Program Files\Usługi online
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-14 15:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-11-14 15:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-11-07 09:29 723,968 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-20_14.06.36.83 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-20 12:19:53 1,396,736 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-22 20:07:12 1,396,736 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
- 2008-01-20 12:19:53 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-22 20:07:12 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-01-20 12:19:53 1,396,736 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
+ 2008-01-22 20:07:12 1,396,736 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
- 2008-01-20 12:19:53 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
+ 2008-01-22 20:07:12 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
- 2008-01-20 12:19:53 4,067,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
+ 2008-01-22 20:07:12 4,067,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
- 2008-01-20 12:19:53 167,936 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-22 20:07:12 167,936 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-22 19:13:47 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_480.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-12-16 18:06 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2007-12-16 18:06 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="D:\Programy\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:57 1289000]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-15 11:42 4112384]
"nwiz"="nwiz.exe" [2004-07-15 11:42 843776 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-15 11:42 81920]
"ZoneAlarm Client"="d:\Programy\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"OpwareSE2"="D:\Programy\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16 528384]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"DAEMON Tools"="d:\Programy\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 11:38]
R3 AN983;Karta ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 22:59]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-12-25 23:24]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 15:54]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15:54]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 15:54]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 15:54]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 15:54]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-22 21:10:41
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-22 21:11:35
ComboFix-quarantined-files.txt 2008-01-22 20:11:31
ComboFix2.txt 2008-01-20 13:07:07
.
2008-01-09 06:37:49 --- E O F ---
ComboFix usunął tego "cssrss.exe".
Ale w logu jest dużo dziwnych plików o nieznanym rozszerzeniu [b]*.syz[/b] - wszystkie mają jednakowy rozmiar.
To bardzo podejrzane.
Wklej do [b]Notatnika[/b]:
[CODE]
File::
C:\WINDOWS\system32\pc17dh.syz
C:\WINDOWS\system32\nAtAJ9.syz
C:\WINDOWS\system32\6HZNPy.syz
C:\WINDOWS\system32\nMm8fS.syz
C:\WINDOWS\system32\xVYl3a.syz
C:\WINDOWS\system32\tw2g2f.syz
C:\WINDOWS\system32\hCAYdW.syz
C:\WINDOWS\system32\hPuILO.syz
C:\WINDOWS\system32\sII8tn.syz
C:\WINDOWS\system32\gWPrvK.syz
C:\WINDOWS\system32\FN47Ko.syz
C:\WINDOWS\system32\UjGfIy.syz
C:\WINDOWS\system32\auxqbJ.syz
C:\WINDOWS\system32\JpfGJi.syz
C:\WINDOWS\system32\UrLOhm.syz
C:\WINDOWS\system32\1GfIUz.syz
C:\WINDOWS\system32\rq8US5.syz
C:\WINDOWS\system32\ozHJfv.syz
C:\WINDOWS\system32\4Vr0GH.syz
C:\WINDOWS\system32\YvWtgJ.syz
C:\WINDOWS\system32\FsbAZ8.syz
C:\WINDOWS\system32\Pt7G0c.syz
C:\WINDOWS\system32\jnVDWn.syz
C:\WINDOWS\system32\DBlbFy.syz
C:\WINDOWS\system32\8UWq9d.syz
C:\WINDOWS\system32\t4g5U9.syz
C:\WINDOWS\system32\FjhdeK.syz
C:\WINDOWS\Internet Logs\xDB1.tmp
C:\WINDOWS\Internet Logs\xDB2.tmp
[/code]
[b]>>Plik>>Zapisz jako... >>> [color=red]CFScript[/color][/b]
Przeciągnij i upuść plik [color=red][b]CFScript.txt[/b][/color] na plik [b]ComboFix.exe[/b]
– podobnie jak na tym obrazku [b][color=blue]-->[/color][/b][img]http://img.wklej.org/images/88953CFScript-createdbyMiekiemoes.gif[/img]
Ma się rozpocząć usuwanie. (i powstanie log).
[b]Po restarcie[/b] usuń ręcznie folder [b]C: \[color=red]Qoobox[/color][/b].
Daj ten log, który powstanie w trakcie usuwania.
.
ComboFix 08-01-20.1 - Robson 2008-01-20 13:49:26.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.617 [GMT 1:00]
Running from: D:\BAZA\Spy\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\cssrss.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\nm
((((((((((((((((((((((((( Files Created from 2007-12-20 to 2008-01-20 )))))))))))))))))))))))))))))))
.
2008-01-20 13:47 . 2008-01-20 13:47 4,992 --a------ C:\WINDOWS\system32\pc17dh.syz
2008-01-20 13:19 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-20 13:07 . 2008-01-20 13:07 d-------- C:\Program Files\Lavalys
2008-01-20 13:05 . 2008-01-20 13:05 4,992 --a------ C:\WINDOWS\system32\nAtAJ9.syz
2008-01-20 12:18 . 2008-01-20 12:18 4,992 --a------ C:\WINDOWS\system32\6HZNPy.syz
2008-01-20 11:30 . 2008-01-20 11:30 4,992 --a------ C:\WINDOWS\system32\nMm8fS.syz
2008-01-20 10:50 . 2008-01-20 10:50 4,992 --a------ C:\WINDOWS\system32\xVYl3a.syz
2008-01-19 14:48 . 2008-01-19 14:48 4,992 --a------ C:\WINDOWS\system32\tw2g2f.syz
2008-01-19 14:02 . 2008-01-19 14:02 4,992 --a------ C:\WINDOWS\system32\hCAYdW.syz
2008-01-19 11:18 . 2008-01-19 11:18 4,992 --a------ C:\WINDOWS\system32\hPuILO.syz
2008-01-19 10:28 . 2008-01-19 10:28 4,992 --a------ C:\WINDOWS\system32\sII8tn.syz
2008-01-19 09:51 . 2008-01-19 09:51 4,992 --a------ C:\WINDOWS\system32\gWPrvK.syz
2008-01-19 01:47 . 2008-01-19 01:47 d-------- C:\Program Files\Damian Pasternak
2008-01-19 00:24 . 2008-01-19 00:24 4,992 --a------ C:\WINDOWS\system32\FN47Ko.syz
2008-01-18 18:56 . 2008-01-18 18:56 4,992 --a------ C:\WINDOWS\system32\UjGfIy.syz
2008-01-18 17:27 . 2008-01-18 17:27 4,992 --a------ C:\WINDOWS\system32\auxqbJ.syz
2008-01-18 16:41 . 2008-01-18 16:41 4,992 --a------ C:\WINDOWS\system32\JpfGJi.syz
2008-01-18 12:35 . 2008-01-18 12:35 4,992 --a------ C:\WINDOWS\system32\UrLOhm.syz
2008-01-17 23:16 . 2008-01-17 23:16 4,992 --a------ C:\WINDOWS\system32\1GfIUz.syz
2008-01-17 21:18 . 2008-01-17 21:18 4,992 --a------ C:\WINDOWS\system32\rq8US5.syz
2008-01-17 19:27 . 2008-01-17 19:27 4,992 --a------ C:\WINDOWS\system32\ozHJfv.syz
2008-01-17 16:20 . 2008-01-17 16:20 4,992 --a------ C:\WINDOWS\system32\4Vr0GH.syz
2008-01-17 12:55 . 2008-01-17 12:55 4,992 --a------ C:\WINDOWS\system32\YvWtgJ.syz
2008-01-17 12:01 . 2008-01-17 12:01 4,992 --a------ C:\WINDOWS\system32\FsbAZ8.syz
2008-01-17 01:14 . 2008-01-17 01:14 4,992 --a------ C:\WINDOWS\system32\Pt7G0c.syz
2008-01-16 23:36 . 2008-01-16 23:36 4,992 --a------ C:\WINDOWS\system32\jnVDWn.syz
2008-01-16 23:32 . 2008-01-16 23:32 4,992 --a------ C:\WINDOWS\system32\DBlbFy.syz
2008-01-16 21:50 . 2008-01-16 21:50 4,992 --a------ C:\WINDOWS\system32\8UWq9d.syz
2008-01-16 14:05 . 2008-01-16 14:05 4,992 --a------ C:\WINDOWS\system32\t4g5U9.syz
2008-01-15 18:06 . 2008-01-15 18:06 4,992 --a------ C:\WINDOWS\system32\FjhdeK.syz
2008-01-15 14:51 . 2001-07-21 23:20 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_10021.nls
2008-01-15 14:46 . 2001-07-21 23:20 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_1148.nls
2008-01-15 14:46 . 2001-07-21 23:20 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_1141.nls
2008-01-15 14:46 . 2001-07-21 23:20 66,082 --a------ C:\WINDOWS\system32\c_1148.nls
2008-01-15 14:46 . 2001-07-21 23:20 66,082 --a------ C:\WINDOWS\system32\c_1141.nls
2008-01-15 14:40 . 2001-07-21 23:20 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_20273.nls
2008-01-15 14:40 . 2001-07-21 23:20 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_20106.nls
2008-01-15 14:40 . 2001-07-21 23:20 66,082 --a------ C:\WINDOWS\system32\c_20273.nls
2008-01-15 14:40 . 2001-07-21 23:20 66,082 --a------ C:\WINDOWS\system32\c_20106.nls
2008-01-15 11:50 . 2008-01-15 11:50 18,448 --a------ C:\WINDOWS\system32can4d
2008-01-15 11:47 . 2008-01-15 11:55 d-------- C:\Documents and Settings\Robson\Dane aplikacji\Canon
2008-01-13 04:20 . 2008-01-15 01:34 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-10 18:46 . 2008-01-10 18:46 d-------- C:\Program Files\PITy
2008-01-10 18:39 . 2008-01-10 18:39 d-------- C:\Documents and Settings\Robson\Dane aplikacji\Ahead
2008-01-10 18:35 . 2008-01-10 18:35 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-08 15:28 . 2008-01-08 15:35 d-------- C:\Program Files\ArcaMicroScan
2008-01-07 13:42 . 2008-01-07 13:42 d-------- C:\Program Files\Nero
2008-01-07 13:42 . 2008-01-07 14:04 d-------- C:\Program Files\Common Files\Ahead
2008-01-07 11:25 . 2008-01-19 01:56 d-------- C:\Documents and Settings\Robson\Dane aplikacji\Azureus
2008-01-06 12:07 . 2008-01-20 10:51 d-------- C:\Documents and Settings\Robson\Dane aplikacji\skypePM
2008-01-06 12:07 . 2008-01-06 12:07 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-01-06 12:06 . 2008-01-20 11:00 d-------- C:\Documents and Settings\Robson\Dane aplikacji\Skype
2008-01-06 12:05 . 2008-01-06 12:05 d-------- C:\Program Files\Skype
2008-01-06 12:05 . 2008-01-06 12:05 d-------- C:\Program Files\Common Files\Skype
2008-01-06 12:05 . 2008-01-06 12:05 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-01-03 21:27 . 2008-01-03 21:27 d---s---- C:\Documents and Settings\Robson\UserData
2008-01-02 19:28 . 2008-01-02 19:28 d-------- C:\Documents and Settings\Mama\Dane aplikacji\Teleca
2008-01-02 19:28 . 2008-01-02 19:28 d-------- C:\Documents and Settings\Mama\Dane aplikacji\Sony Ericsson
2008-01-02 11:01 . 2008-01-02 11:01 d-------- C:\Program Files\MSXML 4.0
2008-01-01 11:28 . 2008-01-01 11:28 d-------- C:\Documents and Settings\Robson\Dane aplikacji\Media Player Classic
2008-01-01 11:18 . 2008-01-01 11:18 d-------- C:\Program Files\Sony Ericsson
2008-01-01 11:18 . 2008-01-01 11:18 d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-01-01 11:17 . 2008-01-01 11:17 d-------- C:\WINDOWS\Downloaded Installations
2008-01-01 11:16 . 2008-01-01 11:18 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2008-01-01 11:16 . 2008-01-01 11:16 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-01-01 11:11 . 2008-01-01 11:11 d-------- C:\Program Files\Media Player Classic
2008-01-01 11:11 . 2008-01-01 11:11 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-01-01 11:11 . 2006-09-01 16:14 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-01 11:11 . 2006-09-01 16:14 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-25 23:29 . 2007-12-25 23:29 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-12-25 23:29 . 2007-12-25 23:29 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2007-12-25 23:24 . 2007-12-25 23:24 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-12-25 23:24 . 2007-12-25 23:24 20,520 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys
2007-12-25 23:24 . 2007-12-25 23:24 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys
2007-12-25 23:13 . 2008-01-01 11:21 d-------- C:\Documents and Settings\Robson\Dane aplikacji\Teleca
2007-12-25 23:10 . 2007-04-23 15:54 100,488 -ra------ C:\WINDOWS\system32\drivers\s115mgmt.sys
2007-12-25 23:09 . 2007-04-23 15:54 108,680 -ra------ C:\WINDOWS\system32\drivers\s115mdm.sys
2007-12-25 23:09 . 2007-04-23 15:54 98,568 -ra------ C:\WINDOWS\system32\drivers\s115obex.sys
2007-12-25 23:09 . 2007-04-23 15:54 83,208 -ra------ C:\WINDOWS\system32\drivers\s115bus.sys
2007-12-25 23:09 . 2007-04-23 15:54 15,112 -ra------ C:\WINDOWS\system32\drivers\s115mdfl.sys
2007-12-25 23:09 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115whnt.sys
2007-12-25 23:09 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115wh.sys
2007-12-25 23:09 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115cmnt.sys
2007-12-25 23:09 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115cm.sys
2007-12-25 23:08 . 2008-01-01 11:19 d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-25 23:07 . 2008-01-01 11:19 d-------- C:\Program Files\Common Files\Teleca Shared
2007-12-25 23:07 . 2007-12-25 23:07 d-------- C:\Documents and Settings\Robson\Dane aplikacji\Sony Ericsson
2007-12-25 22:51 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-25 22:48 . 2005-02-11 10:21 89,872 --a------ C:\WINDOWS\system32\drivers\k750mdm.sys
2007-12-25 22:48 . 2005-02-11 10:22 81,728 --a------ C:\WINDOWS\system32\drivers\k750mgmt.sys
2007-12-25 22:48 . 2005-02-11 10:24 79,488 --a------ C:\WINDOWS\system32\drivers\k750obex.sys
2007-12-25 22:48 . 2005-02-11 10:19 55,216 --a------ C:\WINDOWS\system32\drivers\k750bus.sys
2007-12-25 22:48 . 2005-02-11 10:21 6,576 --a------ C:\WINDOWS\system32\drivers\k750mdfl.sys
2007-12-25 22:48 . 2005-02-11 10:24 6,144 --a------ C:\WINDOWS\system32\drivers\k750cmnt.sys
2007-12-25 22:48 . 2005-02-11 10:24 6,144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys
2007-12-25 22:48 . 2005-02-11 10:19 5,744 --a------ C:\WINDOWS\system32\drivers\k750whnt.sys
2007-12-25 22:48 . 2005-02-11 10:19 5,744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys
2007-12-25 22:43 . 2004-08-16 21:00 116,736 --a------ C:\WINDOWS\system32\CNMLM6f.DLL
2007-12-25 22:43 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-25 22:43 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-20 12:52 180,092 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-20 12:52 15,169,568 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-20 12:50 --------- d-----w C:\Documents and Settings\Robson\Dane aplikacji\Avant Browser
2008-01-20 12:22 2,761,216 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-01-20 12:22 1,561,600 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-01-20 11:04 --------- d-----w C:\Documents and Settings\Mama\Dane aplikacji\Avant Browser
2008-01-19 17:52 --------- d-----w C:\Documents and Settings\Robson\Dane aplikacji\OpenOffice.ux.pl2
2007-12-25 21:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-18 18:53 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\TomTom
2007-12-18 18:30 --------- d-----w C:\Documents and Settings\Robson\Dane aplikacji\InstallShield
2007-12-16 21:19 --------- d-----w C:\Program Files\OpenOffice.ux.pl 2.2.0
2007-12-16 17:11 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2007-12-16 17:06 --------- d-----w C:\Program Files\ZoneAlarmSB
2007-12-15 17:04 --------- d-----w C:\Program Files\VIA Technologies, INC
2007-12-15 17:02 --------- d-----w C:\Documents and Settings\Mama\Dane aplikacji\Gadu-Gadu
2007-12-15 17:00 --------- d-----w C:\Documents and Settings\Robson\Dane aplikacji\Gadu-Gadu
2007-12-15 16:23 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-15 16:08 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier
2007-12-15 15:41 --------- d-----w C:\Program Files\VIA
2007-12-15 15:40 --------- d-----w C:\Program Files\Alwil Software
2007-12-15 15:17 --------- d--h--w C:\Program Files\Uninstall Information
2007-12-15 15:13 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-15 15:10 --------- d-----w C:\Program Files\Usługi online
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-14 15:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-11-14 15:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-11-07 09:29 723,968 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-12-16 18:06 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2007-12-16 18:06 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="D:\Programy\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:57 1289000]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-15 11:42 4112384]
"nwiz"="nwiz.exe" [2004-07-15 11:42 843776 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-15 11:42 81920]
"ZoneAlarm Client"="d:\Programy\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"OpwareSE2"="D:\Programy\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16 528384]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"DAEMON Tools"="d:\Programy\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 11:38]
R3 AN983;Karta ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 22:59]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-12-25 23:24]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 15:54]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15:54]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 15:54]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 15:54]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 15:54]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 14:05:49
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-20 14:07:06 - machine was rebooted [Robson]
ComboFix-quarantined-files.txt 2008-01-20 13:07:01
.
2008-01-09 06:37:49 --- E O F ---
Działa :)
Kurcze nie widze go logach albo slepy jestem a to syfek jest.
Pokaż jeszcze loga Combofixa
Temat przenosze do działu Bezpieczeństwo
Strona 1 / 1