CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo AppName: cssrss.exe ModName: user32.dll

AppName: cssrss.exe ModName: user32.dll

Po wł. komputera i zalogowaniu sie do Windows XP, dostaje taki komunikat: [URL=http://img185.imageshack.us/my.php?image=40542776ae1.jpg][IMG]http://img185.imageshack.us/img185/9284/40542776ae1.th.jpg[/IMG][/URL] [URL=http://img185.imageshack.us/my.php?image=74358684du6.jpg][IMG]http://img185.imageshack.us/img185/5606/74358684du6.th.jpg[/IMG][/URL] Logfile of HijackThis v1.99.1 Scan saved at 14:16:26, on 2008-01-19 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\RUNDLL32.EXE D:\Programy\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe D:\Programy\ScanSoft\OmniPageSE2.0\OpwareSE2.exe D:\Programy\DAEMON Tools\daemon.exe D:\Programy\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe D:\Programy\MICROS~3\rapimgr.exe D:\Programy\Avant Browser\avant.exe C:\totalcmd\TOTALCMD.EXE D:\BAZA\Spy\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Programy\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\Programy\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [OpwareSE2] "D:\Programy\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [DAEMON Tools] "d:\Programy\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Programy\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - D:\Programy\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Dodaj do listy blokowanych reklam - D:\Programy\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: Otwórz w nowym Avant Browser - D:\Programy\Avant Browser\OpenInNewBrowser.htm O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - D:\Programy\Avant Browser\OpenAllLinks.htm O8 - Extra context menu item: Podświetl - D:\Programy\Avant Browser\Highlight.htm O8 - Extra context menu item: Szukaj - D:\Programy\Avant Browser\Search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Programy\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Programy\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Programy\MICROS~3\INetRepl.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://slimak.onet.pl/_m/wirusy/ArcaOnline.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe "Silent Runners.vbs", revision 38, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"] "DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."] "NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "ZoneAlarm Client" = ""d:\Programy\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {CLSID}\InProcServer32\(Default) = "D:\Programy\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = "SSVHelper Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler" -> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler" -> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler" -> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer" -> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{D9872D13-7651-4471-9EEE-F0A00218BEBB}" = "Multiscan" -> {CLSID}\InProcServer32\(Default) = "d:\Programy\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop"Wallpaper" = "C:\Documents and Settings\Robson\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop"SCRNSAVE.EXE" = "C:\WINDOWS\PHAETO~1.SCR" (Phaeton..scr) [null data] Startup items in "Robson" & "All Users" startup folders: -------------------------------------------------------- C:\Documents and Settings\Robson\Menu Start\Programy\Autostart "OpenOffice.ux.pl 2.1.0" -> shortcut to: "C:\Program Files\OpenOffice.ux.pl 2.1.0\program\quickstart.exe" [null data] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "Skrót do ipconfig" -> shortcut to: "C:\WINDOWS\system32\ipconfig.exe /renew" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar"{D2F8F919-690B-4EA2-9FA7-A203D1E04F75}" = "StylerToolBar" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Styler\TB\StylerTB.dll" ["StyleFantasist"] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll" ["Sun Microsystems, Inc."] {FB5F1910-F110-11D2-BB9E-00C04F795683}"ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): : ˙ţ[ V e r s i o n ] : S i g n a t u r e = " $ C H I C A G O $ " : A d v a n c e d I N F = 2 . 5 , " Y o u n e e d a n e w v e r s i o n o f a d v p a c k . d l l " : : [ R e s t o r e H o m e P a g e ] : A d d R e g = R e s t o r e H o m e P a g e . r e g : : [ R e s t o r e B r o w s e r S e t t i n g s ] : A d d R e g = R e s t o r e B r o w s e r S e t t i n g s . r e g : D e l R e g = D e l e t e T e m p l a t e s . r e g , D e l e t e A u t o s e a r c h . r e g : : [ R e s t o r e H o m e P a g e . r e g ] : H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " S t a r t P a g e " , 0 , % S T A R T _ P A G E _ U R L % : : [ R e s t o r e B r o w s e r S e t t i n g s . r e g ] : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " D e f a u l t _ P a g e _ U R L " , 0 , % S T A R T _ P A G E _ U R L % : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " D e f a u l t _ S e a r c h _ U R L " , 0 , % S E A R C H _ P A G E _ U R L % : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " S e a r c h P a g e " , 0 , % S E A R C H _ P A G E _ U R L % : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 1 " , 0 , " w w w . % s . c o m " : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 2 " , 0 , " w w w . % s . o r g " : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 3 " , 0 , " w w w . % s . n e t " : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 4 " , 0 , " w w w . % s . e d u " : H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " S e a r c h P a g e " , 0 , % S E A R C H _ P A G E _ U R L % : : ; N O T E ( a n d r e w g u ) i e 5 . 5 b # 1 0 8 2 5 9 - a u t o s e a r c h s e t t i n g s a r e n o t p r o p e r l y r e s e t : H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ S e a r c h U r l " , " P r o v i d e r " , 0 , " " : : t m " : t m " : H K L M , " S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n t e r n e t S e t t i n g s \ S a f e S i t e s " , % S A F E S I T E _ V A L U E % , 0 , " h t t p : / / i e . s e a r c h . m s n . c o m / * " : : [ D e l e t e T e m p l a t e s . r e g ] : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 5 " : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 6 " : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 7 " : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 8 " : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 9 " : : [ D e l e t e A u t o s e a r c h . r e g ] : ; N O T E ( a n d r e w g u ) i e 5 . 5 b # 1 0 8 2 5 9 - a u t o s e a r c h s e t t i n g s a r e n o t p r o p e r l y r e s e t : H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " A u t o S e a r c h " : : [ S t r i n g s ] : S T A R T _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & p v e r = 6 & a r = m s n h o m e " : S E A R C H _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & a r = i e s e a r c h " : S A F E S I T E _ V A L U E = " i e . s e a r c h . m s n . c o m " : : ; I M P O R T A N T N O T E : : ; I E b r a n d i n g d l l ( i e d k c s 3 2 . d l l ) u s e s t h e f o l l o w i n g e n t r i e s t o r e s t o r e t h e d e f a u l t M S v a l u e s . : ; I n t h e v a n i l l a v e r s i o n o f I E , t h e v a l u e s m u s t b e t h e s a m e a s t h e i r c o r r e s p o n d i n g n o n M S _ * v a l u e s . : ; F o r e x a m p l e , S T A R T _ P A G E _ U R L a n d M S _ S T A R T _ P A G E _ U R L m u s t h a v e t h e s a m e U R L i n t h e I E v e r s i o n r e l e a s e d b y M S . : M S _ S T A R T _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & p v e r = 6 & a r = m s n h o m e " : Missing lines (compared with English-language version): [Version]: 2 lines [RestoreHomePage]: 1 line [RestoreHomePage.reg]: 1 line [RestoreBrowserSettings.reg]: 12 lines [DeleteTemplates.reg]: 5 lines [DeleteAutosearch.reg]: 1 line [Strings]: 1 line [RestoreBrowserSettings]: 2 lines [Strings]: 3 lines Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"] avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"] avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"] ---------- This report excludes default entries except where indicated. To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. ---------- Moze ktoś z was wie w czym problem ? Robert.

Odpowiedzi: 5

Czy sytuacja się poprawiła po tym usuwaniu? .
morda
Dodano
25.01.2008 13:06:51
ComboFix 08-01-20.1 - Robson 2008-01-22 21:07:51.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.566 [GMT 1:00] Running from: D:\BAZA\Spy\ComboFix.exe Command switches used :: D:\BAZA\Spy\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE C:\WINDOWS\Internet Logs\xDB1.tmp C:\WINDOWS\Internet Logs\xDB2.tmp C:\WINDOWS\system32\1GfIUz.syz C:\WINDOWS\system32\4Vr0GH.syz C:\WINDOWS\system32\6HZNPy.syz C:\WINDOWS\system32\8UWq9d.syz C:\WINDOWS\system32\auxqbJ.syz C:\WINDOWS\system32\DBlbFy.syz C:\WINDOWS\system32\FjhdeK.syz C:\WINDOWS\system32\FN47Ko.syz C:\WINDOWS\system32\FsbAZ8.syz C:\WINDOWS\system32\gWPrvK.syz C:\WINDOWS\system32\hCAYdW.syz C:\WINDOWS\system32\hPuILO.syz C:\WINDOWS\system32\jnVDWn.syz C:\WINDOWS\system32\JpfGJi.syz C:\WINDOWS\system32\nAtAJ9.syz C:\WINDOWS\system32\nMm8fS.syz C:\WINDOWS\system32\ozHJfv.syz C:\WINDOWS\system32\pc17dh.syz C:\WINDOWS\system32\Pt7G0c.syz C:\WINDOWS\system32\rq8US5.syz C:\WINDOWS\system32\sII8tn.syz C:\WINDOWS\system32\t4g5U9.syz C:\WINDOWS\system32\tw2g2f.syz C:\WINDOWS\system32\UjGfIy.syz C:\WINDOWS\system32\UrLOhm.syz C:\WINDOWS\system32\xVYl3a.syz C:\WINDOWS\system32\YvWtgJ.syz . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Internet Logs\xDB1.tmp C:\WINDOWS\Internet Logs\xDB2.tmp C:\WINDOWS\system32\1GfIUz.syz C:\WINDOWS\system32\4Vr0GH.syz C:\WINDOWS\system32\6HZNPy.syz C:\WINDOWS\system32\8UWq9d.syz C:\WINDOWS\system32\auxqbJ.syz C:\WINDOWS\system32\DBlbFy.syz C:\WINDOWS\system32\FjhdeK.syz C:\WINDOWS\system32\FN47Ko.syz C:\WINDOWS\system32\FsbAZ8.syz C:\WINDOWS\system32\gWPrvK.syz C:\WINDOWS\system32\hCAYdW.syz C:\WINDOWS\system32\hPuILO.syz C:\WINDOWS\system32\jnVDWn.syz C:\WINDOWS\system32\JpfGJi.syz C:\WINDOWS\system32\nAtAJ9.syz C:\WINDOWS\system32\nMm8fS.syz C:\WINDOWS\system32\ozHJfv.syz C:\WINDOWS\system32\pc17dh.syz C:\WINDOWS\system32\Pt7G0c.syz C:\WINDOWS\system32\rq8US5.syz C:\WINDOWS\system32\sII8tn.syz C:\WINDOWS\system32\t4g5U9.syz C:\WINDOWS\system32\tw2g2f.syz C:\WINDOWS\system32\UjGfIy.syz C:\WINDOWS\system32\UrLOhm.syz C:\WINDOWS\system32\xVYl3a.syz C:\WINDOWS\system32\YvWtgJ.syz . ((((((((((((((((((((((((( Files Created from 2007-12-22 to 2008-01-22 ))))))))))))))))))))))))))))))) . 2008-01-22 20:21 . 2008-01-22 20:21 d-------- C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft 2008-01-21 21:14 . 2008-01-21 21:15 309 --a------ C:\WINDOWS\wcx_ftp.ini 2008-01-20 13:19 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-20 13:07 . 2008-01-20 13:07 d-------- C:\Program Files\Lavalys 2008-01-19 01:47 . 2008-01-19 01:47 d-------- C:\Program Files\Damian Pasternak 2008-01-15 14:51 . 2001-07-21 23:20 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_10021.nls 2008-01-15 14:46 . 2001-07-21 23:20 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_1148.nls 2008-01-15 14:46 . 2001-07-21 23:20 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_1141.nls 2008-01-15 14:46 . 2001-07-21 23:20 66,082 --a------ C:\WINDOWS\system32\c_1148.nls 2008-01-15 14:46 . 2001-07-21 23:20 66,082 --a------ C:\WINDOWS\system32\c_1141.nls 2008-01-15 14:40 . 2001-07-21 23:20 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_20273.nls 2008-01-15 14:40 . 2001-07-21 23:20 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_20106.nls 2008-01-15 14:40 . 2001-07-21 23:20 66,082 --a------ C:\WINDOWS\system32\c_20273.nls 2008-01-15 14:40 . 2001-07-21 23:20 66,082 --a------ C:\WINDOWS\system32\c_20106.nls 2008-01-15 11:50 . 2008-01-15 11:50 18,448 --a------ C:\WINDOWS\system32can4d 2008-01-15 11:47 . 2008-01-22 20:20 d-------- C:\Documents and Settings\Robson\Dane aplikacji\Canon 2008-01-13 04:20 . 2008-01-15 01:34 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-01-10 18:46 . 2008-01-10 18:46 d-------- C:\Program Files\PITy 2008-01-10 18:39 . 2008-01-10 18:39 d-------- C:\Documents and Settings\Robson\Dane aplikacji\Ahead 2008-01-10 18:35 . 2008-01-10 18:35 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-01-08 15:28 . 2008-01-08 15:35 d-------- C:\Program Files\ArcaMicroScan 2008-01-07 13:42 . 2008-01-07 13:42 d-------- C:\Program Files\Nero 2008-01-07 13:42 . 2008-01-07 14:04 d-------- C:\Program Files\Common Files\Ahead 2008-01-07 11:25 . 2008-01-19 01:56 d-------- C:\Documents and Settings\Robson\Dane aplikacji\Azureus 2008-01-06 12:07 . 2008-01-20 10:51 d-------- C:\Documents and Settings\Robson\Dane aplikacji\skypePM 2008-01-06 12:07 . 2008-01-06 12:07 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2008-01-06 12:06 . 2008-01-20 15:06 d-------- C:\Documents and Settings\Robson\Dane aplikacji\Skype 2008-01-06 12:05 . 2008-01-06 12:05 d-------- C:\Program Files\Skype 2008-01-06 12:05 . 2008-01-06 12:05 d-------- C:\Program Files\Common Files\Skype 2008-01-06 12:05 . 2008-01-06 12:05 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype 2008-01-03 21:27 . 2008-01-03 21:27 d---s---- C:\Documents and Settings\Robson\UserData 2008-01-02 19:28 . 2008-01-02 19:28 d-------- C:\Documents and Settings\Mama\Dane aplikacji\Teleca 2008-01-02 19:28 . 2008-01-02 19:28 d-------- C:\Documents and Settings\Mama\Dane aplikacji\Sony Ericsson 2008-01-02 11:01 . 2008-01-02 11:01 d-------- C:\Program Files\MSXML 4.0 2008-01-01 11:28 . 2008-01-01 11:28 d-------- C:\Documents and Settings\Robson\Dane aplikacji\Media Player Classic 2008-01-01 11:18 . 2008-01-01 11:18 d-------- C:\Program Files\Sony Ericsson 2008-01-01 11:18 . 2008-01-01 11:18 d-------- C:\Program Files\Common Files\Sony Ericsson Shared 2008-01-01 11:17 . 2008-01-01 11:17 d-------- C:\WINDOWS\Downloaded Installations 2008-01-01 11:16 . 2008-01-01 11:18 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Teleca 2008-01-01 11:16 . 2008-01-01 11:16 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson 2008-01-01 11:11 . 2008-01-01 11:11 d-------- C:\Program Files\Media Player Classic 2008-01-01 11:11 . 2008-01-01 11:11 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2008-01-01 11:11 . 2006-09-01 16:14 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-01-01 11:11 . 2006-09-01 16:14 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts 2007-12-25 23:29 . 2007-12-25 23:29 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2007-12-25 23:29 . 2007-12-25 23:29 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf 2007-12-25 23:24 . 2007-12-25 23:24 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll 2007-12-25 23:24 . 2007-12-25 23:24 20,520 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys 2007-12-25 23:24 . 2007-12-25 23:24 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys 2007-12-25 23:13 . 2008-01-01 11:21 d-------- C:\Documents and Settings\Robson\Dane aplikacji\Teleca 2007-12-25 23:10 . 2007-04-23 15:54 100,488 -ra------ C:\WINDOWS\system32\drivers\s115mgmt.sys 2007-12-25 23:09 . 2007-04-23 15:54 108,680 -ra------ C:\WINDOWS\system32\drivers\s115mdm.sys 2007-12-25 23:09 . 2007-04-23 15:54 98,568 -ra------ C:\WINDOWS\system32\drivers\s115obex.sys 2007-12-25 23:09 . 2007-04-23 15:54 83,208 -ra------ C:\WINDOWS\system32\drivers\s115bus.sys 2007-12-25 23:09 . 2007-04-23 15:54 15,112 -ra------ C:\WINDOWS\system32\drivers\s115mdfl.sys 2007-12-25 23:09 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115whnt.sys 2007-12-25 23:09 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115wh.sys 2007-12-25 23:09 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115cmnt.sys 2007-12-25 23:09 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115cm.sys 2007-12-25 23:08 . 2008-01-01 11:19 d----c--- C:\WINDOWS\system32\DRVSTORE 2007-12-25 23:07 . 2008-01-01 11:19 d-------- C:\Program Files\Common Files\Teleca Shared 2007-12-25 23:07 . 2007-12-25 23:07 d-------- C:\Documents and Settings\Robson\Dane aplikacji\Sony Ericsson 2007-12-25 22:51 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2007-12-25 22:48 . 2005-02-11 10:21 89,872 --a------ C:\WINDOWS\system32\drivers\k750mdm.sys 2007-12-25 22:48 . 2005-02-11 10:22 81,728 --a------ C:\WINDOWS\system32\drivers\k750mgmt.sys 2007-12-25 22:48 . 2005-02-11 10:24 79,488 --a------ C:\WINDOWS\system32\drivers\k750obex.sys 2007-12-25 22:48 . 2005-02-11 10:19 55,216 --a------ C:\WINDOWS\system32\drivers\k750bus.sys 2007-12-25 22:48 . 2005-02-11 10:21 6,576 --a------ C:\WINDOWS\system32\drivers\k750mdfl.sys 2007-12-25 22:48 . 2005-02-11 10:24 6,144 --a------ C:\WINDOWS\system32\drivers\k750cmnt.sys 2007-12-25 22:48 . 2005-02-11 10:24 6,144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys 2007-12-25 22:48 . 2005-02-11 10:19 5,744 --a------ C:\WINDOWS\system32\drivers\k750whnt.sys 2007-12-25 22:48 . 2005-02-11 10:19 5,744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys 2007-12-25 22:43 . 2004-08-16 21:00 116,736 --a------ C:\WINDOWS\system32\CNMLM6f.DLL 2007-12-25 22:43 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-12-25 22:43 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2007-12-25 22:43 . 2004-08-16 21:00 7,680 --a------ C:\WINDOWS\system32\CNMVS6f.DLL 2007-12-25 22:37 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-12-25 22:32 . 2007-12-25 22:32 d-------- C:\Program Files\Common Files\ScanSoft Shared 2007-12-25 22:32 . 2007-12-25 22:32 d-------- C:\Documents and Settings\Robson\Dane aplikacji\ScanSoft 2007-12-25 22:32 . 2007-12-25 22:32 d-------- C:\Documents and Settings\All Users\Dane aplikacji\SSScanWizard 2007-12-25 22:32 . 2007-12-25 22:32 d-------- C:\Documents and Settings\All Users\Dane aplikacji\SSScanAppDataDir 2007-12-25 22:32 . 2007-12-25 22:32 512 --a------ C:\WINDOWS\MAXLINK.INI 2007-12-25 22:31 . 2004-09-07 01:39 557,056 --a------ C:\WINDOWS\system32\CNCC110.DLL 2007-12-25 22:31 . 2002-05-24 04:04 389,180 --a------ C:\WINDOWS\system32\UCS32P.DLL 2007-12-25 22:31 . 2004-08-27 08:10 94,208 --a------ C:\WINDOWS\system32\CNCL110.DLL 2007-12-25 22:31 . 2004-09-07 01:38 90,112 --a------ C:\WINDOWS\system32\CNCI110.DLL 2007-12-25 22:31 . 2004-09-07 01:51 49,152 --a------ C:\WINDOWS\system32\cncisco.dll 2007-12-25 22:30 . 2007-12-25 22:33 d-------- C:\Program Files\Canon 2007-12-25 20:09 . 2007-12-25 20:09 d-------- C:\WINDOWS\Sun 2007-12-25 20:07 . 2007-12-25 22:37 d-------- C:\Program Files\Java 2007-12-25 20:07 . 2007-12-25 20:07 d-------- C:\Program Files\Common Files\Java 2007-12-23 20:31 . 2007-12-23 20:31 d---s---- C:\Documents and Settings\Mama\UserData 2007-12-23 20:21 . 2007-12-23 20:21 d-------- C:\Documents and Settings\Mama\Dane aplikacji\OpenOffice.ux.pl2 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-22 20:09 16,627,744 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-01-22 20:08 --------- d-----w C:\Documents and Settings\Robson\Dane aplikacji\Avant Browser 2008-01-22 19:40 --------- d-----w C:\Documents and Settings\Robson\Dane aplikacji\OpenOffice.ux.pl2 2008-01-22 15:50 197,252 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-01-21 18:31 --------- d-----w C:\Documents and Settings\Mama\Dane aplikacji\Avant Browser 2008-01-20 13:10 38,535 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_01_20_13_22_39_small.dmp.zip 2007-12-25 21:31 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-18 18:53 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\TomTom 2007-12-18 18:30 --------- d-----w C:\Documents and Settings\Robson\Dane aplikacji\InstallShield 2007-12-16 21:19 --------- d-----w C:\Program Files\OpenOffice.ux.pl 2.2.0 2007-12-16 17:11 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2007-12-16 17:06 --------- d-----w C:\Program Files\ZoneAlarmSB 2007-12-15 17:04 --------- d-----w C:\Program Files\VIA Technologies, INC 2007-12-15 17:02 --------- d-----w C:\Documents and Settings\Mama\Dane aplikacji\Gadu-Gadu 2007-12-15 17:00 --------- d-----w C:\Documents and Settings\Robson\Dane aplikacji\Gadu-Gadu 2007-12-15 16:23 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-12-15 16:08 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier 2007-12-15 15:41 --------- d-----w C:\Program Files\VIA 2007-12-15 15:40 --------- d-----w C:\Program Files\Alwil Software 2007-12-15 15:17 --------- d--h--w C:\Program Files\Uninstall Information 2007-12-15 15:13 --------- d-----w C:\Program Files\microsoft frontpage 2007-12-15 15:10 --------- d-----w C:\Program Files\Usługi online 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-11-14 15:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe 2007-11-14 15:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll 2007-11-07 09:29 723,968 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll . ((((((((((((((((((((((((((((( snapshot@2008-01-20_14.06.36.83 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-20 12:19:53 1,396,736 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-01-22 20:07:12 1,396,736 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT - 2008-01-20 12:19:53 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat + 2008-01-22 20:07:12 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat - 2008-01-20 12:19:53 1,396,736 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT + 2008-01-22 20:07:12 1,396,736 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT - 2008-01-20 12:19:53 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat + 2008-01-22 20:07:12 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat - 2008-01-20 12:19:53 4,067,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT + 2008-01-22 20:07:12 4,067,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT - 2008-01-20 12:19:53 167,936 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat + 2008-01-22 20:07:12 167,936 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat + 2008-01-22 19:13:47 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_480.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}] 2007-12-16 18:06 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2007-12-16 18:06 262144] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="D:\Programy\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:57 1289000] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-15 11:42 4112384] "nwiz"="nwiz.exe" [2004-07-15 11:42 843776 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-15 11:42 81920] "ZoneAlarm Client"="d:\Programy\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "OpwareSE2"="D:\Programy\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16 528384] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648] "DAEMON Tools"="d:\Programy\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360] R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 11:38] R3 AN983;Karta ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 22:59] S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-12-25 23:24] S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 15:54] S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15:54] S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 15:54] S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 15:54] S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 15:54] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-22 21:10:41 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-22 21:11:35 ComboFix-quarantined-files.txt 2008-01-22 20:11:31 ComboFix2.txt 2008-01-20 13:07:07 . 2008-01-09 06:37:49 --- E O F ---
inforobert
Dodano
22.01.2008 22:13:15
ComboFix usunął tego "cssrss.exe". Ale w logu jest dużo dziwnych plików o nieznanym rozszerzeniu [b]*.syz[/b] - wszystkie mają jednakowy rozmiar. To bardzo podejrzane. Wklej do [b]Notatnika[/b]: [CODE] File:: C:\WINDOWS\system32\pc17dh.syz C:\WINDOWS\system32\nAtAJ9.syz C:\WINDOWS\system32\6HZNPy.syz C:\WINDOWS\system32\nMm8fS.syz C:\WINDOWS\system32\xVYl3a.syz C:\WINDOWS\system32\tw2g2f.syz C:\WINDOWS\system32\hCAYdW.syz C:\WINDOWS\system32\hPuILO.syz C:\WINDOWS\system32\sII8tn.syz C:\WINDOWS\system32\gWPrvK.syz C:\WINDOWS\system32\FN47Ko.syz C:\WINDOWS\system32\UjGfIy.syz C:\WINDOWS\system32\auxqbJ.syz C:\WINDOWS\system32\JpfGJi.syz C:\WINDOWS\system32\UrLOhm.syz C:\WINDOWS\system32\1GfIUz.syz C:\WINDOWS\system32\rq8US5.syz C:\WINDOWS\system32\ozHJfv.syz C:\WINDOWS\system32\4Vr0GH.syz C:\WINDOWS\system32\YvWtgJ.syz C:\WINDOWS\system32\FsbAZ8.syz C:\WINDOWS\system32\Pt7G0c.syz C:\WINDOWS\system32\jnVDWn.syz C:\WINDOWS\system32\DBlbFy.syz C:\WINDOWS\system32\8UWq9d.syz C:\WINDOWS\system32\t4g5U9.syz C:\WINDOWS\system32\FjhdeK.syz C:\WINDOWS\Internet Logs\xDB1.tmp C:\WINDOWS\Internet Logs\xDB2.tmp [/code] [b]>>Plik>>Zapisz jako... >>> [color=red]CFScript[/color][/b] Przeciągnij i upuść plik [color=red][b]CFScript.txt[/b][/color] na plik [b]ComboFix.exe[/b] – podobnie jak na tym obrazku [b][color=blue]-->[/color][/b][img]http://img.wklej.org/images/88953CFScript-createdbyMiekiemoes.gif[/img] Ma się rozpocząć usuwanie. (i powstanie log). [b]Po restarcie[/b] usuń ręcznie folder [b]C: \[color=red]Qoobox[/color][/b]. Daj ten log, który powstanie w trakcie usuwania. .
morda
Dodano
20.01.2008 21:19:42
ComboFix 08-01-20.1 - Robson 2008-01-20 13:49:26.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.617 [GMT 1:00] Running from: D:\BAZA\Spy\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\cssrss.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\nm ((((((((((((((((((((((((( Files Created from 2007-12-20 to 2008-01-20 ))))))))))))))))))))))))))))))) . 2008-01-20 13:47 . 2008-01-20 13:47 4,992 --a------ C:\WINDOWS\system32\pc17dh.syz 2008-01-20 13:19 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-20 13:07 . 2008-01-20 13:07 d-------- C:\Program Files\Lavalys 2008-01-20 13:05 . 2008-01-20 13:05 4,992 --a------ C:\WINDOWS\system32\nAtAJ9.syz 2008-01-20 12:18 . 2008-01-20 12:18 4,992 --a------ C:\WINDOWS\system32\6HZNPy.syz 2008-01-20 11:30 . 2008-01-20 11:30 4,992 --a------ C:\WINDOWS\system32\nMm8fS.syz 2008-01-20 10:50 . 2008-01-20 10:50 4,992 --a------ C:\WINDOWS\system32\xVYl3a.syz 2008-01-19 14:48 . 2008-01-19 14:48 4,992 --a------ C:\WINDOWS\system32\tw2g2f.syz 2008-01-19 14:02 . 2008-01-19 14:02 4,992 --a------ C:\WINDOWS\system32\hCAYdW.syz 2008-01-19 11:18 . 2008-01-19 11:18 4,992 --a------ C:\WINDOWS\system32\hPuILO.syz 2008-01-19 10:28 . 2008-01-19 10:28 4,992 --a------ C:\WINDOWS\system32\sII8tn.syz 2008-01-19 09:51 . 2008-01-19 09:51 4,992 --a------ C:\WINDOWS\system32\gWPrvK.syz 2008-01-19 01:47 . 2008-01-19 01:47 d-------- C:\Program Files\Damian Pasternak 2008-01-19 00:24 . 2008-01-19 00:24 4,992 --a------ C:\WINDOWS\system32\FN47Ko.syz 2008-01-18 18:56 . 2008-01-18 18:56 4,992 --a------ C:\WINDOWS\system32\UjGfIy.syz 2008-01-18 17:27 . 2008-01-18 17:27 4,992 --a------ C:\WINDOWS\system32\auxqbJ.syz 2008-01-18 16:41 . 2008-01-18 16:41 4,992 --a------ C:\WINDOWS\system32\JpfGJi.syz 2008-01-18 12:35 . 2008-01-18 12:35 4,992 --a------ C:\WINDOWS\system32\UrLOhm.syz 2008-01-17 23:16 . 2008-01-17 23:16 4,992 --a------ C:\WINDOWS\system32\1GfIUz.syz 2008-01-17 21:18 . 2008-01-17 21:18 4,992 --a------ C:\WINDOWS\system32\rq8US5.syz 2008-01-17 19:27 . 2008-01-17 19:27 4,992 --a------ C:\WINDOWS\system32\ozHJfv.syz 2008-01-17 16:20 . 2008-01-17 16:20 4,992 --a------ C:\WINDOWS\system32\4Vr0GH.syz 2008-01-17 12:55 . 2008-01-17 12:55 4,992 --a------ C:\WINDOWS\system32\YvWtgJ.syz 2008-01-17 12:01 . 2008-01-17 12:01 4,992 --a------ C:\WINDOWS\system32\FsbAZ8.syz 2008-01-17 01:14 . 2008-01-17 01:14 4,992 --a------ C:\WINDOWS\system32\Pt7G0c.syz 2008-01-16 23:36 . 2008-01-16 23:36 4,992 --a------ C:\WINDOWS\system32\jnVDWn.syz 2008-01-16 23:32 . 2008-01-16 23:32 4,992 --a------ C:\WINDOWS\system32\DBlbFy.syz 2008-01-16 21:50 . 2008-01-16 21:50 4,992 --a------ C:\WINDOWS\system32\8UWq9d.syz 2008-01-16 14:05 . 2008-01-16 14:05 4,992 --a------ C:\WINDOWS\system32\t4g5U9.syz 2008-01-15 18:06 . 2008-01-15 18:06 4,992 --a------ C:\WINDOWS\system32\FjhdeK.syz 2008-01-15 14:51 . 2001-07-21 23:20 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_10021.nls 2008-01-15 14:46 . 2001-07-21 23:20 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_1148.nls 2008-01-15 14:46 . 2001-07-21 23:20 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_1141.nls 2008-01-15 14:46 . 2001-07-21 23:20 66,082 --a------ C:\WINDOWS\system32\c_1148.nls 2008-01-15 14:46 . 2001-07-21 23:20 66,082 --a------ C:\WINDOWS\system32\c_1141.nls 2008-01-15 14:40 . 2001-07-21 23:20 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_20273.nls 2008-01-15 14:40 . 2001-07-21 23:20 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_20106.nls 2008-01-15 14:40 . 2001-07-21 23:20 66,082 --a------ C:\WINDOWS\system32\c_20273.nls 2008-01-15 14:40 . 2001-07-21 23:20 66,082 --a------ C:\WINDOWS\system32\c_20106.nls 2008-01-15 11:50 . 2008-01-15 11:50 18,448 --a------ C:\WINDOWS\system32can4d 2008-01-15 11:47 . 2008-01-15 11:55 d-------- C:\Documents and Settings\Robson\Dane aplikacji\Canon 2008-01-13 04:20 . 2008-01-15 01:34 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-01-10 18:46 . 2008-01-10 18:46 d-------- C:\Program Files\PITy 2008-01-10 18:39 . 2008-01-10 18:39 d-------- C:\Documents and Settings\Robson\Dane aplikacji\Ahead 2008-01-10 18:35 . 2008-01-10 18:35 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-01-08 15:28 . 2008-01-08 15:35 d-------- C:\Program Files\ArcaMicroScan 2008-01-07 13:42 . 2008-01-07 13:42 d-------- C:\Program Files\Nero 2008-01-07 13:42 . 2008-01-07 14:04 d-------- C:\Program Files\Common Files\Ahead 2008-01-07 11:25 . 2008-01-19 01:56 d-------- C:\Documents and Settings\Robson\Dane aplikacji\Azureus 2008-01-06 12:07 . 2008-01-20 10:51 d-------- C:\Documents and Settings\Robson\Dane aplikacji\skypePM 2008-01-06 12:07 . 2008-01-06 12:07 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2008-01-06 12:06 . 2008-01-20 11:00 d-------- C:\Documents and Settings\Robson\Dane aplikacji\Skype 2008-01-06 12:05 . 2008-01-06 12:05 d-------- C:\Program Files\Skype 2008-01-06 12:05 . 2008-01-06 12:05 d-------- C:\Program Files\Common Files\Skype 2008-01-06 12:05 . 2008-01-06 12:05 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype 2008-01-03 21:27 . 2008-01-03 21:27 d---s---- C:\Documents and Settings\Robson\UserData 2008-01-02 19:28 . 2008-01-02 19:28 d-------- C:\Documents and Settings\Mama\Dane aplikacji\Teleca 2008-01-02 19:28 . 2008-01-02 19:28 d-------- C:\Documents and Settings\Mama\Dane aplikacji\Sony Ericsson 2008-01-02 11:01 . 2008-01-02 11:01 d-------- C:\Program Files\MSXML 4.0 2008-01-01 11:28 . 2008-01-01 11:28 d-------- C:\Documents and Settings\Robson\Dane aplikacji\Media Player Classic 2008-01-01 11:18 . 2008-01-01 11:18 d-------- C:\Program Files\Sony Ericsson 2008-01-01 11:18 . 2008-01-01 11:18 d-------- C:\Program Files\Common Files\Sony Ericsson Shared 2008-01-01 11:17 . 2008-01-01 11:17 d-------- C:\WINDOWS\Downloaded Installations 2008-01-01 11:16 . 2008-01-01 11:18 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Teleca 2008-01-01 11:16 . 2008-01-01 11:16 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson 2008-01-01 11:11 . 2008-01-01 11:11 d-------- C:\Program Files\Media Player Classic 2008-01-01 11:11 . 2008-01-01 11:11 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2008-01-01 11:11 . 2006-09-01 16:14 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-01-01 11:11 . 2006-09-01 16:14 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts 2007-12-25 23:29 . 2007-12-25 23:29 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2007-12-25 23:29 . 2007-12-25 23:29 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf 2007-12-25 23:24 . 2007-12-25 23:24 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll 2007-12-25 23:24 . 2007-12-25 23:24 20,520 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys 2007-12-25 23:24 . 2007-12-25 23:24 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys 2007-12-25 23:13 . 2008-01-01 11:21 d-------- C:\Documents and Settings\Robson\Dane aplikacji\Teleca 2007-12-25 23:10 . 2007-04-23 15:54 100,488 -ra------ C:\WINDOWS\system32\drivers\s115mgmt.sys 2007-12-25 23:09 . 2007-04-23 15:54 108,680 -ra------ C:\WINDOWS\system32\drivers\s115mdm.sys 2007-12-25 23:09 . 2007-04-23 15:54 98,568 -ra------ C:\WINDOWS\system32\drivers\s115obex.sys 2007-12-25 23:09 . 2007-04-23 15:54 83,208 -ra------ C:\WINDOWS\system32\drivers\s115bus.sys 2007-12-25 23:09 . 2007-04-23 15:54 15,112 -ra------ C:\WINDOWS\system32\drivers\s115mdfl.sys 2007-12-25 23:09 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115whnt.sys 2007-12-25 23:09 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115wh.sys 2007-12-25 23:09 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115cmnt.sys 2007-12-25 23:09 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115cm.sys 2007-12-25 23:08 . 2008-01-01 11:19 d----c--- C:\WINDOWS\system32\DRVSTORE 2007-12-25 23:07 . 2008-01-01 11:19 d-------- C:\Program Files\Common Files\Teleca Shared 2007-12-25 23:07 . 2007-12-25 23:07 d-------- C:\Documents and Settings\Robson\Dane aplikacji\Sony Ericsson 2007-12-25 22:51 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2007-12-25 22:48 . 2005-02-11 10:21 89,872 --a------ C:\WINDOWS\system32\drivers\k750mdm.sys 2007-12-25 22:48 . 2005-02-11 10:22 81,728 --a------ C:\WINDOWS\system32\drivers\k750mgmt.sys 2007-12-25 22:48 . 2005-02-11 10:24 79,488 --a------ C:\WINDOWS\system32\drivers\k750obex.sys 2007-12-25 22:48 . 2005-02-11 10:19 55,216 --a------ C:\WINDOWS\system32\drivers\k750bus.sys 2007-12-25 22:48 . 2005-02-11 10:21 6,576 --a------ C:\WINDOWS\system32\drivers\k750mdfl.sys 2007-12-25 22:48 . 2005-02-11 10:24 6,144 --a------ C:\WINDOWS\system32\drivers\k750cmnt.sys 2007-12-25 22:48 . 2005-02-11 10:24 6,144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys 2007-12-25 22:48 . 2005-02-11 10:19 5,744 --a------ C:\WINDOWS\system32\drivers\k750whnt.sys 2007-12-25 22:48 . 2005-02-11 10:19 5,744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys 2007-12-25 22:43 . 2004-08-16 21:00 116,736 --a------ C:\WINDOWS\system32\CNMLM6f.DLL 2007-12-25 22:43 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-12-25 22:43 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-20 12:52 180,092 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-01-20 12:52 15,169,568 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-01-20 12:50 --------- d-----w C:\Documents and Settings\Robson\Dane aplikacji\Avant Browser 2008-01-20 12:22 2,761,216 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2008-01-20 12:22 1,561,600 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp 2008-01-20 11:04 --------- d-----w C:\Documents and Settings\Mama\Dane aplikacji\Avant Browser 2008-01-19 17:52 --------- d-----w C:\Documents and Settings\Robson\Dane aplikacji\OpenOffice.ux.pl2 2007-12-25 21:31 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-18 18:53 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\TomTom 2007-12-18 18:30 --------- d-----w C:\Documents and Settings\Robson\Dane aplikacji\InstallShield 2007-12-16 21:19 --------- d-----w C:\Program Files\OpenOffice.ux.pl 2.2.0 2007-12-16 17:11 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2007-12-16 17:06 --------- d-----w C:\Program Files\ZoneAlarmSB 2007-12-15 17:04 --------- d-----w C:\Program Files\VIA Technologies, INC 2007-12-15 17:02 --------- d-----w C:\Documents and Settings\Mama\Dane aplikacji\Gadu-Gadu 2007-12-15 17:00 --------- d-----w C:\Documents and Settings\Robson\Dane aplikacji\Gadu-Gadu 2007-12-15 16:23 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-12-15 16:08 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier 2007-12-15 15:41 --------- d-----w C:\Program Files\VIA 2007-12-15 15:40 --------- d-----w C:\Program Files\Alwil Software 2007-12-15 15:17 --------- d--h--w C:\Program Files\Uninstall Information 2007-12-15 15:13 --------- d-----w C:\Program Files\microsoft frontpage 2007-12-15 15:10 --------- d-----w C:\Program Files\Usługi online 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-11-14 15:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe 2007-11-14 15:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll 2007-11-07 09:29 723,968 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}] 2007-12-16 18:06 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2007-12-16 18:06 262144] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="D:\Programy\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:57 1289000] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-15 11:42 4112384] "nwiz"="nwiz.exe" [2004-07-15 11:42 843776 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-15 11:42 81920] "ZoneAlarm Client"="d:\Programy\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "OpwareSE2"="D:\Programy\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16 528384] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648] "DAEMON Tools"="d:\Programy\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360] R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 11:38] R3 AN983;Karta ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 22:59] S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00] S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-12-25 23:24] S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 15:54] S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15:54] S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 15:54] S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 15:54] S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 15:54] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-20 14:05:49 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-20 14:07:06 - machine was rebooted [Robson] ComboFix-quarantined-files.txt 2008-01-20 13:07:01 . 2008-01-09 06:37:49 --- E O F --- Działa :)
inforobert
Dodano
20.01.2008 15:09:24
Kurcze nie widze go logach albo slepy jestem a to syfek jest. Pokaż jeszcze loga Combofixa Temat przenosze do działu Bezpieczeństwo
Żółty
Dodano
19.01.2008 16:35:04
inforobert
Dodano:
19.01.2008 15:20:37
Komentarzy:
5
Strona 1 / 1