CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo Cały czas mam komunikat plik jest zainfekowany lub aktualizowany

Cały czas mam komunikat plik jest zainfekowany lub aktualizowany

Bardzo proszę o sprawdzanie loga z Combo. Cały czas mam komunikat że plik jest zainfekowany lub zaktualizowany. za każdym razem wysyam podany plik do kaspersky Lab i dostaje odpowiedź że pliki są czyste. a w tym że one nie zostały zaktualizowane jestem na 101% pewny. czy coś tu jest nie tak? [quote]ComboFix 07-11-01.1 - Ja 2007-11-07 16:20:28.8 - NTFSx86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.2.1251.7.1045.18.784 [GMT 1:00] Running from: D:\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-07 to 2007-11-07 ))))))))))))))))))))))))))))))) . 2007-11-05 13:49 d-------- C:\Documents and Settings\Ja\Dane aplikacji\PSpad 2007-11-05 10:49 d-------- C:\Documents and Settings\Ja\Dane aplikacji\IDMComp 2007-11-05 10:46 d-------- C:\Program Files\IDM Computer Solutions 2007-11-05 10:04 d--hs---- C:\WINDOWS\ftpcache 2007-11-05 09:59 d-------- C:\Program Files\Binboy 2007-11-01 22:16 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth 2007-10-31 10:22 d--h----- C:\WINDOWS\msdownld.tmp 2007-10-30 06:32 60,928 --a--c--- C:\WINDOWS\system32\dllcache\msimn.exe 2007-10-30 06:30 363,520 --a------ C:\WINDOWS\system32\PsisDecd.dll 2007-10-30 06:30 363,520 --a--c--- C:\WINDOWS\system32\dllcache\psisdecd.dll 2007-10-30 06:30 15,360 --a------ C:\WINDOWS\system32\drivers\MPE.sys 2007-10-30 06:30 15,360 --a--c--- C:\WINDOWS\system32\dllcache\mpe.sys 2007-10-30 06:14 11,776 --a------ C:\WINDOWS\system32\drivers\BdaSup.sys 2007-10-30 06:14 11,776 --a--c--- C:\WINDOWS\system32\dllcache\bdasup.sys 2007-10-29 15:52 d-------- C:\MSXML3msms 2007-10-27 19:14 d-------- C:\Documents and Settings\75D1~1\Dane aplikacji\ICQ 2007-10-25 14:34 d-------- C:\Documents and Settings\Ja\Saved Games 2007-10-25 14:34 d-------- C:\Documents and Settings\Ja\Dane aplikacji\FloodLightGames 2007-10-25 07:52 3,110 --a------ C:\WINDOWS\system32\tmp.reg 2007-10-25 07:50 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-10-25 07:50 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-10-25 07:50 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-10-25 07:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-10-25 07:50 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-10-24 12:39 d-------- C:\Documents and Settings\Ja\Dane aplikacji\ICQ 2007-10-24 12:38 d-------- C:\Program Files\ICQ6 2007-10-24 12:37 d-------- C:\Documents and Settings\Ja\Dane aplikacji\InstallShield 2007-10-22 18:56 d-------- C:\Documents and Settings\75D1~1\Dane aplikacji\ICQ Toolbar 2007-10-22 18:08 d-------- C:\Documents and Settings\Ja\Dane aplikacji\ICQ Toolbar 2007-10-22 17:53 d-------- C:\Documents and Settings\Ja\Dane aplikacji\ICQLite 2007-10-21 21:29 d-------- C:\Documents and Settings\Ja\Dane aplikacji\PRMT 2007-10-19 15:45 d-------- C:\WINDOWS\NV37602772.TMP 2007-10-19 15:39 dr------- C:\WINDOWS\AsDmiHtm 2007-10-19 15:35 2,973,696 --------- C:\WINDOWS\NuNinst.exe 2007-10-19 15:35 99,584 --------- C:\WINDOWS\system32\drivers\InCDfs.sys 2007-10-19 15:35 29,696 --------- C:\WINDOWS\system32\drivers\InCDpass.sys 2007-10-19 15:35 8,704 --------- C:\WINDOWS\system32\drivers\InCDrec.sys 2007-10-19 15:34 d-------- C:\WINDOWS\InCD 2007-10-19 15:34 28,672 --------- C:\WINDOWS\system32\drivers\InCDrm.sys 2007-10-16 20:54 21,495,072 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-10-16 20:54 473,120 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-10-16 20:54 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-10-16 20:54 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-10-16 18:47 d-------- C:\WINDOWS\Album 2007-10-16 18:47 d-------- C:\Program Files\VideoCAM GE111 2007-10-16 18:47 d-------- C:\Program Files\Common Files\PCCamera 2007-10-16 18:21 d-------- C:\Program Files\Hotkey 2007-10-16 17:33 d-------- C:\Program Files\IVT Corporation 2007-10-13 19:37 d-------- C:\Program Files\Google Video 2007-10-10 16:05 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Prevx 2007-10-08 17:19 d-------- C:\Documents and Settings\Ja\Dane aplikacji\Cream Software . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-07 15:18 46,472 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2007-11-07 15:18 291,044 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-11-07 14:31 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\OpenOffice.org2 2007-11-07 13:57 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2007-11-06 20:27 --------- d-----w C:\Documents and Settings\75D1~1\Dane aplikacji\Skype 2007-11-06 17:13 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\Skype 2007-11-05 12:07 --------- d-----w C:\Program Files\Mozilla Thunderbird 2007-11-05 07:13 --------- d-----w C:\Program Files\Microsoft SQL Server 2007-11-04 18:51 230,432 ----a-w C:\StiImg.dat 2007-11-01 21:12 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-28 14:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2007-10-25 13:50 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2007-10-25 06:00 --------- d-----w C:\Program Files\Opera 2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll 2007-10-21 20:14 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\Uniblue 2007-10-20 12:38 --------- d-----w C:\Program Files\MultiKeyboard Driver 2007-10-19 14:34 --------- d-----w C:\Program Files\CyberLink DVD Solution 2007-10-17 13:42 --------- d-----w C:\Program Files\OpenOffice.org 2.3 2007-10-16 20:09 --------- d-----w C:\Program Files\Kaspersky Lab 2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll 2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll 2007-10-10 14:40 --------- d-----w C:\Program Files\Google 2007-10-07 06:49 --------- d-----w C:\Program Files\Microsoft Silverlight 2007-10-05 20:22 --------- d-----w C:\Program Files\PRMT8 2007-10-05 13:13 --------- d-----w C:\Documents and Settings\75D1~1\Dane aplikacji\Nero 2007-10-05 13:01 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\Nero 2007-10-05 13:00 --------- d-----w C:\Program Files\Common Files\Nero 2007-10-05 12:58 --------- d-----w C:\Program Files\Nero 2007-10-05 12:58 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero 2007-10-05 12:47 --------- d-----w C:\Program Files\Common Files\Ahead 2007-10-05 12:47 --------- d-----w C:\Program Files\Ahead 2007-10-04 17:09 --------- d-----w C:\Documents and Settings\75D1~1\Dane aplikacji\PRMT 2007-10-04 11:04 --------- d-----w C:\Program Files\MSXML 4.0 2007-10-03 20:40 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\PROject MT 2007-10-02 08:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll 2007-09-29 20:08 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\PRMT 2007-09-28 12:46 --------- d-----w C:\Program Files\K-Lite Codec Pack 2007-09-27 08:30 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\ChemTable Software 2007-09-26 21:34 269,824 ----a-w C:\WINDOWS\system32\baksm.dll 2007-09-24 07:05 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys 2007-09-24 07:05 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys 2007-09-20 07:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2007-09-20 07:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-09-20 07:55 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll 2007-09-17 13:41 --------- d-----w C:\Documents and Settings\75D1~1\Dane aplikacji\CyberLink 2007-09-15 08:34 --------- d-----w C:\Program Files\Java 2007-09-13 13:35 --------- d-----w C:\Program Files\MSN Messenger 2007-09-11 18:02 --------- d-----w C:\Program Files\Skype 2007-09-11 18:02 --------- d-----w C:\Program Files\Common Files\Skype 2007-09-10 06:52 --------- d-----w C:\Program Files\Trend Micro 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-13 17:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll 2007-08-13 17:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll 2007-08-13 17:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll 2007-08-13 17:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll 2007-08-13 17:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll 2007-08-13 17:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll 2007-08-13 17:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll 2007-08-13 17:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe 2007-08-13 17:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll 2007-06-20 19:00 702,644 ----a-w C:\Program Files\JUN2007_d3dx10_34_x64.cab 2007-06-20 19:00 702,072 ----a-w C:\Program Files\JUN2007_d3dx10_34_x86.cab 2007-06-20 19:00 45,302 ----a-w C:\Program Files\dxdllreg_x86.cab 2007-06-20 19:00 200,722 ----a-w C:\Program Files\JUN2007_XACT_x64.cab 2007-06-20 19:00 156,509 ----a-w C:\Program Files\JUN2007_XACT_x86.cab 2007-06-20 19:00 1,611,374 ----a-w C:\Program Files\JUN2007_d3dx9_34_x64.cab 2007-06-20 19:00 1,610,886 ----a-w C:\Program Files\JUN2007_d3dx9_34_x86.cab 2007-06-20 18:40 976,020 ------w C:\Program Files\BDAXP.cab 2007-06-20 18:40 917,318 ------w C:\Program Files\Apr2006_MDX1_x86.cab 2007-06-20 18:40 88,102 ------w C:\Program Files\AUG2006_xinput_x64.cab 2007-06-20 18:40 87,989 ------w C:\Program Files\Apr2006_xinput_x64.cab 2007-06-20 18:40 86,925 ------w C:\Program Files\Oct2005_xinput_x64.cab 2007-06-20 18:40 86,400 ----a-w C:\Program Files\dxupdate.cab 2007-06-20 18:40 77,160 ----a-w C:\Program Files\DSETUP.dll 2007-06-20 18:40 702,212 ------w C:\Program Files\APR2007_d3dx10_33_x64.cab 2007-06-20 18:40 699,465 ------w C:\Program Files\APR2007_d3dx10_33_x86.cab 2007-06-20 18:40 56,902 ------w C:\Program Files\APR2007_xinput_x86.cab 2007-06-20 18:40 503,144 ----a-w C:\Program Files\DXSETUP.exe 2007-06-20 18:40 47,018 ------w C:\Program Files\AUG2006_xinput_x86.cab 2007-06-20 18:40 46,898 ------w C:\Program Files\Apr2006_xinput_x86.cab 2007-06-20 18:40 46,247 ------w C:\Program Files\Oct2005_xinput_x86.cab 2007-06-20 18:40 4,163,518 ------w C:\Program Files\Apr2006_MDX1_x86_Archive.cab 2007-06-20 18:40 213,767 ------w C:\Program Files\DEC2006_d3dx10_00_x64.cab 2007-06-20 18:40 199,366 ------w C:\Program Files\APR2007_XACT_x64.cab 2007-06-20 18:40 198,275 ------w C:\Program Files\FEB2007_XACT_x64.cab 2007-06-20 18:40 193,435 ------w C:\Program Files\DEC2006_XACT_x64.cab 2007-06-20 18:40 192,680 ------w C:\Program Files\DEC2006_d3dx10_00_x86.cab 2007-06-20 18:40 183,863 ------w C:\Program Files\AUG2006_XACT_x64.cab 2007-06-20 18:40 183,321 ------w C:\Program Files\OCT2006_XACT_x64.cab 2007-06-20 18:40 181,745 ------w C:\Program Files\JUN2006_XACT_x64.cab 2007-06-20 18:40 180,021 ------w C:\Program Files\Apr2006_XACT_x64.cab 2007-06-20 18:40 179,247 ------w C:\Program Files\Feb2006_XACT_x64.cab 2007-06-20 18:40 154,825 ------w C:\Program Files\APR2007_XACT_x86.cab 2007-06-20 18:40 151,583 ------w C:\Program Files\FEB2007_XACT_x86.cab 2007-06-20 18:40 146,559 ------w C:\Program Files\DEC2006_XACT_x86.cab 2007-06-20 18:40 138,977 ------w C:\Program Files\OCT2006_XACT_x86.cab 2007-06-20 18:40 138,195 ------w C:\Program Files\AUG2006_XACT_x86.cab 2007-06-20 18:40 134,631 ------w C:\Program Files\JUN2006_XACT_x86.cab 2007-06-20 18:40 133,991 ------w C:\Program Files\Apr2006_XACT_x86.cab 2007-06-20 18:40 133,297 ------w C:\Program Files\Feb2006_XACT_x86.cab . ((((((((((((((((((((((((((((( snapshot@2007-11-02_ 8.52.43,01 ))))))))))))))))))))))))))))))))))))))))) . + 2007-11-05 22:18:37 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Code.glvw8oj2.dll + 2007-11-05 22:18:36 11,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_GlobalResources.gnow9hw-.dll + 2007-11-05 22:18:39 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_LocalResources.root.gmi7vpil.dll + 2007-11-05 22:19:00 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_LocalResources.security.cdcab7d2.c2q6juqa.dll + 2007-11-05 22:18:41 6,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_0sjw0gfm.dll + 2007-11-05 22:18:40 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_8np9x6ec.dll + 2007-11-05 22:19:01 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_fsm6gc6h.dll + 2007-11-05 22:19:00 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_jtvf7zg8.dll + 2007-11-05 22:18:44 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_lgnbxx6m.dll + 2007-11-05 22:18:44 8,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_nidmzbub.dll + 2007-11-05 22:18:43 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_oncxhlft.dll + 2007-11-05 22:18:42 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_s2gpwj2k.dll + 2007-11-05 22:18:42 10,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_w9vaqrmw.dll + 2007-11-05 22:18:35 6,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\pl\App_GlobalResources.gnow9hw-.resources.dll + 2007-11-05 22:18:38 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\pl\App_LocalResources.root.gmi7vpil.resources.dll + 2007-11-05 22:18:59 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\pl\App_LocalResources.security.cdcab7d2.c2q6juqa.resources.dll + 2007-11-07 11:09:06 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\website1\5d28e62f\2602964a\App_Web__lrbthdm.dll + 2007-11-07 11:04:44 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\website1\5d28e62f\2602964a\App_Web_8qe8u05n.dll + 2007-11-07 11:10:41 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\website1\5d28e62f\2602964a\App_Web_e2p7d9bu.dll + 2007-11-07 11:15:20 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\website1\5d28e62f\2602964a\App_Web_i4mtyir1.dll + 2007-11-07 10:55:39 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\website1\5d28e62f\2602964a\App_Web_j8fzlb59.dll + 2007-11-07 11:14:13 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\website1\5d28e62f\2602964a\App_Web_jzzdrmu8.dll + 2007-11-07 10:58:22 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\website1\5d28e62f\2602964a\App_Web_o2-p9ju0.dll + 2007-11-07 10:35:43 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\website1\5d28e62f\2602964a\App_Web_olxxh7nn.dll + 2007-11-07 10:58:28 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\website1\f5c58eb9\b60f641f\App_Web_25wvki9x.dll + 2007-11-07 10:55:45 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\website1\f5c58eb9\b60f641f\App_Web_ae-clqip.dll + 2007-11-07 11:15:26 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\website1\f5c58eb9\b60f641f\App_Web_f7h17pj_.dll + 2007-11-07 11:14:19 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\website1\f5c58eb9\b60f641f\App_Web_km-795kl.dll + 2007-11-07 11:09:12 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\website1\f5c58eb9\b60f641f\App_Web_us63pctl.dll + 2007-11-07 11:10:47 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\website1\f5c58eb9\b60f641f\App_Web_vh2tsarw.dll + 2007-11-07 11:04:50 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\website1\f5c58eb9\b60f641f\App_Web_yestins-.dll + 2007-11-05 22:32:02 6,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\website2\4557357a\c34828ca\App_Web_f2omx3d5.dll + 2007-11-05 22:32:09 6,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\website2\a1330248\91f26399\App_Web_tv96vjpr.dll - 2007-10-30 16:40:39 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2007-11-02 14:19:29 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2007-10-30 16:40:39 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat + 2007-11-02 14:19:29 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat - 2007-10-30 16:40:39 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat + 2007-11-02 14:19:29 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat - 2007-10-31 11:30:54 6,232 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat + 2007-11-04 22:25:38 40,564 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 14:21 C:\WINDOWS\system32\HdAShCut.exe] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 02:11] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 14:35] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 10:22] "nwiz"="nwiz.exe" [2006-06-01 10:22 C:\WINDOWS\system32\nwiz.exe] "SW20"="C:\WINDOWS\system32\sw20.exe" [2006-05-18 02:15] "SW24"="C:\WINDOWS\system32\sw24.exe" [2006-05-17 03:37] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51] "Hotkey"="C:\Program Files\Hotkey\Hotkey.exe" [2004-04-03 17:38] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-14 03:06] "NvMediaCenter"="NvMCTray.dll" [2006-06-01 10:22 C:\WINDOWS\system32\nvmctray.dll] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-14 21:37] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys S2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe S2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" S3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys S3 BTNetFilter;Bluetooth Network Filter;\????????\C:\WINDOWS\system32\drivers\BTNetFilter.sys S3 PAC207;VideoCAM GE111;C:\WINDOWS\system32\DRIVERS\pfc027.sys S3 SetupNTGLM7X;SetupNTGLM7X;\???????\E:\NTGLM7X.sys . Contents of the 'Scheduled Tasks' folder "2007-10-21 20:12:58 C:\WINDOWS\Tasks\Uniblue SpyEraser.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-07 16:22:10 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-07 16:22:35 . --- E O F ---[/quote] Dzięki .

Odpowiedzi: 4

Dzięki Żółty. Proszę bardzo wymagane logi. [quote]SmitFraudFix v2.212 Scan done at 12:05:39,07, 2007-11-20 Run from D:\Wir Mir\SmitfraudFix OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Hotkey\Hotkey.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\lg_fwupdate\fwupdate.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C: »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ja »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ja\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Ja\Ulubione »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Moja biezaca strona glowna" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Sterownik miniport Harmonogramu pakietow DNS Server Search Order: 62.179.1.63 DNS Server Search Order: 62.179.1.61 HKLM\SYSTEM\CCS\Services\Tcpip\..\{455D13D1-FF75-4757-B605-BB30E9D0359D}: DhcpNameServer=62.179.1.63 62.179.1.61 HKLM\SYSTEM\CS1\Services\Tcpip\..\{455D13D1-FF75-4757-B605-BB30E9D0359D}: DhcpNameServer=62.179.1.63 62.179.1.61 HKLM\SYSTEM\CS2\Services\Tcpip\..\{455D13D1-FF75-4757-B605-BB30E9D0359D}: DhcpNameServer=62.179.1.63 62.179.1.61 HKLM\SYSTEM\CS3\Services\Tcpip\..\{455D13D1-FF75-4757-B605-BB30E9D0359D}: DhcpNameServer=62.179.1.63 62.179.1.61 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=62.179.1.63 62.179.1.61 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=62.179.1.63 62.179.1.61 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=62.179.1.63 62.179.1.61 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=62.179.1.63 62.179.1.61 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End [/quote] [quote]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:07:46, on 2007-11-20 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Hotkey\Hotkey.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\lg_fwupdate\fwupdate.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\PRMT8\PrmtSvr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virtualcentury.home.services.spaces.live.com/default.aspx R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Lacza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: PROMT - {892E81F6-EC63-4d13-8422-835A7A05D6EB} - C:\Program Files\PRMT8\PRMTIE\prmtie.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [Hotkey] C:\Program Files\Hotkey\Hotkey.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USLUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USLUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Online-??????? - C:\Program Files\PRMT8\PRMTIE\oda.htm O8 - Extra context menu item: ????????????? ?????????? ?????? ???????? - C:\Program Files\PRMT8\PRMTIE\aot.htm O8 - Extra context menu item: ???????? ? ????-?????? - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: ????????? ????????? ???????? - C:\Program Files\PRMT8\PRMTIE\options.htm O8 - Extra context menu item: ?????????? ????? - C:\Program Files\PRMT8\PRMTIE\infopanel.htm O8 - Extra context menu item: ??????? ????????? ?????? - C:\Program Files\PRMT8\PRMTIE\addentry.htm O8 - Extra context menu item: ????? ? ????????? - C:\Program Files\PRMT8\PRMTIE\search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Cnrncnncer Ala-Rincacdonr - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: (no name) - {4034D172-4C52-49de-A6A1-E75F8F591FEC} - C:\Program Files\PRMT8\PRMTIE\options.htm O9 - Extra 'Tools' menuitem: Irnndicnu drdrelndu dldlaiar - {4034D172-4C52-49de-A6A1-E75F8F591FEC} - C:\Program Files\PRMT8\PRMTIE\options.htm O9 - Extra button: (no name) - {A2DA13D5-AC77-43b7-963B-40445EBCB8E0} - C:\Program Files\PRMT8\PRMTIE\prmtie5.htm O9 - Extra 'Tools' menuitem: Dldlalnnc - {A2DA13D5-AC77-43b7-963B-40445EBCB8E0} - C:\Program Files\PRMT8\PRMTIE\prmtie5.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183193509406 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184007138187 O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://virtualcentury.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 9266 bytes [/quote] [quote]"Silent Runners.vbs", revision 52, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ["Google Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "High Definition Audio Property Page Shortcut" = "HDAShCut.exe" ["Windows (R) Server 2003 DDK provider"] "SoundMAXPnP" = "C:\Program Files\Analog Devices\Core\smax4pnp.exe" ["Analog Devices, Inc."] "SoundMAX" = ""C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray" ["Analog Devices, Inc."] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "SW20" = "C:\WINDOWS\system32\sw20.exe" [empty string] "SW24" = "C:\WINDOWS\system32\sw24.exe" [null data] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."] "Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"] "NeroFilterCheck" = "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" ["Nero AG"] "NBKeyScan" = ""C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"" ["Nero AG"] "Hotkey" = "C:\Program Files\Hotkey\Hotkey.exe" [empty string] "InCD" = "C:\Program Files\Ahead\InCD\InCD.exe" ["Nero AG"] "NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS] "AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"" ["Kaspersky Lab"] "LGODDFU" = ""C:\Program Files\lg_fwupdate\fwupdate.exe" blrun" ["BL"] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] HKLM\Software\Microsoft\Active Setup\Installed Components>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer" \StubPath = "C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig" [MS] >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express" \StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Notifier BHO" \InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll" ["Google Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Moje foldery udostepniania" \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS] "{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons" -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class" \InProcServer32\(Default) = "C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"] "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW" -> {HKLM...CLSID} = "Shell Extension for CDRW" \InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Nero AG"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "C********* ***-**********" (unwritable string) -> {HKLM...CLSID} = "C********* ***-**********" (unwritable string) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll" ["Kaspersky Lab"] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify<> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"] HKLM\Software\Classes\Folder\shellex\ColumnHandlers{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"] {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlersCover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}" -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll" ["Kaspersky Lab"] PromtMenu\(Default) = "{E28C61E1-67D8-4005-9BF4-E232B2EB9012}" -> {HKLM...CLSID} = "Promt6ShellContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\PRMT8\PRMT\prmshell.dll" ["PROMT Ltd."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlersWinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlersKaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll" ["Kaspersky Lab"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = (REG_DWORD) hex:0x00000000 {Prevent access to registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Idylla.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Idylla.bmp" Enabled Scheduled Tasks: ------------------------ "Uniblue SpyEraser" -> launches: "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe -s" [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar"{892E81F6-EC63-4D13-8422-835A7A05D6EB}" = (no title provided) -> {HKLM...CLSID} = "PROMT" \InProcServer32\(Default) = "C:\Program Files\PRMT8\PRMTIE\prmtie.dll" ["PROMT Ltd."] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Explorer Bars{0B36D47C-7613-4B8D-89DA-809F66DE9B31}\(Default) = (no title provided) -> {HKLM...CLSID} = "******* ******" (unwritable string) \InProcServer32\(Default) = "C:\Program Files\PRMT8\PRMTIE\prmtie.dll" ["PROMT Ltd."] {CE1B52DB-F55E-4135-B22B-6529EF90EA52}\(Default) = (no title provided) -> {HKLM...CLSID} = "Online-*******" (unwritable string) \InProcServer32\(Default) = "C:\Program Files\PRMT8\PRMTIE\prmtie.dll" ["PROMT Ltd."] {EB8F177F-EAD2-44F8-BB4E-0E967F90BE21}\(Default) = (no title provided) -> {HKLM...CLSID} = "********** *****" (unwritable string) \InProcServer32\(Default) = "C:\Program Files\PRMT8\PRMTIE\prmtie.dll" ["PROMT Ltd."] HKLM\Software\Microsoft\Internet Explorer\Explorer Bars HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "C********* ***-**********" (unwritable string) Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll" ["Kaspersky Lab"] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}"ButtonText" = "C????????? ???-??????????" {4034D172-4C52-49DE-A6A1-E75F8F591FEC}"MenuText" = "????????? ????????? ????????" "Script" = "C:\Program Files\PRMT8\PRMTIE\options.htm" [null data] {A2DA13D5-AC77-43B7-963B-40445EBCB8E0}"MenuText" = "?????????" "Script" = "C:\Program Files\PRMT8\PRMTIE\prmtie5.htm" [null data] {E2E2DD38-D088-4134-82B7-F2BA38496583}"MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] {E59EB121-F339-4851-A3BA-FE49C35617C2}"ButtonText" = "ICQ6" "MenuText" = "ICQ6" "Exec" = "C:\Program Files\ICQ6\ICQ.exe" ["ICQ, Inc."] {FB5F1910-F110-11D2-BB9E-00C04F795683}"ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple, Inc."] InCD Helper, InCDsrv, "C:\Program Files\Ahead\InCD\InCDsrv.exe" ["Nero AG"] Kaspersky Internet Security 7.0, AVP, ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r" ["Kaspersky Lab"] Nero BackItUp Scheduler 3, Nero BackItUp Scheduler 3, "C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe" ["Nero AG"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] SQL Server (SQLEXPRESS), MSSQL$SQLEXPRESS, ""C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS" [MS] SQL Server VSS Writer, SQLWriter, ""C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"" [MS] STI Simulator, STI Simulator, "C:\WINDOWS\System32\PAStiSvc.exe" [null data] ---------- (launch time: 2007-11-20 12:09:35) <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 34 seconds, including 2 seconds for message boxes) [/quote] [b]P.S. nie rozumiem bardzo co to jest w SmitFraudFixe[/b] [quote] Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" [u]"[color=brown]FriendlyName"="Moja biezaca strona glowna[/color]"[/u][/quote] [b]EDIT[/b] coś to mówi? ???????: ???????????? ??????? ?? not-a-virus:RiskTool.Win32.Reboot.f ????: D:\System Volume Information\_restore{620F6F8E-B100-4323-AF78-6E945CF64268}\RP10\A0017660.exe ???????: ???????????? ??????? ?? not-a-virus:RiskTool.Win32.Reboot.f ????: D:\System Volume Information\_restore{620F6F8E-B100-4323-AF78-6E945CF64268}\RP10\A0017661.exe ???????: ???????????? ??????? ?? not-a-virus:RiskTool.Win32.Reboot.f ????: D:\System Volume Information\_restore{620F6F8E-B100-4323-AF78-6E945CF64268}\RP10\A0017662.exe
Sfinks
Dodano
20.11.2007 13:12:11
Pokaz loga Hijacka, SilentRunners i SmitfraudFix
Żółty
Dodano
20.11.2007 12:21:14
ICQ.exe, VWDEXPRESS.EXE i jeszcze jakieś były 3 których bardzo nie znam i zapomniałem dokładną nazwe.
Sfinks
Dodano
20.11.2007 12:03:45
Jaki plik ??
Żółty
Dodano
20.11.2007 10:45:15
Sfinks
Dodano:
20.11.2007 10:35:40
Komentarzy:
4
Strona 1 / 1