Skocz do zawartości


Zdjęcie

Logi - Podejrzenie wirusa

Rozpoczęty przez jezior , 17 05 2010 20:39

  • Zamknięty Temat jest zamknięty
7 odpowiedzi w tym temacie

#1 jezior

jezior

    Obserwator

  • 6 postów

Napisano 17 05 2010 - 20:39

podejrzenie wirusa


Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:03:39, on 2010-05-17

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Nowe Gadu-Gadu\gg.exe

C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\HIJACK\Trend Micro\HiJackThis\HiJackThis.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1708250

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll

R3 - URLSearchHook: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll

O2 - BHO: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\arek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll

O3 - Toolbar: Pasek &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll

O3 - Toolbar: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{97440697-6A07-4B75-B489-6EF2BC911181}: NameServer = 193.238.171.10,193.238.171.2

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe



--

End of file - 7577 bytes


Użytkownik Katarina edytował ten post 17 05 2010 - 20:51
Klej Ci sie na capslocka wylał ? //brak codebox -ktrn

  • 0

#2 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 17 05 2010 - 23:18

podejrzenie wirusa

Uściślij to: co i gdzie (ścieżka) wykrywa NOD?

Poza tym: log z Hijacka to był dobry kilka lat temu, teraz nadaje się tylko do pokazywania wnukom, jak to dawniej bywało.
Teraz podstawowym logiem jest log z >/OTL-t35212/
.

  • 0

#3 jezior

jezior

    Obserwator

  • 6 postów

Napisano 19 05 2010 - 22:27 

OTL logfile created on: 2010-05-19 22:19:10 - Run 1OTL by OldTimer - Version 3.2.5.0     Folder = C:\Documents and Settings\arek\Moje dokumenty\PobieranieWindows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.13)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 19,53 Gb Total Space | 10,69 Gb Free Space | 54,71% Space Free | Partition Type: NTFSDrive D: | 63,47 Gb Total Space | 42,68 Gb Free Space | 67,24% Space Free | Partition Type: NTFSDrive E: | 66,04 Gb Total Space | 55,35 Gb Free Space | 83,82% Space Free | Partition Type: NTFSF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: AREK-12260384B8Current User Name: arekLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard ========== Processes (SafeList) ========== PRC - [2010-05-19 22:18:49 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\arek\Moje dokumenty\Pobieranie\OTL.exePRC - [2010-05-19 21:30:37 | 000,949,376 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32kui.exePRC - [2010-05-19 21:30:37 | 000,552,064 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exePRC - [2010-05-18 19:58:38 | 000,182,272 | ---- | M] () -- C:\WINDOWS\Sviwub.exePRC - [2010-05-18 19:52:02 | 000,182,784 | ---- | M] () -- C:\Documents and Settings\arek\Ustawienia lokalne\Temp\Sdx.exePRC - [2010-04-04 20:57:49 | 000,570,880 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exePRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2004-09-29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe  ========== Modules (SafeList) ========== MOD - [2010-05-19 22:18:49 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\arek\Moje dokumenty\Pobieranie\OTL.exeMOD - [2008-04-14 22:46:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocxMOD - [2006-05-03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll  ========== Win32 Services (SafeList) ========== SRV - [2010-05-19 21:30:37 | 000,552,064 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn)SRV - [2010-05-18 19:51:55 | 000,218,112 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\sshnas21.dll -- (SSHNAS)SRV - [2010-04-04 20:57:49 | 000,570,880 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)SRV - [2004-09-29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)SRV - [2001-10-26 19:30:00 | 000,003,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (.EsetTrialReset)  ========== Driver Services (SafeList) ========== DRV - [2010-05-19 21:30:37 | 000,512,096 | ---- | M] (Eset ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)DRV - [2010-05-19 21:30:37 | 000,015,424 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv)DRV - [2010-04-08 07:12:47 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)DRV - [2010-02-20 11:48:11 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)DRV - [2010-02-11 09:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)DRV - [2008-05-02 08:48:55 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112)DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)DRV - [2007-08-07 11:40:38 | 000,098,944 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)DRV - [2007-07-18 13:26:04 | 004,547,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2007-06-13 17:47:12 | 000,048,256 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (Jraid)DRV - [2007-04-04 13:43:38 | 000,098,952 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716unic.sys -- (s716unic) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM)DRV - [2007-04-04 13:43:36 | 000,098,568 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716obex.sys -- (s716obex)DRV - [2007-04-04 13:43:36 | 000,023,176 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716nd5.sys -- (s716nd5) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS)DRV - [2007-04-04 13:43:34 | 000,108,552 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716mdm.sys -- (s716mdm)DRV - [2007-04-04 13:43:34 | 000,100,360 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716mgmt.sys -- (s716mgmt) Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM)DRV - [2007-04-04 13:43:32 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716mdfl.sys -- (s716mdfl)DRV - [2007-04-04 13:43:20 | 000,083,208 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716bus.sys -- (s716bus) Sony Ericsson Device 716 driver (WDM)DRV - [2006-07-24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)DRV - [2005-12-22 13:24:52 | 000,137,884 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)DRV - [2005-12-22 13:24:52 | 000,010,864 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)DRV - [2005-12-22 13:24:50 | 000,080,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)  ========== Standard Registry (SafeList) ==========  ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1708250IE - HKCU\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll (Conduit Ltd.)IE - HKCU\..\URLSearchHook: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng7 Customized Web Search"FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}"FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.5.8.6FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&q=" FF - HKLM\software\mozilla\Firefox\extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2010-04-04 20:58:22 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-05-18 20:04:00 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-05-01 20:04:19 | 000,000,000 | ---D | M] [2010-02-20 12:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\Mozilla\Extensions[2010-05-19 20:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\Mozilla\Firefox\Profiles\k16rlsym.default\extensions[2010-04-18 12:17:52 | 000,000,000 | ---D | M] (Softonic-Eng7 Toolbar) -- C:\Documents and Settings\arek\Dane aplikacji\Mozilla\Firefox\Profiles\k16rlsym.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}[2010-02-20 14:01:42 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\arek\Dane aplikacji\Mozilla\Firefox\Profiles\k16rlsym.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}[2010-04-18 12:18:06 | 000,000,000 | ---D | M] (Free Lunch Design Toolbar) -- C:\Documents and Settings\arek\Dane aplikacji\Mozilla\Firefox\Profiles\k16rlsym.default\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}[2010-03-16 11:33:24 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\arek\Dane aplikacji\Mozilla\Firefox\Profiles\k16rlsym.default\searchplugins\conduit.xml[2010-05-19 20:37:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions[2010-02-20 13:42:52 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}[2010-05-01 20:04:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}[2010-04-12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll[2010-02-20 18:41:07 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll[2010-03-24 19:36:33 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml[2007-07-26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml[2010-03-24 19:36:33 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml[2010-03-24 19:36:33 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml[2010-03-24 19:36:33 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml[2010-03-24 19:36:33 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml[2010-03-24 19:36:33 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2001-10-26 17:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1       localhostO2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll (Conduit Ltd.)O2 - BHO: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\arek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll (Conduit Ltd.)O3 - HKLM\..\Toolbar: (Pasek &Crawler) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)O3 - HKLM\..\Toolbar: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\tbSof1.dll (Conduit Ltd.)O3 - HKCU\..\Toolbar\WebBrowser: (Pasek &Crawler) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)O3 - HKCU\..\Toolbar\WebBrowser: (Free Lunch Design Toolbar) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [AT-Watch]  File not foundO4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()O4 - HKLM..\Run: [KernelFaultCheck]  File not foundO4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)O4 - HKCU..\Run: [M5T8QL3YW3] C:\Documents and Settings\arek\Ustawienia lokalne\Temp\Sdx.exe ()O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\imon.dll (Eset )O15 - HKCU\..Trusted Domains: windowsecurity.com ([www] https in Zaufane witryny)O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:HomeO24 - Desktop WallPaper: C:\Documents and Settings\arek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\arek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmpO32 - HKLM CDRom: AutoRun - 0O32 - AutoRun File - [2010-02-20 11:36:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *) -  File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010-05-19 21:31:02 | 000,512,096 | ---- | C] (Eset ) -- C:\WINDOWS\System32\drivers\amon.sys[2010-05-19 21:31:02 | 000,298,104 | ---- | C] (Eset ) -- C:\WINDOWS\System32\imon.dll[2010-05-19 21:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\Anti Trojan Elite[2010-05-19 20:10:36 | 000,000,000 | ---D | C] -- C:\Program Files\a-squared Anti-Malware[2010-05-19 20:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arek\Moje dokumenty\a-squared[2010-05-19 20:09:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arek\Pulpit\AnitiMalware[2010-05-18 21:16:46 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline[2010-05-17 20:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\HIJACK[2010-05-16 21:15:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Pulpit[2010-05-16 21:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\CDex150beta7[2010-05-09 19:35:33 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll[2010-05-09 19:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arek\Pulpit\SH2[2010-05-09 19:31:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump[2010-05-01 20:04:19 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll[2010-05-01 20:04:19 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe[2010-05-01 20:04:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe[2010-05-01 20:04:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe[2010-05-01 15:43:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Windows Genuine Advantage ========== Files - Modified Within 30 Days ========== [2010-05-19 22:19:04 | 000,000,244 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job[2010-05-19 22:05:31 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job[2010-05-19 21:32:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2010-05-19 21:32:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010-05-19 21:31:22 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\arek\NTUSER.DAT[2010-05-19 21:31:22 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\arek\ntuser.ini[2010-05-19 21:30:38 | 000,298,104 | ---- | M] (Eset ) -- C:\WINDOWS\System32\imon.dll[2010-05-19 21:30:37 | 000,512,096 | ---- | M] (Eset ) -- C:\WINDOWS\System32\drivers\amon.sys[2010-05-19 21:30:37 | 000,015,424 | ---- | M] () -- C:\WINDOWS\System32\drivers\nod32drv.sys[2010-05-19 21:22:17 | 001,114,126 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2010-05-19 21:22:17 | 000,500,302 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat[2010-05-19 21:22:17 | 000,441,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2010-05-19 21:22:17 | 000,088,838 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat[2010-05-19 21:22:17 | 000,071,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2010-05-19 21:12:16 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\arek\Pulpit\Anti Trojan Elite.lnk[2010-05-19 15:28:59 | 003,686,454 | ---- | M] () -- C:\Documents and Settings\arek\Pulpit\aaa.bmp[2010-05-18 22:21:04 | 000,000,209 | ---- | M] () -- C:\Documents and Settings\arek\Pulpit\How to check-set your IE settings.url[2010-05-18 21:05:08 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK[2010-05-18 20:11:08 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\imon1.dat[2010-05-18 19:58:38 | 000,182,272 | ---- | M] () -- C:\WINDOWS\Sviwub.exe[2010-05-18 19:51:58 | 000,182,272 | ---- | M] () -- C:\WINDOWS\Sviwua.exe[2010-05-18 19:51:55 | 000,218,112 | ---- | M] () -- C:\WINDOWS\System32\sshnas21.dll[2010-05-17 21:25:41 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\arek\Pulpit\HiJackThis.lnk[2010-05-16 21:31:04 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini[2010-05-16 21:04:03 | 000,005,930 | ---- | M] () -- C:\WINDOWS\CDex.INI[2010-05-16 19:47:25 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\arek\Pulpit\SCDA_PL.tga[2010-05-16 18:28:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt[2010-05-16 16:07:43 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\arek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010-05-10 19:29:36 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk[2010-05-09 19:35:33 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll[2010-05-09 15:52:15 | 000,002,281 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\DDS Converter 2.lnk[2010-05-06 09:23:44 | 000,265,613 | ---- | M] () -- C:\Documents and Settings\arek\Moje dokumenty\Zdjęcie003.jpg[2010-05-04 10:01:32 | 000,012,701 | -HS- | M] () -- C:\Documents and Settings\arek\Moje dokumenty\Folder.jpg[2010-05-04 10:01:32 | 000,012,701 | -HS- | M] () -- C:\Documents and Settings\arek\Moje dokumenty\AlbumArt_{6367C771-4E8D-4058-992E-0FD544C87A45}_Large.jpg[2010-05-04 10:01:32 | 000,003,104 | -HS- | M] () -- C:\Documents and Settings\arek\Moje dokumenty\AlbumArtSmall.jpg[2010-05-04 10:01:32 | 000,003,104 | -HS- | M] () -- C:\Documents and Settings\arek\Moje dokumenty\AlbumArt_{6367C771-4E8D-4058-992E-0FD544C87A45}_Small.jpg[2010-05-01 15:43:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2010-04-21 20:37:19 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\arek\Pulpit\MoorHunt.lnk ========== Files Created - No Company Name ========== [2010-05-19 21:31:02 | 000,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys[2010-05-19 21:12:16 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\arek\Pulpit\Anti Trojan Elite.lnk[2010-05-19 15:28:59 | 003,686,454 | ---- | C] () -- C:\Documents and Settings\arek\Pulpit\aaa.bmp[2010-05-18 22:21:04 | 000,000,209 | ---- | C] () -- C:\Documents and Settings\arek\Pulpit\How to check-set your IE settings.url[2010-05-18 20:12:06 | 000,182,272 | ---- | C] () -- C:\WINDOWS\Sviwub.exe[2010-05-18 20:11:08 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat[2010-05-18 19:52:04 | 000,000,278 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job[2010-05-18 19:52:02 | 000,182,272 | ---- | C] () -- C:\WINDOWS\Sviwua.exe[2010-05-18 19:52:00 | 000,000,244 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job[2010-05-18 19:51:55 | 000,218,112 | ---- | C] () -- C:\WINDOWS\System32\sshnas21.dll[2010-05-17 20:03:07 | 000,002,527 | ---- | C] () -- C:\Documents and Settings\arek\Pulpit\HiJackThis.lnk[2010-05-16 20:57:14 | 000,005,930 | ---- | C] () -- C:\WINDOWS\CDex.INI[2010-05-16 19:47:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\arek\Pulpit\SCDA_PL.tga[2010-05-06 09:23:07 | 000,265,613 | ---- | C] () -- C:\Documents and Settings\arek\Moje dokumenty\Zdjęcie003.jpg[2010-05-04 10:01:32 | 000,012,701 | -HS- | C] () -- C:\Documents and Settings\arek\Moje dokumenty\Folder.jpg[2010-05-04 10:01:32 | 000,012,701 | -HS- | C] () -- C:\Documents and Settings\arek\Moje dokumenty\AlbumArt_{6367C771-4E8D-4058-992E-0FD544C87A45}_Large.jpg[2010-05-04 10:01:32 | 000,003,104 | -HS- | C] () -- C:\Documents and Settings\arek\Moje dokumenty\AlbumArtSmall.jpg[2010-05-04 10:01:32 | 000,003,104 | -HS- | C] () -- C:\Documents and Settings\arek\Moje dokumenty\AlbumArt_{6367C771-4E8D-4058-992E-0FD544C87A45}_Small.jpg[2010-04-08 07:12:47 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys[2010-04-04 20:57:49 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys[2010-03-14 19:37:15 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys[2010-02-21 17:05:31 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI[2010-02-20 19:56:30 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini[2010-02-20 14:28:56 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll[2010-02-20 14:28:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini[2010-02-20 14:28:49 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll[2010-02-20 14:28:49 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll[2010-02-20 14:28:44 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll[2010-02-20 14:28:44 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest[2010-02-20 14:19:57 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll[2010-02-20 12:06:43 | 000,000,101 | ---- | C] () -- C:\WINDOWS\VSWizard.ini[2010-02-20 11:57:13 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll[2008-05-03 09:24:01 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini[2000-09-12 12:58:26 | 000,160,256 | ---- | C] () -- C:\WINDOWS\System32\ShrLk21.dll< End of report >
[mod]Używaj codebox do logów[/mod]

Użytkownik Katarina edytował ten post 20 05 2010 - 00:41

  • 0

#4 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 20 05 2010 - 00:00

Jest SSHNAS.
Uruchom OTL i w oknie Custom Scans/Fixes wklej to:

:OTL
NetSvcs: SSHNAS - C:\WINDOWS\system32\sshnas21.dll ()
SRV - [2010-05-18 19:51:55 | 000,218,112 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\sshnas21.dll -- (SSHNAS)
O4 - HKLM..\Run: [AT-Watch] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKCU..\Run: [M5T8QL3YW3] C:\Documents and Settings\arek\Ustawienia lokalne\Temp\Sdx.exe ()
[2010-05-19 22:19:04 | 000,000,244 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010-05-19 22:05:31 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010-05-18 19:58:38 | 000,182,272 | ---- | M] () -- C:\WINDOWS\Sviwub.exe
[2010-05-18 19:51:58 | 000,182,272 | ---- | M] () -- C:\WINDOWS\Sviwua.exe
[2010-05-18 19:51:55 | 000,218,112 | ---- | M] () -- C:\WINDOWS\System32\sshnas21.dll
[2010-05-18 19:52:04 | 000,000,278 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010-05-18 19:52:02 | 000,182,272 | ---- | C] () -- C:\WINDOWS\Sviwua.exe
[2010-05-18 19:52:00 | 000,000,244 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010-05-18 19:51:55 | 000,218,112 | ---- | C] () -- C:\WINDOWS\System32\sshnas21.dll

:Services
SSHNAS

:Commands
[emptytemp]
[resethosts]
[Reboot]

Kliknij w Run Fix. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij "Run Scan".
Pokaż nowy log OTL.txt oraz raport z usuwania.
.
  • 0

#5 jezior

jezior

    Obserwator

  • 6 postów

Napisano 20 05 2010 - 20:34

oto nowy log
OTL logfile created on: 2010-05-20 20:13:34 - Run 2OTL by OldTimer - Version 3.2.5.0     Folder = C:\Documents and Settings\arek\Moje dokumenty\PobieranieWindows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.13)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 19,53 Gb Total Space | 10,83 Gb Free Space | 55,44% Space Free | Partition Type: NTFSDrive D: | 63,47 Gb Total Space | 42,69 Gb Free Space | 67,25% Space Free | Partition Type: NTFSDrive E: | 66,04 Gb Total Space | 55,35 Gb Free Space | 83,82% Space Free | Partition Type: NTFSF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: AREK-12260384B8Current User Name: arekLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard ========== Processes (SafeList) ========== PRC - [2010-05-19 22:18:49 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\arek\Moje dokumenty\Pobieranie\OTL.exePRC - [2010-05-19 21:30:37 | 000,949,376 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32kui.exePRC - [2010-05-19 21:30:37 | 000,552,064 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exePRC - [2010-04-04 20:57:49 | 000,570,880 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exePRC - [2010-04-03 09:55:48 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exePRC - [2010-02-20 18:41:18 | 002,937,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exePRC - [2009-11-24 12:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exePRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2004-09-29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe  ========== Modules (SafeList) ========== MOD - [2010-05-19 22:18:49 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\arek\Moje dokumenty\Pobieranie\OTL.exeMOD - [2008-04-14 22:46:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocxMOD - [2006-05-03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll  ========== Win32 Services (SafeList) ========== SRV - [2010-05-19 21:30:37 | 000,552,064 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn)SRV - [2010-04-04 20:57:49 | 000,570,880 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)SRV - [2004-09-29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)SRV - [2001-10-26 19:30:00 | 000,003,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (.EsetTrialReset)  ========== Driver Services (SafeList) ========== DRV - [2010-05-19 21:30:37 | 000,512,096 | ---- | M] (Eset ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)DRV - [2010-05-19 21:30:37 | 000,015,424 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv)DRV - [2010-04-08 07:12:47 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)DRV - [2010-02-20 11:48:11 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)DRV - [2010-02-11 09:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)DRV - [2008-05-02 08:48:55 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112)DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)DRV - [2007-08-07 11:40:38 | 000,098,944 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)DRV - [2007-07-18 13:26:04 | 004,547,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2007-06-13 17:47:12 | 000,048,256 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (Jraid)DRV - [2007-04-04 13:43:38 | 000,098,952 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716unic.sys -- (s716unic) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM)DRV - [2007-04-04 13:43:36 | 000,098,568 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716obex.sys -- (s716obex)DRV - [2007-04-04 13:43:36 | 000,023,176 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716nd5.sys -- (s716nd5) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS)DRV - [2007-04-04 13:43:34 | 000,108,552 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716mdm.sys -- (s716mdm)DRV - [2007-04-04 13:43:34 | 000,100,360 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716mgmt.sys -- (s716mgmt) Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM)DRV - [2007-04-04 13:43:32 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716mdfl.sys -- (s716mdfl)DRV - [2007-04-04 13:43:20 | 000,083,208 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716bus.sys -- (s716bus) Sony Ericsson Device 716 driver (WDM)DRV - [2006-07-24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)DRV - [2005-12-22 13:24:52 | 000,137,884 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)DRV - [2005-12-22 13:24:52 | 000,010,864 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)DRV - [2005-12-22 13:24:50 | 000,080,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)  ========== Standard Registry (SafeList) ==========  ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1708250IE - HKCU\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll (Conduit Ltd.)IE - HKCU\..\URLSearchHook: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng7 Customized Web Search"FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}"FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.5.8.6FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&q=" FF - HKLM\software\mozilla\Firefox\extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2010-04-04 20:58:22 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-05-18 20:04:00 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-05-01 20:04:19 | 000,000,000 | ---D | M] [2010-02-20 12:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\Mozilla\Extensions[2010-05-19 20:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\Mozilla\Firefox\Profiles\k16rlsym.default\extensions[2010-04-18 12:17:52 | 000,000,000 | ---D | M] (Softonic-Eng7 Toolbar) -- C:\Documents and Settings\arek\Dane aplikacji\Mozilla\Firefox\Profiles\k16rlsym.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}[2010-02-20 14:01:42 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\arek\Dane aplikacji\Mozilla\Firefox\Profiles\k16rlsym.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}[2010-04-18 12:18:06 | 000,000,000 | ---D | M] (Free Lunch Design Toolbar) -- C:\Documents and Settings\arek\Dane aplikacji\Mozilla\Firefox\Profiles\k16rlsym.default\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}[2010-03-16 11:33:24 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\arek\Dane aplikacji\Mozilla\Firefox\Profiles\k16rlsym.default\searchplugins\conduit.xml[2010-05-19 20:37:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions[2010-02-20 13:42:52 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}[2010-05-01 20:04:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}[2010-04-12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll[2010-02-20 18:41:07 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll[2010-03-24 19:36:33 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml[2007-07-26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml[2010-03-24 19:36:33 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml[2010-03-24 19:36:33 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml[2010-03-24 19:36:33 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml[2010-03-24 19:36:33 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml[2010-03-24 19:36:33 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-05-20 20:07:08 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HostsO1 - Hosts: 127.0.0.1       localhostO1 - Hosts: ::1       localhostO2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll (Conduit Ltd.)O2 - BHO: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\arek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll (Conduit Ltd.)O3 - HKLM\..\Toolbar: (Pasek &Crawler) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)O3 - HKLM\..\Toolbar: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\tbSof1.dll (Conduit Ltd.)O3 - HKCU\..\Toolbar\WebBrowser: (Pasek &Crawler) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)O3 - HKCU\..\Toolbar\WebBrowser: (Free Lunch Design Toolbar) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\imon.dll (Eset )O15 - HKCU\..Trusted Domains: windowsecurity.com ([www] https in Zaufane witryny)O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:HomeO24 - Desktop WallPaper: C:\Documents and Settings\arek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\arek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmpO32 - HKLM CDRom: AutoRun - 0O32 - AutoRun File - [2010-02-20 11:36:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *) -  File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010-05-20 20:03:59 | 000,000,000 | ---D | C] -- C:\_OTL[2010-05-19 21:31:02 | 000,512,096 | ---- | C] (Eset ) -- C:\WINDOWS\System32\drivers\amon.sys[2010-05-19 21:31:02 | 000,298,104 | ---- | C] (Eset ) -- C:\WINDOWS\System32\imon.dll[2010-05-19 21:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\Anti Trojan Elite[2010-05-19 20:10:36 | 000,000,000 | ---D | C] -- C:\Program Files\a-squared Anti-Malware[2010-05-19 20:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arek\Moje dokumenty\a-squared[2010-05-19 20:09:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arek\Pulpit\AnitiMalware[2010-05-18 21:16:46 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline[2010-05-17 20:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\HIJACK[2010-05-16 21:15:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Pulpit[2010-05-16 21:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\CDex150beta7[2010-05-09 19:35:33 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll[2010-05-09 19:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arek\Pulpit\SH2[2010-05-09 19:31:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump[2010-05-01 20:04:19 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll[2010-05-01 20:04:19 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe[2010-05-01 20:04:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe[2010-05-01 20:04:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe[2010-05-01 15:43:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Windows Genuine Advantage ========== Files - Modified Within 30 Days ========== [2010-05-20 20:08:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2010-05-20 20:08:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010-05-20 20:07:20 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\arek\NTUSER.DAT[2010-05-20 20:07:20 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\arek\ntuser.ini[2010-05-20 20:07:08 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts[2010-05-19 21:30:38 | 000,298,104 | ---- | M] (Eset ) -- C:\WINDOWS\System32\imon.dll[2010-05-19 21:30:37 | 000,512,096 | ---- | M] (Eset ) -- C:\WINDOWS\System32\drivers\amon.sys[2010-05-19 21:30:37 | 000,015,424 | ---- | M] () -- C:\WINDOWS\System32\drivers\nod32drv.sys[2010-05-19 21:22:17 | 001,114,126 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2010-05-19 21:22:17 | 000,500,302 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat[2010-05-19 21:22:17 | 000,441,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2010-05-19 21:22:17 | 000,088,838 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat[2010-05-19 21:22:17 | 000,071,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2010-05-19 21:12:16 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\arek\Pulpit\Anti Trojan Elite.lnk[2010-05-19 15:28:59 | 003,686,454 | ---- | M] () -- C:\Documents and Settings\arek\Pulpit\aaa.bmp[2010-05-18 22:21:04 | 000,000,209 | ---- | M] () -- C:\Documents and Settings\arek\Pulpit\How to check-set your IE settings.url[2010-05-18 21:05:08 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK[2010-05-18 20:11:08 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\imon1.dat[2010-05-17 21:25:41 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\arek\Pulpit\HiJackThis.lnk[2010-05-16 21:31:04 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini[2010-05-16 21:04:03 | 000,005,930 | ---- | M] () -- C:\WINDOWS\CDex.INI[2010-05-16 19:47:25 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\arek\Pulpit\SCDA_PL.tga[2010-05-16 18:28:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt[2010-05-16 16:07:43 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\arek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010-05-10 19:29:36 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk[2010-05-09 19:35:33 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll[2010-05-09 15:52:15 | 000,002,281 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\DDS Converter 2.lnk[2010-05-06 09:23:44 | 000,265,613 | ---- | M] () -- C:\Documents and Settings\arek\Moje dokumenty\Zdjęcie003.jpg[2010-05-04 10:01:32 | 000,012,701 | -HS- | M] () -- C:\Documents and Settings\arek\Moje dokumenty\Folder.jpg[2010-05-04 10:01:32 | 000,012,701 | -HS- | M] () -- C:\Documents and Settings\arek\Moje dokumenty\AlbumArt_{6367C771-4E8D-4058-992E-0FD544C87A45}_Large.jpg[2010-05-04 10:01:32 | 000,003,104 | -HS- | M] () -- C:\Documents and Settings\arek\Moje dokumenty\AlbumArtSmall.jpg[2010-05-04 10:01:32 | 000,003,104 | -HS- | M] () -- C:\Documents and Settings\arek\Moje dokumenty\AlbumArt_{6367C771-4E8D-4058-992E-0FD544C87A45}_Small.jpg[2010-05-01 15:43:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2010-04-21 20:37:19 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\arek\Pulpit\MoorHunt.lnk ========== Files Created - No Company Name ========== [2010-05-19 21:31:02 | 000,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys[2010-05-19 21:12:16 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\arek\Pulpit\Anti Trojan Elite.lnk[2010-05-19 15:28:59 | 003,686,454 | ---- | C] () -- C:\Documents and Settings\arek\Pulpit\aaa.bmp[2010-05-18 22:21:04 | 000,000,209 | ---- | C] () -- C:\Documents and Settings\arek\Pulpit\How to check-set your IE settings.url[2010-05-18 20:11:08 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat[2010-05-17 20:03:07 | 000,002,527 | ---- | C] () -- C:\Documents and Settings\arek\Pulpit\HiJackThis.lnk[2010-05-16 20:57:14 | 000,005,930 | ---- | C] () -- C:\WINDOWS\CDex.INI[2010-05-16 19:47:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\arek\Pulpit\SCDA_PL.tga[2010-05-06 09:23:07 | 000,265,613 | ---- | C] () -- C:\Documents and Settings\arek\Moje dokumenty\Zdjęcie003.jpg[2010-05-04 10:01:32 | 000,012,701 | -HS- | C] () -- C:\Documents and Settings\arek\Moje dokumenty\Folder.jpg[2010-05-04 10:01:32 | 000,012,701 | -HS- | C] () -- C:\Documents and Settings\arek\Moje dokumenty\AlbumArt_{6367C771-4E8D-4058-992E-0FD544C87A45}_Large.jpg[2010-05-04 10:01:32 | 000,003,104 | -HS- | C] () -- C:\Documents and Settings\arek\Moje dokumenty\AlbumArtSmall.jpg[2010-05-04 10:01:32 | 000,003,104 | -HS- | C] () -- C:\Documents and Settings\arek\Moje dokumenty\AlbumArt_{6367C771-4E8D-4058-992E-0FD544C87A45}_Small.jpg[2010-04-08 07:12:47 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys[2010-04-04 20:57:49 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys[2010-03-14 19:37:15 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys[2010-02-21 17:05:31 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI[2010-02-20 19:56:30 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini[2010-02-20 14:28:56 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll[2010-02-20 14:28:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini[2010-02-20 14:28:49 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll[2010-02-20 14:28:49 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll[2010-02-20 14:28:44 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll[2010-02-20 14:28:44 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest[2010-02-20 14:19:57 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll[2010-02-20 12:06:43 | 000,000,101 | ---- | C] () -- C:\WINDOWS\VSWizard.ini[2010-02-20 11:57:13 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll[2008-05-03 09:24:01 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini[2000-09-12 12:58:26 | 000,160,256 | ---- | C] () -- C:\WINDOWS\System32\ShrLk21.dll< End of report >

a to raport
All processes killed========== OTL ==========SSHNAS removed from NetSvcs value successfully!Error: Unable to stop service SSHNAS!Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSHNAS deleted successfully.C:\WINDOWS\system32\sshnas21.dll moved successfully.Error: Unable to stop service SSHNAS!Service\Driver key SSHNAS not found.File C:\WINDOWS\system32\sshnas21.dll not found.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AT-Watch deleted successfully.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\M5T8QL3YW3 deleted successfully.C:\Documents and Settings\arek\Ustawienia lokalne\Temp\Sdx.exe moved successfully.C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job moved successfully.C:\WINDOWS\Sviwub.exe moved successfully.C:\WINDOWS\Sviwua.exe moved successfully.File C:\WINDOWS\System32\sshnas21.dll not found.File C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job not found.File C:\WINDOWS\Sviwua.exe not found.File C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job not found.File C:\WINDOWS\System32\sshnas21.dll not found.========== SERVICES/DRIVERS ==========Error: Unable to stop service SSHNAS!Service\Driver key SSHNAS not found.========== COMMANDS ========== [EMPTYTEMP] User: All Users User: arek->Temp folder emptied: 10143023 bytes->Temporary Internet Files folder emptied: 71545458 bytes->Java cache emptied: 1570856 bytes->FireFox cache emptied: 91460359 bytes->Flash cache emptied: 13989 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytes User: LocalService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32\dllcache .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 17840 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 167,00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.HOSTS file reset successfully OTL by OldTimer - Version 3.2.5.0 log created on 05202010_200359Files\Folders moved on Reboot...C:\Documents and Settings\arek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\S94PD0OT\0f107703-27b9-4e72-af16-8bb6243067a6[2].htm moved successfully.C:\Documents and Settings\arek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\S94PD0OT\st[1] moved successfully.C:\Documents and Settings\arek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\MXXZGF5X\0f107703-27b9-4e72-af16-8bb6243067a6[1].htm moved successfully.C:\Documents and Settings\arek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\MXXZGF5X\excellentsearching_com[1].htm moved successfully.C:\Documents and Settings\arek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\2YAF69PA\excellentsearching_com[1].htm moved successfully.C:\Documents and Settings\arek\Ustawienia lokalne\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.Registry entries deleted on Reboot...

  • 0

#6 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 20 05 2010 - 20:42

W nowym logu nie widzę już infekcji.
Ale użyj jeszcze >>MBAM
Coś wykryje, niech usuwa, a raport dasz tu.

.
  • 0

#7 jezior

jezior

    Obserwator

  • 6 postów

Napisano 20 05 2010 - 21:17

trochę się przeraziłem było tego sporo zamieszczam log

Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org  Wersja bazy: 4121  Windows 5.1.2600 Dodatek Service Pack 3 Internet Explorer 7.0.5730.13  2010-05-20 21:09:46 mbam-log-2010-05-20 (21-09-46).txt  Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|) Przeskanowano obiektów: 203884 Upłynęło: 19 minut(y), 37 sekund(y)  Zainfekowanych procesów w pamięci: 0 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 4 Zainfekowanych wartości rejestru: 0 Zainfekowane informacje rejestru systemowego: 0 Zainfekowanych folderów: 0 Zainfekowanych plików: 13  Zainfekowanych procesów w pamięci: (Nie znaleziono zagrożeń)  Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń)  Zainfekowanych kluczy rejestru: HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.  Zainfekowanych wartości rejestru: (Nie znaleziono zagrożeń)  Zainfekowane informacje rejestru systemowego: (Nie znaleziono zagrożeń)  Zainfekowanych folderów: (Nie znaleziono zagrożeń)  Zainfekowanych plików: C:\Program Files\Anti Trojan Elite\MSVCRTD.DLL (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8E92A23-F60A-4C29-A574-BEE55B51F032}\RP30\A0010240.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8E92A23-F60A-4C29-A574-BEE55B51F032}\RP30\A0010242.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8E92A23-F60A-4C29-A574-BEE55B51F032}\RP36\A0016140.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8E92A23-F60A-4C29-A574-BEE55B51F032}\RP51\A0033566.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8E92A23-F60A-4C29-A574-BEE55B51F032}\RP52\A0036034.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8E92A23-F60A-4C29-A574-BEE55B51F032}\RP53\A0036273.DLL (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8E92A23-F60A-4C29-A574-BEE55B51F032}\RP53\A0036320.DLL (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8E92A23-F60A-4C29-A574-BEE55B51F032}\RP53\A0040369.DLL (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\WINDOWS\system32\madCHook.dll (MadCodeHook) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{B8E92A23-F60A-4C29-A574-BEE55B51F032}\RP32\A0011629.exe (Backdoor.Bot) -> Quarantined and deleted successfully. E:\System Volume Information\_restore{D4C6726E-0076-4FBB-A547-2592785CDBBE}\RP141\A0101624.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. E:\System Volume Information\_restore{D4C6726E-0076-4FBB-A547-2592785CDBBE}\RP145\A0105175.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.


[mod]Jeżeli nie możesz sobie poradzić z tymi logami, to poczekaj na reakcję moderatorów i nie zakładaj od razu kolejnych tematów B) może masz po prostu chwilowe problemy[/mod]

Użytkownik Katarina edytował ten post 20 05 2010 - 22:21

  • 0

#8 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 20 05 2010 - 21:32

A więc warto było użyć MBAM.
Myślę, że teraz jest już czysto.
.

  • 0
Wróć do Bezpieczeństwo (wirusy i trojany)


Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych

  1. Forum Komputerowe Tweaks.pl
  2. Oprogramowanie
  3. Bezpieczeństwo (wirusy i trojany)
  4. Polityka prywatności
  5. Szukaj
  6. Regulamin Forum ·