Wykryto wyłączony javascript

Aktualnie masz wyłączony javascript. Kilka funkcji może nie działać. Włącz ponownie javascript, aby korzystać z pełnej funkcjonalności.

Logi - Usunięcie trojana

Rozpoczęty przez kubax7 , 11 09 2008 18:49

Temat jest zamknięty

5 odpowiedzi w tym temacie

#1 kubax7

Nowy

3 postów

Napisano 11 09 2008 - 18:49

Witam możecie sprawdzić co z moim logiem z hijackthis ??? Mam taki problem zeskanowałem tym programem i wyskoczyło mi chyba dużo błędów bo się na tym ie znam dam screen z tych błędów i loga . Aha i mam jeszcze prośbę możecie mi powiedzieć czy wszystko jest oki z moimi procesami w menadżerze zadań też daje screena

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:46:31, on 2008-09-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\vVX3000.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GIGABYTE\GEST\GSvr.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\HoverSnap\HoverSnap.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.interia.pl/"]http://www.interia.pl/[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DriverCD] D:\Run.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NOD32 FiX.lnk = C:\WINDOWS\system32\regedt32.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{A971F8CE-139A-4092-A70F-7BE854C2FC1B}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 5581 bytes

I menedżer

I jak co powiecie na to ???

0

Do góry

#2 db45

Emerytura

945 postów

Napisano 11 09 2008 - 19:10

FIX

O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)

Tak ogólnie to czysto. Daj logi z Combofixa.

0

Do góry

#3 kubax7

Nowy

3 postów

Napisano 11 09 2008 - 20:22

Mam tego LOGA

ComboFix 08-09-10.04 - Jakub 2008-09-11 20:18:08.1 - NTFSx86
Uruchomiony z: E:\Pliki z internetu\ComboFix.exe
 * Resident AV is active


[color="red"][b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA [img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img][/b][/color]
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-08-11 do 2008-09-11  )))))))))))))))))))))))))))))))
.

2008-09-11 18:37 . 2008-09-11 18:37	<DIR>	d--------	C:\Program Files\Trend Micro
2008-09-11 17:28 . 2008-09-11 17:28	<DIR>	d--------	C:\Program Files\Common Files\Sonic Shared
2008-09-11 17:19 . 2008-09-11 17:26	<DIR>	d--------	C:\Program Files\HP
2008-09-11 17:18 . 2008-09-11 17:29	81,111	--a------	C:\WINDOWS\hpfins05.dat
2008-09-11 17:18 . 2005-05-27 16:18	1,547	---------	C:\WINDOWS\hpfmdl05.dat
2008-09-11 16:50 . 2008-09-11 17:27	<DIR>	d--------	C:\Program Files\Common Files\HP
2008-09-11 16:19 . 2008-09-11 20:19	<DIR>	d--h-----	C:\Documents and Settings\Michalina\Ustawienia lokalne
2008-09-11 16:19 . 2008-09-11 16:19	<DIR>	dr-------	C:\Documents and Settings\Michalina\Ulubione
2008-09-11 16:19 . 2007-01-13 13:55	<DIR>	d--h-----	C:\Documents and Settings\Michalina\Szablony
2008-09-11 16:19 . 2008-09-11 19:07	<DIR>	d--------	C:\Documents and Settings\Michalina\Pulpit
2008-09-11 16:19 . 2008-09-11 19:03	<DIR>	dr-------	C:\Documents and Settings\Michalina\Moje dokumenty
2008-09-11 16:19 . 2007-01-13 14:48	<DIR>	dr-------	C:\Documents and Settings\Michalina\Menu Start
2008-09-11 16:19 . 2008-09-11 16:19	<DIR>	dr-h-----	C:\Documents and Settings\Michalina\Dane aplikacji
2008-09-11 16:19 . 2008-09-11 16:19	<DIR>	d--------	C:\Documents and Settings\Michalina
2008-09-11 16:11 . 2008-09-11 16:11	<DIR>	d--------	C:\Program Files\ACD Systems
2008-09-11 10:10 . 2008-09-11 10:10	<DIR>	d--------	C:\Program Files\Alcohol Soft
2008-09-11 09:42 . 2008-09-11 09:42	<DIR>	d--------	C:\Program Files\TweakNow RegCleaner Std
2008-09-11 08:53 . 2008-09-11 08:54	<DIR>	d--------	C:\Program Files\Spybot - Search & Destroy
2008-09-11 08:48 . 2008-09-11 08:55	1,207	--a------	C:\WINDOWS\unins000.dat
2008-09-11 04:12 . 2008-01-03 16:10	105,856	-ra------	C:\WINDOWS\system32\drivers\Rtenicxp.sys
2008-09-11 04:04 . 2008-09-11 04:04	<DIR>	d--------	C:\Program Files\Intel
2008-09-11 04:04 . 2007-12-12 09:56	53,248	-ra------	C:\WINDOWS\system32\CSVer.dll
2008-09-11 04:04 . 2004-08-03 23:08	20,480	--a------	C:\WINDOWS\system32\drivers\usbuhci.sys
2008-09-11 04:04 . 2004-08-03 23:08	20,480	--a--c---	C:\WINDOWS\system32\dllcache\usbuhci.sys
2008-09-11 04:03 . 2008-09-11 04:03	<DIR>	d--------	C:\Program Files\GIGABYTE
2008-09-11 04:03 . 2008-09-11 04:03	<DIR>	d--------	C:\Intel
2008-09-11 04:02 . 2008-09-11 20:19	16,608	--a------	C:\WINDOWS\gdrv.sys
2008-09-10 23:15 . 2006-10-26 19:56	32,592	--a------	C:\WINDOWS\system32\msonpmon.dll
2008-09-10 23:14 . 2008-09-10 23:14	<DIR>	d--------	C:\Program Files\MSBuild
2008-09-10 23:14 . 2008-09-10 23:14	<DIR>	d--------	C:\Program Files\Microsoft Works
2008-09-10 23:12 . 2008-09-10 23:12	<DIR>	d--------	C:\Program Files\Microsoft.NET
2008-09-10 23:11 . 2008-09-10 23:11	<DIR>	d--------	C:\Program Files\Microsoft Visual Studio 8
2008-09-10 23:10 . 2008-09-10 23:11	<DIR>	d--------	C:\WINDOWS\SHELLNEW
2008-09-10 23:10 . 2008-09-10 23:10	<DIR>	dr-h-----	C:\MSOCache
2008-09-10 23:10 . 2008-09-10 23:15	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-09-10 22:57 . 2007-10-11 11:10	30,008	--a------	C:\WINDOWS\system32\drivers\ET5Drv.sys
2008-09-10 22:36 . 2008-09-10 22:36	<DIR>	d--------	C:\WINDOWS\OPTIONS
2008-09-10 22:35 . 2008-09-10 22:35	<DIR>	d--------	C:\Documents and Settings\Jakub\Dane aplikacji\InstallShield
2008-09-10 22:33 . 2008-09-10 22:33	<DIR>	d--------	C:\WINDOWS\system32\RTCOM
2008-09-10 22:33 . 2007-11-14 09:18	553	-r-------	C:\WINDOWS\USetup.iss
2008-09-10 22:32 . 2008-09-10 22:36	<DIR>	d--------	C:\Program Files\Realtek
2008-09-03 15:06 . 2006-11-30 15:14	97,088	-ra------	C:\WINDOWS\system32\drivers\se45mdm.sys
2008-09-03 15:04 . 2008-09-03 15:04	<DIR>	d--------	C:\Documents and Settings\Jakub\Dane aplikacji\Sony Ericsson
2008-08-29 20:56 . 2008-08-29 20:59	<DIR>	d--------	C:\Program Files\uTorrent
2008-08-29 20:56 . 2008-09-11 16:54	<DIR>	d--------	C:\Documents and Settings\Jakub\Dane aplikacji\uTorrent
2008-08-25 09:44 . 2008-08-25 09:44	<DIR>	d--------	C:\Documents and Settings\Jakub\Dane aplikacji\DAEMON Tools
2008-08-24 12:25 . 2008-08-24 12:25	<DIR>	d--------	C:\Program Files\AskSBar
2008-08-24 12:25 . 2008-08-24 12:25	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Azureus
2008-08-24 11:28 . 2008-08-29 20:09	<DIR>	d--------	C:\Documents and Settings\Jakub\Dane aplikacji\BitTorrent

a w tym hijackthis mogę usunąć te wpisy co mi wyskakują po zeskanowaniu hijackthisem vzy nie ??

0

Do góry

#4 wncvirus

Leń !

851 postów

Napisano 11 09 2008 - 20:28

Daj całego loga combofix'a.

0

Do góry

#5 db45

Emerytura

945 postów

Napisano 11 09 2008 - 20:29

Daj Do a System Scan and Save Logfile, i po tym będziesz miał w programie w oknie pokazany log. Zaznacz plik, który podałem i naciśnij Fix Checked.

Log z Cfx ucięty, wklej cały.

@wnc szybszy

0

Do góry

#6 kubax7

Nowy

3 postów

Napisano 11 09 2008 - 20:46

Chyba teraz jest dobry log

ComboFix 08-09-10.04 - Jakub 2008-09-11 20:42:16.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1650 [GMT 2:00]
Uruchomiony z: E:\Pliki z internetu\ComboFix.exe
 * Resident AV is active


[color="red"][b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA [img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img][/b][/color]
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-08-11 do 2008-09-11  )))))))))))))))))))))))))))))))
.

2008-09-11 18:37 . 2008-09-11 18:37	<DIR>	d--------	C:\Program Files\Trend Micro
2008-09-11 17:28 . 2008-09-11 17:28	<DIR>	d--------	C:\Program Files\Common Files\Sonic Shared
2008-09-11 17:19 . 2008-09-11 17:26	<DIR>	d--------	C:\Program Files\HP
2008-09-11 17:18 . 2008-09-11 17:29	81,111	--a------	C:\WINDOWS\hpfins05.dat
2008-09-11 17:18 . 2005-05-27 16:18	1,547	---------	C:\WINDOWS\hpfmdl05.dat
2008-09-11 16:50 . 2008-09-11 17:27	<DIR>	d--------	C:\Program Files\Common Files\HP
2008-09-11 16:19 . 2008-09-11 20:43	<DIR>	d--h-----	C:\Documents and Settings\Michalina\Ustawienia lokalne
2008-09-11 16:19 . 2008-09-11 16:19	<DIR>	dr-------	C:\Documents and Settings\Michalina\Ulubione
2008-09-11 16:19 . 2007-01-13 13:55	<DIR>	d--h-----	C:\Documents and Settings\Michalina\Szablony
2008-09-11 16:19 . 2008-09-11 19:07	<DIR>	d--------	C:\Documents and Settings\Michalina\Pulpit
2008-09-11 16:19 . 2008-09-11 19:03	<DIR>	dr-------	C:\Documents and Settings\Michalina\Moje dokumenty
2008-09-11 16:19 . 2007-01-13 14:48	<DIR>	dr-------	C:\Documents and Settings\Michalina\Menu Start
2008-09-11 16:19 . 2008-09-11 16:19	<DIR>	dr-h-----	C:\Documents and Settings\Michalina\Dane aplikacji
2008-09-11 16:19 . 2008-09-11 16:19	<DIR>	d--------	C:\Documents and Settings\Michalina
2008-09-11 16:11 . 2008-09-11 16:11	<DIR>	d--------	C:\Program Files\ACD Systems
2008-09-11 10:10 . 2008-09-11 10:10	<DIR>	d--------	C:\Program Files\Alcohol Soft
2008-09-11 09:42 . 2008-09-11 09:42	<DIR>	d--------	C:\Program Files\TweakNow RegCleaner Std
2008-09-11 08:53 . 2008-09-11 08:54	<DIR>	d--------	C:\Program Files\Spybot - Search & Destroy
2008-09-11 04:12 . 2008-01-03 16:10	105,856	-ra------	C:\WINDOWS\system32\drivers\Rtenicxp.sys
2008-09-11 04:04 . 2008-09-11 04:04	<DIR>	d--------	C:\Program Files\Intel
2008-09-11 04:04 . 2007-12-12 09:56	53,248	-ra------	C:\WINDOWS\system32\CSVer.dll
2008-09-11 04:04 . 2004-08-03 23:08	20,480	--a------	C:\WINDOWS\system32\drivers\usbuhci.sys
2008-09-11 04:04 . 2004-08-03 23:08	20,480	--a--c---	C:\WINDOWS\system32\dllcache\usbuhci.sys
2008-09-11 04:03 . 2008-09-11 04:03	<DIR>	d--------	C:\Program Files\GIGABYTE
2008-09-11 04:03 . 2008-09-11 04:03	<DIR>	d--------	C:\Intel
2008-09-11 04:02 . 2008-09-11 20:43	16,608	--a------	C:\WINDOWS\gdrv.sys
2008-09-10 23:15 . 2006-10-26 19:56	32,592	--a------	C:\WINDOWS\system32\msonpmon.dll
2008-09-10 23:14 . 2008-09-10 23:14	<DIR>	d--------	C:\Program Files\MSBuild
2008-09-10 23:14 . 2008-09-10 23:14	<DIR>	d--------	C:\Program Files\Microsoft Works
2008-09-10 23:12 . 2008-09-10 23:12	<DIR>	d--------	C:\Program Files\Microsoft.NET
2008-09-10 23:11 . 2008-09-10 23:11	<DIR>	d--------	C:\Program Files\Microsoft Visual Studio 8
2008-09-10 23:10 . 2008-09-10 23:11	<DIR>	d--------	C:\WINDOWS\SHELLNEW
2008-09-10 23:10 . 2008-09-10 23:10	<DIR>	dr-h-----	C:\MSOCache
2008-09-10 23:10 . 2008-09-10 23:15	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-09-10 22:57 . 2007-10-11 11:10	30,008	--a------	C:\WINDOWS\system32\drivers\ET5Drv.sys
2008-09-10 22:36 . 2008-09-10 22:36	<DIR>	d--------	C:\WINDOWS\OPTIONS
2008-09-10 22:35 . 2008-09-10 22:35	<DIR>	d--------	C:\Documents and Settings\Jakub\Dane aplikacji\InstallShield
2008-09-10 22:33 . 2008-09-10 22:33	<DIR>	d--------	C:\WINDOWS\system32\RTCOM
2008-09-10 22:33 . 2007-11-14 09:18	553	-r-------	C:\WINDOWS\USetup.iss
2008-09-10 22:32 . 2008-09-10 22:36	<DIR>	d--------	C:\Program Files\Realtek
2008-09-03 15:06 . 2006-11-30 15:14	97,088	-ra------	C:\WINDOWS\system32\drivers\se45mdm.sys
2008-09-03 15:04 . 2008-09-03 15:04	<DIR>	d--------	C:\Documents and Settings\Jakub\Dane aplikacji\Sony Ericsson
2008-08-29 20:56 . 2008-08-29 20:59	<DIR>	d--------	C:\Program Files\uTorrent
2008-08-29 20:56 . 2008-09-11 20:33	<DIR>	d--------	C:\Documents and Settings\Jakub\Dane aplikacji\uTorrent
2008-08-25 09:44 . 2008-08-25 09:44	<DIR>	d--------	C:\Documents and Settings\Jakub\Dane aplikacji\DAEMON Tools
2008-08-24 12:25 . 2008-08-24 12:25	<DIR>	d--------	C:\Program Files\AskSBar
2008-08-24 12:25 . 2008-08-24 12:25	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Azureus
2008-08-24 11:28 . 2008-08-29 20:09	<DIR>	d--------	C:\Documents and Settings\Jakub\Dane aplikacji\BitTorrent

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-11 18:42	---------	d-----w	C:\Program Files\Neostrada TP
2008-09-11 18:33	---------	d-----w	C:\Program Files\Common Files\ACD Systems
2008-09-11 15:04	---------	d-----w	C:\Program Files\Hewlett-Packard
2008-09-11 07:37	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-09-11 06:07	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-09-11 05:45	---------	d-----w	C:\Program Files\Common Files\Ahead
2008-09-10 20:36	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-09-10 20:32	315,392	----a-w	C:\WINDOWS\HideWin.exe
2008-09-03 13:30	---------	d-----w	C:\Program Files\Common Files\Teleca Shared
2008-08-29 18:30	---------	d-----w	C:\Documents and Settings\Jakub\Dane aplikacji\Azureus
2008-08-25 20:38	---------	d-----w	C:\Program Files\HoverSnap
2008-08-25 07:44	717,296	----a-w	C:\WINDOWS\system32\drivers\sptd.sys
2008-08-18 10:27	---------	d-----w	C:\Documents and Settings\Jakub\Dane aplikacji\Samsung
2008-08-18 10:10	5,632	----a-w	C:\WINDOWS\system32\drivers\StarOpen.sys
2008-07-15 13:37	23	----a-w	C:\WINDOWS\system32\drivers\adidsl.cfg
2008-07-15 13:37	---------	d-----w	C:\Program Files\SAGEM
2008-06-15 09:40	221,184	----a-w	C:\WINDOWS\system32\wrap_oal.dll
2008-06-15 06:20	81,920	----a-w	C:\WINDOWS\system32\OpenAL32.dll
2008-02-03 17:55	22,328	----a-w	C:\Documents and Settings\Jakub\Dane aplikacji\PnkBstrK.sys
.

(((((((((((((((((((((((((((((   snapshot@2008-09-11_20.19.24.81   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-11 18:33:16	81,920	----a-r	C:\WINDOWS\Installer\{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}\ACDSeeDesktopShortcu_AE80641A0C8D4670A518B4EC154B1027.exe
+ 2008-09-11 18:33:16	81,920	----a-r	C:\WINDOWS\Installer\{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}\ACDSeePMShortcut_AE80641A0C8D4670A518B4EC154B1027.exe
+ 2008-09-11 18:33:16	81,920	----a-r	C:\WINDOWS\Installer\{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}\ACDSeeShowroomShortc_B2D418833BFC4BA0A2F65A2C9836C238.exe
+ 2008-09-11 18:33:16	81,920	----a-r	C:\WINDOWS\Installer\{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}\ARPPRODUCTICON.exe
+ 2008-09-11 18:33:16	45,056	----a-r	C:\WINDOWS\Installer\{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}\DevDetectPMShortcut_ECE0113B23D04DD889E6D2F026CABF03.exe
+ 2006-11-07 11:36:54	562,704	----a-w	C:\WINDOWS\system32\ACDSee.scr
+ 2002-01-05 01:38:38	54,784	----a-w	C:\WINDOWS\system32\msvci70.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 8491008]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-01-14 917504]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2007-04-10 709992]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 24576]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 53248]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-16 81920]
"GEST"="C:\Program Files\GIGABYTE\GEST\RUN.exe" [2007-12-14 236040]
"nwiz"="nwiz.exe" [2007-09-16 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
NOD32 FiX.lnk - C:\WINDOWS\system32\regedt32.exe [2001-10-26 3584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Image Zone - szybkie uruchamianie.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Image Zone - szybkie uruchamianie.lnk
backup=C:\WINDOWS\pss\HP Image Zone - szybkie uruchamianie.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Tlen.pl\\tlen.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18572:TCP"= 18572:TCP:BitComet 18572 TCP
"18572:UDP"= 18572:UDP:BitComet 18572 UDP
"59950:TCP"= 59950:TCP:BitComet 59950 TCP
"59950:UDP"= 59950:UDP:BitComet 59950 UDP
"54321:TCP"= 54321:TCP:BitComet 54321 TCP
"54321:UDP"= 54321:UDP:BitComet 54321 UDP
"5950:TCP"= 5950:TCP:BitComet 5950 TCP
"5950:UDP"= 5950:UDP:BitComet 5950 UDP
"15307:TCP"= 15307:TCP:BitComet 15307 TCP
"15307:UDP"= 15307:UDP:BitComet 15307 UDP
"18762:TCP"= 18762:TCP:BitComet 18762 TCP
"18762:UDP"= 18762:UDP:BitComet 18762 UDP
"7297:TCP"= 7297:TCP:BitComet 7297 TCP
"7297:UDP"= 7297:UDP:BitComet 7297 UDP
"18589:TCP"= 18589:TCP:BitComet 18589 TCP
"18589:UDP"= 18589:UDP:BitComet 18589 UDP
"12494:TCP"= 12494:TCP:BitComet 12494 TCP
"12494:UDP"= 12494:UDP:BitComet 12494 UDP
"11823:TCP"= 11823:TCP:BitComet 11823 TCP
"11823:UDP"= 11823:UDP:BitComet 11823 UDP
"20114:TCP"= 20114:TCP:BitComet 20114 TCP
"20114:UDP"= 20114:UDP:BitComet 20114 UDP

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 35328]
R3 GEST Service;GEST Service for program management.;C:\Program Files\GIGABYTE\GEST\GSvr.exe [2007-12-14 47624]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-05-12 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-05-12 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-05-12 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-05-12 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-05-12 83344]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [ ]
S3 RushTopDevice;RushTopDevice;C:\Program Files\MSI\Core Center\RushTop.sys [ ]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Run.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{464d712e-82fa-11dc-b0ff-4d6564696130}]
\Shell\AutoRun\command - F:\Setup\rsrc\autorun.exe
\Shell\dinstall\command - F:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79fd02b7-a63a-11db-ac2f-001617b67c04}]
\Shell\AutoRun\command - G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe54223a-a4c0-11dc-b1d5-4d6564696130}]
\Shell\AutoRun\command - G:\setup.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\Jakub\Dane aplikacji\Mozilla\Firefox\Profiles\cm8zllyu.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - interia.pl
FF -: plugin - C:\Program Files\Java\j2re1.4.0_03\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.0_03\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.0_03\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.0_03\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.0_03\bin\NPJPI140_03.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.0_03\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2008-09-11 20:43:41
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-09-11 20:44:24
ComboFix-quarantined-files.txt  2008-09-11 18:44:18
ComboFix2.txt  2008-09-11 18:19:50

Przed: 25,200,889,856 bajt˘w wolnych
Po: 25,195,724,800 bajt˘w wolnych

214