Forum PC Town

Strona Główna     FAQFAQ  SzukajSzukaj  UżytkownicyUżytkownicy  GrupyGrupy


Forum komputerowe PC Town Strona Główna » Kompiradło » Bezpieczeństwo w sieci » Analiza logów » Prosze o sprawdzenie loga z HijackThis Poprzedni temat :: Następny temat
Prosze o sprawdzenie loga z HijackThis
Autor Wiadomość
fuks
Gość
Wysłany: 2010-05-09, 12:46   Prosze o sprawdzenie loga z HijackThis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:44:15, on 2010-05-09
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Xfire\xfire.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.allplayer.org/thankyou.php?ver=V4.0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 5959 bytes
 
   
@Blade@ 

Pomógł: 8 razy
Wysłany: 2010-05-09, 13:29   
Odinstaluj DAEMON Tools Toolbar. HijackThis produkuje zbyt ubogi log jak na dzisiejsze czasy, więc podaj logi z: OTL i GMER
_________________
 
   
fuks
Gość
Wysłany: 2010-05-09, 13:40   Prosze o sprawdzenie loga z HijackThis
Log z OTL :


OTL logfile created on: 2010-05-09 14:37:11 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Fuks\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 65,98 Gb Free Space | 88,53% Space Free | Partition Type: NTFS
Drive D: | 74,51 Gb Total Space | 46,37 Gb Free Space | 62,22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: W-2445EEDC12734
Current User Name: Fuks
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-05-09 14:35:45 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fuks\Pulpit\OTL.exe
PRC - [2010-05-07 11:21:32 | 001,238,352 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2010-04-03 13:35:07 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-04-01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-12-04 16:36:33 | 000,017,272 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2007-12-04 15:00:23 | 000,079,224 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2007-12-04 15:00:16 | 000,140,664 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2007-12-04 14:59:53 | 000,247,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2007-12-04 14:59:01 | 000,345,464 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2007-11-14 12:54:24 | 002,131,392 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe
PRC - [2007-09-07 16:54:54 | 000,159,744 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razerhid.exe
PRC - [2007-05-07 16:35:14 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\DeathAdder\razerofa.exe
PRC - [2006-11-24 16:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razertra.exe
PRC - [2006-06-27 17:21:14 | 001,449,984 | ---- | M] (Time Information Services Ltd.) -- C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
PRC - [2006-06-15 13:36:18 | 000,229,376 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2006-06-09 11:37:18 | 000,471,552 | ---- | M] (Nokia Corporation) -- C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
PRC - [2006-06-05 14:59:18 | 000,174,080 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe


========== Modules (SafeList) ==========

MOD - [2010-05-09 14:35:45 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fuks\Pulpit\OTL.exe
MOD - [2008-04-14 22:46:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006-12-21 14:30:44 | 000,102,400 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\ggwhook.dll


========== Win32 Services (SafeList) ==========

SRV - [2007-12-04 16:36:33 | 000,017,272 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2007-12-04 15:00:16 | 000,140,664 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2007-12-04 14:59:53 | 000,247,160 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2007-12-04 14:59:01 | 000,345,464 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2006-06-05 14:59:18 | 000,174,080 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - [2010-04-24 21:59:57 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-05-21 06:12:56 | 008,055,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008-05-02 08:48:55 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112)
DRV - [2008-05-02 08:48:54 | 000,027,648 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iteatapi.sys -- (ITEATAPI)
DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-12-04 16:55:46 | 000,094,544 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2007-12-04 16:53:39 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2007-12-04 16:51:52 | 000,042,912 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2007-12-04 16:49:02 | 000,026,624 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2007-08-02 18:32:26 | 000,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dadder.sys -- (DAdderFltr)
DRV - [2006-05-29 09:26:38 | 000,127,488 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006-05-29 09:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2006-05-29 09:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006-05-29 09:26:36 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2005-12-09 10:48:40 | 004,123,136 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004-12-06 18:55:20 | 000,126,720 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004-10-29 12:21:14 | 000,025,067 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iteraid.sys -- (iteraid)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-1229272821-492894223-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1229272821-492894223-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1229272821-492894223-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
IE - HKU\S-1-5-21-1229272821-492894223-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.5.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:6.6.5.0
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.19
FF - prefs.js..network.proxy.no_proxies_on: "plimus.com,regnow.com"

FF - user.js..network.proxy.type: 0
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port: 0
FF - user.js..network.proxy.ssl: ""
FF - user.js..network.proxy.ssl_port: 0
FF - user.js..network.proxy.ftp: ""
FF - user.js..network.proxy.ftp_port: 0
FF - user.js..network.proxy.gopher: ""
FF - user.js..network.proxy.gopher_port: 0
FF - user.js..network.proxy.socks_version: 5
FF - user.js..network.proxy.socks: ""
FF - user.js..network.proxy.socks_port: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-05-06 20:49:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-05-06 20:49:57 | 000,000,000 | ---D | M]

[2010-03-16 20:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\Mozilla\Extensions
[2010-05-09 12:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\Mozilla\Firefox\Profiles\qld0bduq.default\extensions
[2010-04-24 22:06:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fuks\Dane aplikacji\Mozilla\Firefox\Profiles\qld0bduq.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010-04-29 21:20:57 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\Fuks\Dane aplikacji\Mozilla\Firefox\Profiles\qld0bduq.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2010-05-09 13:27:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fuks\Dane aplikacji\Mozilla\Firefox\Profiles\qld0bduq.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010-03-16 20:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\Mozilla\Firefox\Profiles\qld0bduq.default\extensions\autofillForms@blueimp.net
[2010-05-09 14:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\Mozilla\Firefox\Profiles\qld0bduq.default\extensions\DTToolbar@toolbarnet.com
[2010-04-24 21:59:59 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Fuks\Dane aplikacji\Mozilla\Firefox\Profiles\qld0bduq.default\searchplugins\daemon-search.xml
[2010-05-09 12:46:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-02-21 12:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010-01-14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2001-10-26 17:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-1229272821-492894223-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {00000000-5736-4205-0008-F7ED0776FB27} - No CLSID value found.
O3 - HKU\S-1-5-21-1229272821-492894223-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-1229272821-492894223-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found
O4 - Startup: C:\Documents and Settings\Fuks\Menu Start\Programy\Autostart\Xfire.lnk = C:\Program Files\Xfire\xfire.exe (Xfire Inc.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1229272821-492894223-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Fuks\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Fuks\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-03-07 21:07:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4ecea372-4fdc-11df-ac85-0014857ce9a9}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-05-09 14:35:44 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fuks\Pulpit\OTL.exe
[2010-05-09 13:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-05-09 13:16:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010-05-08 14:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fuks\Pulpit\paktofonika - kinematografia
[2010-05-06 20:50:19 | 000,000,000 | ---D | C] -- C:\Downloads
[2010-05-06 20:50:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fuks\Dane aplikacji\BitComet
[2010-05-05 13:10:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fuks\Ustawienia lokalne\Dane aplikacji\AskToolbar
[2010-05-01 19:02:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fuks\Dane aplikacji\TS3Client
[2010-05-01 19:01:37 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2010-04-24 22:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fuks\Dane aplikacji\GARMIN
[2010-04-24 21:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2010-04-24 21:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010-04-24 21:59:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fuks\Dane aplikacji\DAEMON Tools Lite
[2010-04-24 21:59:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2010-04-13 18:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\Steganos Internet Anonym 2006
[2010-04-12 22:24:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010-04-12 22:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fuks\Dane aplikacji\Sincell
[2010-04-12 22:08:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sincell
[2010-04-12 22:08:15 | 000,000,000 | ---D | C] -- C:\Program Files\Sincell
[2010-04-11 21:57:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fuks\Dane aplikacji\Hide IP NG
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-05-09 14:38:20 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Fuks\Pulpit\gmer.zip
[2010-05-09 14:35:45 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fuks\Pulpit\OTL.exe
[2010-05-09 14:27:18 | 000,002,441 | ---- | M] () -- C:\Documents and Settings\Fuks\Pulpit\HiJackThis.lnk
[2010-05-09 14:25:54 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-05-09 14:25:54 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-05-09 14:25:54 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010-05-09 14:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010-05-09 12:17:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-05-09 12:16:56 | 000,229,488 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010-05-09 12:16:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-05-08 23:40:58 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\Fuks\NTUSER.DAT
[2010-05-08 23:40:58 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Fuks\ntuser.ini
[2010-05-08 23:40:53 | 005,858,174 | -H-- | M] () -- C:\Documents and Settings\Fuks\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-05-05 11:51:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-05-04 14:50:37 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk
[2010-05-01 19:01:40 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\TeamSpeak 3 Client.lnk
[2010-04-27 17:14:30 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk
[2010-04-27 15:26:45 | 000,000,315 | ---- | M] () -- C:\Documents and Settings\Fuks\Pulpit\clubfm.m3u
[2010-04-24 21:59:58 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk
[2010-04-24 21:59:57 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010-04-20 17:57:09 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Fuks\Pulpit\Xfire.lnk
[2010-04-19 15:50:30 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010-04-17 22:08:22 | 000,001,614 | ---- | M] () -- C:\Documents and Settings\Fuks\Pulpit\Counter-Strike.lnk
[2010-04-16 22:26:30 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-05-09 14:38:37 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Fuks\Pulpit\gmer.exe
[2010-05-09 14:38:19 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Fuks\Pulpit\gmer.zip
[2010-05-09 13:35:02 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Fuks\Menu Start\Programy\Autostart\Xfire.lnk
[2010-05-09 13:23:33 | 000,002,441 | ---- | C] () -- C:\Documents and Settings\Fuks\Pulpit\HiJackThis.lnk
[2010-05-04 14:50:54 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010-05-04 14:50:37 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk
[2010-05-01 19:01:40 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\TeamSpeak 3 Client.lnk
[2010-04-27 15:26:44 | 000,000,315 | ---- | C] () -- C:\Documents and Settings\Fuks\Pulpit\clubfm.m3u
[2010-04-24 21:59:58 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk
[2010-04-24 21:59:57 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010-04-20 17:57:09 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Fuks\Pulpit\Xfire.lnk
[2010-04-19 15:50:30 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010-04-16 22:26:30 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010-03-07 21:23:30 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-03-07 21:23:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010-03-07 21:23:28 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010-03-07 21:23:27 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010-03-07 21:23:27 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010-03-07 21:19:04 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-03-07 21:14:30 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009-05-21 06:12:56 | 000,007,274 | ---- | C] () -- C:\WINDOWS\cadx2.ini
[2009-05-01 00:31:06 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009-05-01 00:31:06 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009-05-01 00:31:06 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009-05-01 00:31:06 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008-10-07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008-05-03 09:24:01 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005-12-07 13:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll

========== LOP Check ==========

[2010-04-24 21:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2010-03-07 21:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Downloaded Installations
[2010-03-13 23:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-03-07 21:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2010-04-12 22:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sincell
[2010-05-06 20:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\BitComet
[2010-04-24 22:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\DAEMON Tools Lite
[2010-04-24 22:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\Datalayer
[2010-03-07 22:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\Gadu-Gadu
[2010-03-13 23:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\Gadu-Gadu 10
[2010-04-24 22:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\GARMIN
[2010-04-11 22:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\Hide IP NG
[2010-03-09 19:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\Nokia
[2010-03-07 21:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\PC Suite
[2010-04-12 22:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\Sincell
[2010-05-01 19:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\TS3Client
[2010-05-06 21:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\uTorrent
[2010-05-09 14:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========


< End of report >
 
   
fuks
Gość
Wysłany: 2010-05-09, 13:58   Prosze o sprawdzenie loga z HijackThis
i log z gmer


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-09 14:57:39
Windows 5.1.2600 Dodatek Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Fuks\USTAWI~1\Temp\fwxyyfog.sys

.text ...

---- System - GMER 1.0.15 ----

INT 0x62 ? 89BE6BF8
INT 0x63 ? 89C57BF8
INT 0x82 ? 89BE6BF8
INT 0x83 ? 89943BF8
INT 0xA4 ? 89943BF8
INT 0xB4 ? 89943BF8

---- Devices - GMER 1.0.15 ----

Device \Driver\ahvnoaci \Device\Scsi\ahvnoaci1 898CA1F8
Device \Driver\ahvnoaci \Device\Scsi\ahvnoaci1Port3Path0Target0Lun0 898CA1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom0 898F91F8
Device \Driver\Cdrom \Device\CdRom1 898F91F8
Device \Driver\dmio \Device\DmControl\DmConfig 89C551F8
Device \Driver\dmio \Device\DmControl\DmInfo 89C551F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89C551F8
Device \Driver\dmio \Device\DmControl\DmPnP 89C551F8
Device \Driver\Ftdisk \Device\FtControl 89BE71F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 89BE71F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89BE71F8
Device \Driver\iteraid \Device\Scsi\iteraid1 89BE51F8
Device \Driver\NetBT \Device\NetbiosSmb 8964A368
Device \Driver\NetBT \Device\NetBT_Tcpip_{3571FE5A-5F06-4547-ACDB-154E97E41A6D} 8964A368
Device \Driver\NetBT \Device\NetBt_Wins_Export 8964A368
Device \Driver\PCI_PNP8172 \Device\00000041 spcz.sys
Device \Driver\sptd \Device\3026714422 spcz.sys

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbehci \Device\USBFDO-4 899261F8
Device \Driver\usbehci \Device\USBPDO-4 899261F8
Device \Driver\usbuhci \Device\USBFDO-0 89942318
Device \Driver\usbuhci \Device\USBFDO-1 89942318
Device \Driver\usbuhci \Device\USBFDO-2 89942318
Device \Driver\usbuhci \Device\USBFDO-3 89942318
Device \Driver\usbuhci \Device\USBPDO-0 89942318
Device \Driver\usbuhci \Device\USBPDO-1 89942318
Device \Driver\usbuhci \Device\USBPDO-2 89942318
Device \Driver\usbuhci \Device\USBPDO-3 89942318
Device \FileSystem\Cdfs \Cdfs 898B6500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89915500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89915500
Device \FileSystem\Ntfs \Ntfs 89C521F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\Drivers\ahvnoaci.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\ahvnoaci.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\ahvnoaci.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\ahvnoaci.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\ahvnoaci.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\ahvnoaci.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\ahvnoaci.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\ahvnoaci.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\ahvnoaci.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\ahvnoaci.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\ahvnoaci.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\ahvnoaci.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\ahvnoaci.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\ahvnoaci.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
IAT \SystemRoot\System32\Drivers\ahvnoaci.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EC5B90] spcz.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ahvnoaci.SYS B6F5B386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ahvnoaci.SYS B6F5B3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ahvnoaci.SYS B6F5B3C4 3 Bytes [00, 80, 02]
.text ahvnoaci.SYS B6F5B3C9 1 Byte [30]
.text ahvnoaci.SYS B6F5B3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EB613E] spcz.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EB6042] spcz.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EB60C0] spcz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EB6800] spcz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EB66D6] spcz.sys

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2328] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01197C38 C:\Program Files\Xfire\xfire_toucan_42424.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2328] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 01197D38 C:\Program Files\Xfire\xfire_toucan_42424.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2328] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7062360, 0x3CEED5, 0xE8000020]

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x95 0xA1 0xB7 0x21 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD4 0xF4 0xBC 0xEA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2C 0x93 0x0C 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x95 0xA1 0xB7 0x21 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD4 0xF4 0xBC 0xEA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2C 0x93 0x0C 0x62 ...

SSDT spcz.sys ZwCreateKey [0xB7EB50E0]
SSDT spcz.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spcz.sys ZwEnumerateValueKey [0xB7ECE132]
SSDT spcz.sys ZwOpenKey [0xB7EB50C0]
SSDT spcz.sys ZwQueryKey [0xB7ECE20A]
SSDT spcz.sys ZwQueryValueKey [0xB7ECE08A]
SSDT spcz.sys ZwSetValueKey [0xB7ECE29C]

---- Kernel code sections - GMER 1.0.15 ----

? spcz.sys Nie można odnaleźć określonego pliku. !
.text USBPORT.SYS!DllUnload B6FFB8AC 5 Bytes JMP 899431D8

---- EOF - GMER 1.0.15 ----
 
   
@Blade@ 

Pomógł: 8 razy
Wysłany: 2010-05-09, 17:33   
Praktycznie nic tu nie ma.
Uruchom OTL -> w oknie Custom Scans/Fixes wklej:
Cytat:
:OTL
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
[2010-05-09 14:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\Mozilla\Firefox\Profiles\qld0bduq.default\extensions\DTToolbar@toolbarnet.com
[2010-04-24 21:59:59 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Fuks\Dane aplikacji\Mozilla\Firefox\Profiles\qld0bduq.default\searchplugins\daemon-search.xml
O3 - HKU\S-1-5-21-1229272821-492894223-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {00000000-5736-4205-0008-F7ED0776FB27} - No CLSID value found.
O3 - HKU\S-1-5-21-1229272821-492894223-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-1229272821-492894223-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
[2010-05-04 14:50:54 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"=-

:Commands
[emptytemp]

Klikasz Run Fix. Następnie:

W OTL kliknij CleanUp

Przeczyść dysk oraz rejestr CCleaner

Wyłącz i włącz przywracanie systemu na wszystkich dyskach -> Instrukcja

Wykonaj pełne skanowanie Malwarebytes' Anti-Malware - jeśli coś znajdzie usuń i daj raport

Zainstaluj najnowszą wersję Avasta -> http://www.instalki.pl/pr..._Antivirus.html
_________________
 
   
fuks
Gość
Wysłany: 2010-05-09, 18:17   
log z malwarebytes :

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Wersja bazy: 4052

Windows 5.1.2600 Dodatek Service Pack 3
Internet Explorer 7.0.5730.13

2010-05-09 19:15:53
mbam-log-2010-05-09 (19-15-53).txt

Typ skanowania: Pełne skanowanie (A:\|C:\|D:\|E:\|G:\|)
Przeskanowano obiektów: 129575
Upłynęło: 12 minut(y), 20 sekund(y)

Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 0
Zainfekowanych wartości rejestru: 0
Zainfekowane informacje rejestru systemowego: 0
Zainfekowanych folderów: 0
Zainfekowanych plików: 1

Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:
(Nie znaleziono zagrożeń)

Zainfekowanych wartości rejestru:
(Nie znaleziono zagrożeń)

Zainfekowane informacje rejestru systemowego:
(Nie znaleziono zagrożeń)

Zainfekowanych folderów:
(Nie znaleziono zagrożeń)

Zainfekowanych plików:
D:\System Volume Information\_restore{431A4DC6-B071-4CAE-B631-37716FAD2C73}\RP78\A0031567.dll (Malware.Packer.T) -> No action taken.
 
   
@Blade@ 

Pomógł: 8 razy
Wysłany: 2010-05-09, 18:59   
Wyłącz i włącz przywracanie systemu na wszystkich dyskach -> Instrukcja

I powinno być ok.
_________________
 
   
Wyświetl posty z ostatnich:   
Forum komputerowe PC Town Strona Główna » Kompiradło » Bezpieczeństwo w sieci » Analiza logów » Prosze o sprawdzenie loga z HijackThis
Odpowiedz do tematu
Możesz pisać nowe tematy
Możesz odpowiadać w tematach
Nie możesz zmieniać swoich postów
Nie możesz usuwać swoich postów
Nie możesz głosować w ankietach
Nie możesz załączać plików na tym forum
Możesz ściągać załączniki na tym forum
 Dodaj temat do Ulubionych
Wersja do druku

Skocz do:  

Powered by phpBB modified by Przemo © 2003 phpBB Group - opowiadania
system walidacji dla gości opracował Petermechanic
Forum komputerowe
Strona wygenerowana w 0,39 sekundy. Zapytań do SQL: 10