bryken Opublikowano 7 Marca 2008 Zgłoś Opublikowano 7 Marca 2008 Log z hijack http://wklej.org/id/e35ae8a4a2 ewentualnie tutaj » Naciśnij, żeby pokazać/ukryć tekst oznaczony jako spoiler... « Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:07:21, on 2008-03-07 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\UAService.exe C:\WINDOWS\system32\oodtray.exe C:\Program Files\A4Tech\Mouse\Amoumain.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\GDS Byte Counter\gbc.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\WinFast\WFDTV\WFWIZ.exe C:\Program Files\WinFast\WFDTV\DTVSchdl.exe C:\WINDOWS\system32\ctfmon.exe C:\My Downloads\rmclock_225_bin\RMClock.exe C:\Program Files\foobar2000\foobar2000.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\uTorrent\uTorrent.exe C:\My Downloads\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 Final Release\RivaTuner.exe" /S O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [GDS Byte Counter] C:\Program Files\GDS Byte Counter\gbc.exe O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] D:\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=031408 serial=DR12WCD-0124438-cdp lang=EN O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RMClock] "C:\My Downloads\rmclock_225_bin\RMClockLauncher.exe" O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Documents and Settings\Administrator\Pulpit\Hello\PicasaCapture.dll (file missing) O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Documents and Settings\Administrator\Pulpit\Hello\PicasaCapture.dll (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {1F831FAC-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file:///C:/Program%20Files/AutoCAD%20LT%202002%20Plk/InstFred.ocx O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday) - file:///C:/Program%20Files/AutoCAD%20LT%202002%20Plk/AcDcToday.ocx O16 - DPF: {AE56372C-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files/AutoCAD%20LT%202002%20Plk/InstBanr.ocx O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/AutoCAD%20LT%202002%20Plk/AcPreview.ocx O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Usługa licencjonowania programu ABBYY FineReader 9.0 (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe -- End of file - 8535 bytes Log z silent runners http://wklej.org/id/a3bb9bd9ef » Naciśnij, żeby pokazać/ukryć tekst oznaczony jako spoiler... « "Silent Runners.vbs", revision 56, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "RMClock" = ""C:\My Downloads\rmclock_225_bin\RMClockLauncher.exe"" ["RightMark Gathering, iXBT.com"] "Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" "RivaTunerStartupDaemon" = ""C:\Program Files\RivaTuner v2.0 Final Release\RivaTuner.exe" /S" [empty string] "OODefragTray" = "C:\WINDOWS\system32\oodtray.exe" ["O&O Software GmbH"] "WheelMouse" = "C:\Program Files\A4Tech\Mouse\Amoumain.exe" ["A4Tech Co., Ltd."] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "D-Link AirPlus G" = "C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" ["D-Link"] "ANIWZCS2Service" = "C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" ["Alpha Networks Inc."] "GDS Byte Counter" = "C:\Program Files\GDS Byte Counter\gbc.exe" ["GD Software"] "CorelDRAW Graphics Suite 11b" = "D:\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=031408 serial=DR12WCD-0124438-cdp lang=EN" ["Corel Corporation"] "egui" = ""C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice" ["ESET"] "WinFast Schedule" = "C:\Program Files\WinFast\WFDTV\WFWIZ.exe" ["Leadtek Research Inc."] "WinFastDTV" = "C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" ["Leadtek Research Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\(Default) = (no title provided) -> {HKLM...CLSID} = "Megaupload Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MEGAUPLOAD "] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{AD392E40-428C-459F-961E-9B147782D099}" = "UltraISO" -> {HKLM...CLSID} = "UIContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""D:\openoffice\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""D:\openoffice\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""D:\openoffice\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""D:\openoffice\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{59A3380E-5305-4cea-BD99-4F2FF510C91F}" = "FineReader9ContextMenu" -> {HKLM...CLSID} = "FineReader9.FRContextMenu.1" \InProcServer32\(Default) = "C:\Program Files\ABBYY FineReader 9.0\FRIntegration.dll" ["ABBYY Software Ltd"] "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "Eset Smart Security - Context Menu Shell Extension" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Aedebug\ <<!>> "Debugger" = "C:\Program Files\Borland\Delphi7\Bin\bordbg70.exe -aeargs %ld %ld" [file not found] HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\ <<!>> "BootExecute" = "autocheck autochk *"|"OODBS" ["O&O Software GmbH"] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""D:\openoffice\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"] FineReader9ContextMenu\(Default) = "{59A3380E-5305-4cea-BD99-4F2FF510C91F}" -> {HKLM...CLSID} = "FineReader9.FRContextMenu.1" \InProcServer32\(Default) = "C:\Program Files\ABBYY FineReader 9.0\FRIntegration.dll" ["ABBYY Software Ltd"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}" -> {HKLM...CLSID} = "UIContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"] UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}" -> {HKLM...CLSID} = "UIContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Default executables: -------------------- <<!>> HKLM\SOFTWARE\Classes\.scr\(Default) = "AutoCADScriptFile" <<!>> HKLM\SOFTWARE\Classes\AutoCADScriptFile\shell\open\command\(Default) = "C:\WINDOWS\NOTEPAD.EXE "%1"" [MS] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoSMHelp" = (REG_DWORD) dword:0x00000001 {User Configuration|Administrative Templates|Start Menu and Taskbar| Remove Help menu from Start Menu} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Startup items in "Administrator" & "All Users" startup folders: --------------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 25 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" -> {HKLM...CLSID} = "Megaupload Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MEGAUPLOAD "] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = (no title provided) -> {HKLM...CLSID} = "Megaupload Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MEGAUPLOAD "] Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Badanie" {B13B4423-2647-4CFC-A4B3-C7D56CB83487}\ "ButtonText" = "Share in Hello" "MenuText" = "Share in H&ello" "CLSIDExtension" = "{B13B4423-2647-4cfc-A4B3-C7D56CB83487}" -> {HKLM...CLSID} = "IECmdExecute Class" \InProcServer32\(Default) = "C:\Documents and Settings\Administrator\Pulpit\Hello\PicasaCapture.dll" [file not found] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\ <<H>> "Tabs" = "C:\Documents and Settings\Administrator\Dane aplikacji\MEGAUPLOADTOOLBAR\tabwelcome.html" [null data] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ BrSplService, Brother XP spl Service, "C:\WINDOWS\system32\brsvc01a.exe" ["brother Industries Ltd"] Eset Service, ekrn, ""C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"" ["ESET"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] O&O Defrag, O&O Defrag, "C:\WINDOWS\system32\oodag.exe" ["O&O Software GmbH"] SecuROM User Access Service, UserAccess, "C:\WINDOWS\system32\UAService.exe" [null data] StarWind AE Service, StarWindServiceAE, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" ["Rocket Division Software"] Ulead Burning Helper, UleadBurningHelper, "C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."] Usługa licencjonowania programu ABBYY FineReader 9.0, ABBYY.Licensing.FineReader.Professional.9.0, ""C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe" -service" ["ABBYY (BIT Software)"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] ---------- (launch time: 2008-03-07 11:11:16) <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 113 seconds. ---------- (total run time: 234 seconds) Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
bryken Opublikowano 7 Marca 2008 Zgłoś Opublikowano 7 Marca 2008 (edytowane) Wszystko zrobilem jak kazales: log z combofix » Naciśnij, żeby pokazać/ukryć tekst oznaczony jako spoiler... « ComboFix 08-03-07.1 - Administrator 2008-03-07 19:56:56.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.164 [GMT 1:00] Running from: C:\My Downloads\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\Cfx32.lic C:\WINDOWS\system32\cfx32.ocx C:\WINDOWS\system32\Dvbpws.dll C:\WINDOWS\system32\system\ . ((((((((((((((((((((((((( Files Created from 2008-02-07 to 2008-03-07 ))))))))))))))))))))))))))))))) . 2008-03-07 19:54 . 2008-03-07 19:55 <DIR> d-------- C:\Program Files\Java 2008-03-07 19:54 . 2008-03-07 19:54 <DIR> d-------- C:\Program Files\Common Files\Java 2008-03-07 19:39 . 2008-03-07 19:39 <DIR> d-------- C:\Program Files\CCleaner 2008-03-01 17:54 . 2008-03-01 17:54 <DIR> d-------- C:\Program Files\ESET 2008-03-01 17:54 . 2008-03-01 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET 2008-02-27 23:01 . 2008-03-07 12:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-27 23:01 . 2008-02-27 23:01 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-24 19:51 . 2008-02-24 19:51 <DIR> d-------- C:\Program Files\VeryPDF PDF2Word v3.0 2008-02-24 19:51 . 2008-02-24 19:51 324 --a------ C:\WINDOWS\pdf2word.INI 2008-02-24 19:38 . 2008-02-24 19:41 <DIR> d-------- C:\Program Files\PDF Editor 2 2008-02-24 19:38 . 2008-02-24 19:38 74,752 --a------ C:\WINDOWS\cadkasdeinst01e.exe 2008-02-21 00:37 . 2008-02-21 00:37 <DIR> d-------- C:\Program Files\Foxit Software 2008-02-20 19:29 . 2008-02-20 19:30 <DIR> d-------- C:\Program Files\Angielski dla leniwych 2 2008-02-15 01:35 . 2008-02-15 01:35 <DIR> d-------- C:\Program Files\Prawo Jazdy 2006 2008-02-13 15:49 . 2008-02-13 15:49 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Corel 2008-02-13 15:35 . 2008-02-13 15:35 <DIR> d-------- C:\Program Files\Common Files\Corel . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-07 18:04 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\foobar2000 2008-03-07 16:20 --------- d-----w C:\Program Files\GDS Byte Counter 2008-03-07 11:13 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent 2008-02-13 14:36 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-13 14:35 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-12 20:24 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-06 13:00 --------- d-----w C:\Program Files\Valve 2008-02-06 12:18 --------- d-----w C:\Program Files\Piraci Nowego Świata 2008-02-02 15:43 --------- d-----w C:\Program Files\Fma 2008-02-02 12:00 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\FMA 2008-02-01 18:40 --------- d-----w C:\Program Files\Usb to Serial Driver 1.12.28 2008-01-24 22:48 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Sports Interactive 2008-01-24 21:58 --------- d--h--w C:\Program Files\Zero G Registry 2008-01-19 20:16 --------- d-----w C:\Program Files\PS2_HD_HANDINESS 2008-01-16 22:47 352,256 ----a-w C:\WINDOWS\eSellerateEngine.dll 2008-01-16 22:47 --------- d-----w C:\Program Files\Hot CPU Tester Pro 4 2008-01-16 08:43 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\OpenOffice.ux.pl2 2008-01-15 14:17 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Skype 2008-01-14 18:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ABBYY 2008-01-14 17:59 --------- d-----w C:\Program Files\ABBYY FineReader 9.0 2008-01-14 00:09 --------- d-----w C:\Program Files\MDT6 2008-01-13 22:08 --------- d-----w C:\Program Files\Common Files\Wextech Shared 2008-01-13 22:05 --------- d-----w C:\Program Files\Common Files\Autodesk Shared 2008-01-13 20:39 --------- d-----w C:\Program Files\Gadu-Gadu 2008-01-08 18:08 --------- d-----w C:\Program Files\Real Alternative 2008-01-08 18:07 --------- d-----w C:\Program Files\Common Files\Real 2008-01-07 13:22 --------- d-----w C:\Program Files\HD Tune 2007-08-26 09:41 7,780 ----a-w C:\Documents and Settings\Administrator\FMCodec.dat 2007-05-02 14:15 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat 2007-05-02 14:15 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat 2007-05-02 14:15 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012007050220070503\index.dat 2007-05-02 14:15 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44 15360] "RMClock"="C:\My Downloads\rmclock_225_bin\RMClockLauncher.exe" [2007-04-03 21:01 61440] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-04-25 16:27 2101248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.0 Final Release\RivaTuner.exe" [2006-12-24 20:15 2576384] "OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 01:08 2512392] "WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2006-02-17 10:14 163840] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008] "D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 15:04 1544192] "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 18:19 49152] "GDS Byte Counter"="C:\Program Files\GDS Byte Counter\gbc.exe" [2005-09-14 17:01 241664] "CorelDRAW Graphics Suite 11b"="D:\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 13:39 729088] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-23 21:51 1410304] "WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2007-07-27 17:09 409600] "WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2007-08-10 15:28 90112] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide3"="cmd.exe" [2004-08-03 23:44 395776 C:\WINDOWS\system32\cmd.exe] "TSClientMSIUninstaller"="cmd.exe" [2004-08-03 23:44 395776 C:\WINDOWS\system32\cmd.exe] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] --a------ 2007-08-24 13:44 4608 C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0] --------- 2005-07-19 11:36 933888 C:\Program Files\Brother\ControlCenter2\brctrcen.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-03 23:44 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2005-12-10 15:57 133016 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] C:\Program Files\FlashGet\FlashGet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-09-17 01:07 8491008 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-09-17 01:07 81920 C:\WINDOWS\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray] --a------ 2004-12-20 16:12 131072 C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-09-17 01:07 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] --a------ 2007-06-16 00:15 366400 C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicasaNet] C:\Documents and Settings\Administrator\Pulpit\Hello\Hello.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-11-07 01:39 98304 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt] --------- 2005-01-26 17:02 49152 C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2007-08-06 11:43 23165736 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] -ra------ 2006-03-30 15:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "D:\\utorrent\\utorrent.exe"= "D:\\Painkiller Overdose\\Bin\\Overdose.exe"= "D:\\Painkiller Overdose\\Bin\\OverdoseEditor.exe"= "D:\\Painkiller Overdose\\Bin\\OverdoseServer.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "D:\\footbal manager 2008\\fm.exe"= R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 07:23] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-23 21:52] R2 ABBYY.Licensing.FineReader.Professional.9.0;Usługa licencjonowania programu ABBYY FineReader 9.0;"C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe" -service [] R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 11:50] R3 RTCore32;RTCore32;C:\My Downloads\rmclock_225_bin\RTCore32.sys [2005-05-25 09:39] R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 15:55] S3 SER120;OTI Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys [2005-03-22 10:03] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b0b4217-2669-11dc-a13e-9993201023aa}] \Shell\AutoRun\command - K:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90003724-b58f-11dc-b987-000ae66a93fd}] \Shell\Auto\command - I:\activexdebugger32.exe f \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f \Shell\explore\Command - I:\activexdebugger32.exe f \Shell\open\Command - I:\activexdebugger32.exe f [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99cd6db0-cf6f-11dc-b9bb-001b111299fb}] \Shell\Auto\command - J:\activexdebugger32.exe f \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f \Shell\explore\Command - J:\activexdebugger32.exe f \Shell\open\Command - J:\activexdebugger32.exe f [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9d67f97-a066-11dc-b94a-000ae66a93fd}] \Shell\AutoRun\command - J:\setupSNK.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-07 19:58:49 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-07 19:59:27 ComboFix-quarantined-files.txt 2008-03-07 18:59:25 dzieki bardzo za pomoc. Pingi wrocily Rychlost připojení k internetu: 1,043 Mbit/s Rychlost stahování dat: 133,5 kByte/s Rychlost odezvy (ping): min 31,848 ms max 32,733 ms Ø 32,272 ms Edytowane 7 Marca 2008 przez bryken Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
bryken Opublikowano 7 Marca 2008 Zgłoś Opublikowano 7 Marca 2008 swiezy log z combofix » Naciśnij, żeby pokazać/ukryć tekst oznaczony jako spoiler... « ComboFix 08-03-07.1 - Administrator 2008-03-07 22:50:29.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.135 [GMT 1:00] Running from: C:\My Downloads\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\system\ . ((((((((((((((((((((((((( Files Created from 2008-02-07 to 2008-03-07 ))))))))))))))))))))))))))))))) . 2008-03-07 19:54 . 2008-03-07 19:55 <DIR> d-------- C:\Program Files\Java 2008-03-07 19:54 . 2008-03-07 19:54 <DIR> d-------- C:\Program Files\Common Files\Java 2008-03-07 19:39 . 2008-03-07 19:39 <DIR> d-------- C:\Program Files\CCleaner 2008-03-01 17:54 . 2008-03-01 17:54 <DIR> d-------- C:\Program Files\ESET 2008-03-01 17:54 . 2008-03-01 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET 2008-02-27 23:01 . 2008-03-07 12:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-27 23:01 . 2008-02-27 23:01 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-24 19:51 . 2008-02-24 19:51 <DIR> d-------- C:\Program Files\VeryPDF PDF2Word v3.0 2008-02-24 19:51 . 2008-02-24 19:51 324 --a------ C:\WINDOWS\pdf2word.INI 2008-02-24 19:38 . 2008-02-24 19:41 <DIR> d-------- C:\Program Files\PDF Editor 2 2008-02-24 19:38 . 2008-02-24 19:38 74,752 --a------ C:\WINDOWS\cadkasdeinst01e.exe 2008-02-21 00:37 . 2008-02-21 00:37 <DIR> d-------- C:\Program Files\Foxit Software 2008-02-20 19:29 . 2008-02-20 19:30 <DIR> d-------- C:\Program Files\Angielski dla leniwych 2 2008-02-15 01:35 . 2008-02-15 01:35 <DIR> d-------- C:\Program Files\Prawo Jazdy 2006 2008-02-13 15:49 . 2008-02-13 15:49 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Corel 2008-02-13 15:35 . 2008-02-13 15:35 <DIR> d-------- C:\Program Files\Common Files\Corel . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-07 19:21 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\foobar2000 2008-03-07 19:07 7,780 ----a-w C:\Documents and Settings\Administrator\FMCodec.dat 2008-03-07 16:20 --------- d-----w C:\Program Files\GDS Byte Counter 2008-03-07 11:13 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent 2008-02-13 14:36 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-13 14:35 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-12 20:24 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-06 13:00 --------- d-----w C:\Program Files\Valve 2008-02-06 12:18 --------- d-----w C:\Program Files\Piraci Nowego Świata 2008-02-02 15:43 --------- d-----w C:\Program Files\Fma 2008-02-02 12:00 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\FMA 2008-02-01 18:40 --------- d-----w C:\Program Files\Usb to Serial Driver 1.12.28 2008-01-24 22:48 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Sports Interactive 2008-01-24 21:58 --------- d--h--w C:\Program Files\Zero G Registry 2008-01-19 20:16 --------- d-----w C:\Program Files\PS2_HD_HANDINESS 2008-01-16 22:47 352,256 ----a-w C:\WINDOWS\eSellerateEngine.dll 2008-01-16 22:47 --------- d-----w C:\Program Files\Hot CPU Tester Pro 4 2008-01-16 08:43 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\OpenOffice.ux.pl2 2008-01-15 14:17 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Skype 2008-01-14 18:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ABBYY 2008-01-14 17:59 --------- d-----w C:\Program Files\ABBYY FineReader 9.0 2008-01-14 00:09 --------- d-----w C:\Program Files\MDT6 2008-01-13 22:08 --------- d-----w C:\Program Files\Common Files\Wextech Shared 2008-01-13 22:05 --------- d-----w C:\Program Files\Common Files\Autodesk Shared 2008-01-13 20:39 --------- d-----w C:\Program Files\Gadu-Gadu 2008-01-08 18:08 --------- d-----w C:\Program Files\Real Alternative 2008-01-08 18:07 --------- d-----w C:\Program Files\Common Files\Real 2008-01-07 13:22 --------- d-----w C:\Program Files\HD Tune 2007-05-02 14:15 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat 2007-05-02 14:15 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat 2007-05-02 14:15 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012007050220070503\index.dat 2007-05-02 14:15 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44 15360] "RMClock"="C:\My Downloads\rmclock_225_bin\RMClockLauncher.exe" [2007-04-03 21:01 61440] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-04-25 16:27 2101248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.0 Final Release\RivaTuner.exe" [2006-12-24 20:15 2576384] "OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 01:08 2512392] "WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2006-02-17 10:14 163840] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008] "D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 15:04 1544192] "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 18:19 49152] "GDS Byte Counter"="C:\Program Files\GDS Byte Counter\gbc.exe" [2005-09-14 17:01 241664] "CorelDRAW Graphics Suite 11b"="D:\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 13:39 729088] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-23 21:51 1410304] "WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2007-07-27 17:09 409600] "WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2007-08-10 15:28 90112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide3"="cmd.exe" [2004-08-03 23:44 395776 C:\WINDOWS\system32\cmd.exe] "TSClientMSIUninstaller"="cmd.exe" [2004-08-03 23:44 395776 C:\WINDOWS\system32\cmd.exe] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] --a------ 2007-08-24 13:44 4608 C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0] --------- 2005-07-19 11:36 933888 C:\Program Files\Brother\ControlCenter2\brctrcen.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-03 23:44 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2005-12-10 15:57 133016 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] C:\Program Files\FlashGet\FlashGet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-09-17 01:07 8491008 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-09-17 01:07 81920 C:\WINDOWS\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray] --a------ 2004-12-20 16:12 131072 C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-09-17 01:07 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] --a------ 2007-06-16 00:15 366400 C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicasaNet] C:\Documents and Settings\Administrator\Pulpit\Hello\Hello.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-11-07 01:39 98304 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt] --------- 2005-01-26 17:02 49152 C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2007-08-06 11:43 23165736 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] -ra------ 2006-03-30 15:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "D:\\utorrent\\utorrent.exe"= "D:\\Painkiller Overdose\\Bin\\Overdose.exe"= "D:\\Painkiller Overdose\\Bin\\OverdoseEditor.exe"= "D:\\Painkiller Overdose\\Bin\\OverdoseServer.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "D:\\footbal manager 2008\\fm.exe"= R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 07:23] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-23 21:52] R2 ABBYY.Licensing.FineReader.Professional.9.0;Usługa licencjonowania programu ABBYY FineReader 9.0;"C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe" -service [] R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 11:50] R3 RTCore32;RTCore32;C:\My Downloads\rmclock_225_bin\RTCore32.sys [2005-05-25 09:39] R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 15:55] S3 SER120;OTI Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys [2005-03-22 10:03] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b0b4217-2669-11dc-a13e-9993201023aa}] \Shell\AutoRun\command - K:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90003724-b58f-11dc-b987-000ae66a93fd}] \Shell\Auto\command - I:\activexdebugger32.exe f \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f \Shell\explore\Command - I:\activexdebugger32.exe f \Shell\open\Command - I:\activexdebugger32.exe f [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99cd6db0-cf6f-11dc-b9bb-001b111299fb}] \Shell\Auto\command - J:\activexdebugger32.exe f \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f \Shell\explore\Command - J:\activexdebugger32.exe f \Shell\open\Command - J:\activexdebugger32.exe f [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9d67f97-a066-11dc-b94a-000ae66a93fd}] \Shell\AutoRun\command - J:\setupSNK.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-07 22:51:52 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-07 22:52:25 ComboFix2.txt 2008-03-07 21:46:56 skan z malwarbytes » Naciśnij, żeby pokazać/ukryć tekst oznaczony jako spoiler... « Malwarebytes' Anti-Malware 1.07 Database version: 465 Scan type: Quick Scan Objects scanned: 27517 Time elapsed: 3 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) chyba prosciej mi bylo zainstalowac swiezego windwosa:D Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
bryken Opublikowano 8 Marca 2008 Zgłoś Opublikowano 8 Marca 2008 (edytowane) odinstalowane 8O teraz pytanko co zrobic zeby uniknac w przyszlosci tych badziewii to znaczy, ktory antywirus (avast) czy cos innego, firefoxa purepc do neta to podstawa. Edytowane 8 Marca 2008 przez bryken Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
