falar Napisano 8 Stycznia 2009 Zgłoś Napisano 8 Stycznia 2009 Witam po raz kolejny (jako, że nie jest to mój pierwszy post w tym dziale). Znowu nie jest to problem z moim komputerem. Nie miałem możliwości zobaczenia "pacjenta", więc wszystkie informacje dostałem przez gg. a wiec kolega podejrzewa, że ma w komputerze jakiegoś spyware'a. Objawy, o których wiem to wysyłanie wiadomości na gg (tzn. wychodzą z numeru kolegi, mimo że on nie wysyłał) i nieznane próby zalogowania się na konto na allegro na jego konto. » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "silent runners" "Silent Runners.vbs", revision 59, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."] "Shareaza" = ""C:\Program Files\Shareaza\Shareaza.exe" -tray" ["Shareaza Development Team"] "SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "Six Engine" = ""C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r" [empty string] "Drive Xpert" = "C:\Program Files\ASUS\Drive Xpert\DriveXpert.exe" ["Silicon Image, Inc."] "Launch Direct Link" = ""C:\Program Files\ASUS\AI Direct Link\AsShare.exe"" [empty string] "Launch As Cmd Runner" = ""C:\Program Files\ASUS\AI Direct Link\AsCmd.exe" -reg" [null data] "Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"] "mcagent_exe" = "C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey" ["McAfee, Inc."] "SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"] "WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"] "WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe" ["France Télécom R&D"] "HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub" -> {HKLM...CLSID} = "Adobe PDF Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"] {377C180E-6F0E-4D4C-980F-F45BD3D40CF4}\(Default) = "McAntiPhishingBHO" -> {HKLM...CLSID} = "McAfee Phishing Filter" \InProcServer32\(Default) = "c:\PROGRA~1\mcafee\msk\mcapbho.dll" ["McAfee, Inc."] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {7DB2D5A0-7241-4E79-B68D-6309F01C5231}\(Default) = "scriptproxy" -> {HKLM...CLSID} = "scriptproxy" \InProcServer32\(Default) = "C:\Program Files\McAfee\VirusScan\scriptsn.dll" ["McAfee, Inc."] {CFC4F59B-A2DA-4e12-B337-52A4F871E10C}\(Default) = (no title provided) -> {HKLM...CLSID} = "UrlHelper Class" \InProcServer32\(Default) = "C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wy wietlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wy wietlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ McCtxMenu\(Default) = "{01576F39-90DE-4D6E-A068-5B20C22BAAEE}" -> {HKLM...CLSID} = "CtxMenu Class" \InProcServer32\(Default) = "c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll" ["McAfee, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ McCtxMenu\(Default) = "{01576F39-90DE-4D6E-A068-5B20C22BAAEE}" -> {HKLM...CLSID} = "CtxMenu Class" \InProcServer32\(Default) = "c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll" ["McAfee, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Default executables: -------------------- <<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile" Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} "DisableRegistryTools" = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ HPUnloadAutoplay\ "Provider" = "Przesyłanie HP i Szybki wydruk" "InvokeProgID" = "HpqUnApl.Autoplay" "InvokeVerb" = "Play" HKLM\SOFTWARE\Classes\HpqUnApl.Autoplay\shell\Play\DropTarget\CLSID = "{E1A1C814-FD09-4c9d-BB4A-0394B836A1F0}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = "C:\Program Files\HP\Digital Imaging\Unload\HpqUnApl.exe" ["Hewlett-Packard"] MPCPlayCDAudioOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayCDAudio" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"] MPCPlayDVDMovieOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayDVDMovie" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"] MPCPlayMusicFilesOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayMusicFiles" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"] MPCPlayVideoFilesOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayVideoFiles" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"] MSWPDShellNamespaceHandler\ "Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS] Startup items in "Administrator" & "All Users" startup folders: --------------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."] Enabled Scheduled Tasks: ------------------------ "McDefragTask" -> launches: "c:\PROGRA~1\mcafee\mqc\QcConsol.exe "C:\WINDOWS\system32\defrag.exe" C: -f" ["McAfee, Inc."] "McQcTask" -> launches: "c:\PROGRA~1\mcafee\mqc\QcConsol.exe 14 0" ["McAfee, Inc."] "WebReg Officejet 5600 series" -> launches: "C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe "Officejet 5600 series"" ["Hewlett-Packard Co."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{196C3A46-4758-433D-A600-802C804AF39C}" -> {HKLM...CLSID} = "Shareaza MediaBar" \InProcServer32\(Default) = "C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll" ["Shareaza"] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "{196C3A46-4758-433D-A600-802C804AF39C}" = (no title provided) -> {HKLM...CLSID} = "Shareaza MediaBar" \InProcServer32\(Default) = "C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll" ["Shareaza"] Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Badanie" {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ "MenuText" = "Spybot - Search & Destroy Configuration" "CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}" -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided) -> {HKLM...CLSID} = "Search Class" \InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ 57xx SteelVine, 57xx SteelVine Manager, "C:\Program Files\ASUS\Drive Xpert\SteelVine.exe" [null data] France Telecom Routing Table Service, FTRTSVC, "C:\WINDOWS\System32\FTRTSVC.exe" ["France Telecom"] McAfee Anti-Spam Service, MSK80Service, ""C:\Program Files\McAfee\MSK\MskSrver.exe"" ["McAfee, Inc."] McAfee Network Agent, McNASvc, ""c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe"" ["McAfee, Inc."] McAfee Personal Firewall Service, MpfService, ""C:\Program Files\McAfee\MPF\MPFSrv.exe"" ["McAfee, Inc."] McAfee Proxy Service, McProxy, "c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe" ["McAfee, Inc."] McAfee Real-time Scanner, McShield, "C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe" ["McAfee, Inc."] McAfee Services, mcmscsvc, "C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe" ["McAfee, Inc."] McAfee SystemGuards, McSysmon, "C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe" ["McAfee, Inc."] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ HP Standard TCP/IP Port\Driver = "HpTcpMon.dll" ["Hewlett Packard"] hpzsnt12\Driver = "hpzsnt12.dll" ["HP"] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- (launch time: 2009-01-08 19:50:25) <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 20 seconds. ---------- (total run time: 46 seconds) » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "ComboFix" ComboFix 09-01-08.01 - Administrator 2009-01-08 19:41:00.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2047.1540 [GMT 1:00] Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe * Utworzono nowy punkt przywracania * Resident AV is active . ((((((((((((((((((((((((( Pliki utworzone od 2008-12-08 do 2009-01-08 ))))))))))))))))))))))))))))))) . 2009-01-03 10:38 . 2009-01-04 11:18 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-01-03 10:38 . 2009-01-04 11:19 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2009-01-03 10:34 . 2009-01-03 10:36 15,083,520 --a------ c:\program files\spybotsd160.exe 2009-01-02 21:57 . 2009-01-02 21:57 <DIR> d-------- c:\program files\Trend Micro 2009-01-02 21:56 . 2009-01-02 21:56 812,344 --a------ c:\program files\HJTInstall.exe 2009-01-02 08:26 . 2009-01-02 08:26 <DIR> d-------- c:\program files\MSXML 4.0 2009-01-02 08:26 . 2009-01-02 08:26 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2 2008-12-31 14:21 . 2008-12-31 14:21 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\HP 2008-12-31 14:20 . 2008-12-31 14:21 <DIR> d-------- c:\program files\Common Files\HP 2008-12-31 14:19 . 2008-12-31 14:19 <DIR> d-------- c:\program files\Hewlett-Packard 2008-12-31 14:18 . 2008-12-31 14:18 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard 2008-12-31 14:14 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2008-12-31 14:14 . 2008-04-13 19:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys 2008-12-31 14:13 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2008-12-31 14:13 . 2004-09-29 12:12 278,584 --a------ c:\windows\system32\HPZidr12.dll 2008-12-31 14:13 . 2004-09-29 12:15 204,800 --a------ c:\windows\system32\HPZipr12.dll 2008-12-31 14:13 . 2004-09-29 12:09 94,208 --a------ c:\windows\system32\HPZipt12.dll 2008-12-31 14:13 . 2004-09-29 12:14 69,632 --a------ c:\windows\system32\HPZipm12.exe 2008-12-31 14:13 . 2004-09-29 12:08 61,440 --a------ c:\windows\system32\HPZinw12.exe 2008-12-31 14:13 . 2004-09-29 12:09 57,344 --a------ c:\windows\system32\HPZisn12.dll 2008-12-31 14:12 . 2008-12-31 14:21 <DIR> d-------- c:\program files\HP 2008-12-31 14:10 . 2008-12-31 14:10 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\HP 2008-12-31 14:10 . 2008-12-31 14:31 113,856 --a------ c:\windows\hpoins07.dat 2008-12-31 14:10 . 2005-05-24 09:22 21,124 --------- c:\windows\hpomdl07.dat 2008-12-31 13:48 . 2008-04-13 19:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2008-12-31 13:48 . 2008-04-13 19:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys 2008-12-31 13:47 . 2008-04-13 19:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys 2008-12-31 13:47 . 2008-04-13 19:45 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys 2008-12-26 19:16 . 2008-12-26 19:16 <DIR> d-------- c:\program files\Shareaza 2008-12-26 19:16 . 2008-12-26 19:16 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\Shareaza 2008-12-26 19:13 . 2008-12-26 19:13 <DIR> d-------- c:\program files\Shareaza Applications 2008-12-26 19:10 . 2008-12-26 19:16 6,744,741 --a------ c:\program files\ShareazaV4pl.exe 2008-12-26 17:06 . 2008-12-26 17:06 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\363B9 2008-12-25 16:48 . 2008-12-25 16:48 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\B94 2008-12-24 09:33 . 2008-12-24 09:33 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\1B1B5 2008-12-23 23:13 . 2006-11-12 12:39 483,328 --a------ c:\windows\system32\actskn45.ocx 2008-12-21 16:10 . 2008-12-21 16:10 <DIR> d-------- c:\program files\ai 2008-12-21 14:43 . 2008-12-21 14:43 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\Media Player Classic 2008-12-21 00:54 . 2008-12-23 00:00 652 --a------ c:\windows\eReg.dat 2008-12-21 00:40 . 2008-12-21 00:40 <DIR> d-------- c:\program files\GameSpy Arcade 2008-12-21 00:39 . 2008-12-21 00:39 <DIR> d-------- c:\program files\EA GAMES 2008-12-20 23:05 . 2009-01-01 14:17 <DIR> d-------- c:\documents and settings\Administrator\.jpi_cache 2008-12-20 23:05 . 2008-12-20 23:05 <DIR> d-------- c:\documents and settings\Administrator\.java 2008-12-19 22:44 . 2008-12-19 22:44 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\Gadu-Gadu 2008-12-19 22:11 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2008-12-19 22:11 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2008-12-19 21:45 . 2008-12-19 21:45 <DIR> d-------- c:\program files\Gadu-Gadu 2008-12-19 21:45 . 2008-12-31 11:37 <DIR> d-------- c:\documents and settings\Administrator\Gadu-Gadu 2008-12-19 21:40 . 2008-12-31 11:27 4,350,416 --a------ c:\program files\gg77.exe 2008-12-19 17:05 . 2004-08-23 14:50 32,768 --a------ c:\windows\system32\WooDial2000.dll 2008-12-19 17:04 . 2008-12-19 17:04 <DIR> d-------- c:\windows\system32\alertModule 2008-12-19 17:04 . 2008-12-19 17:04 <DIR> d-------- c:\program files\Thomson 2008-12-19 17:04 . 2003-12-08 11:53 70,688 --a------ c:\windows\system32\drivers\alcaudsl.sys 2008-12-19 17:04 . 2003-12-08 11:53 53,600 --a------ c:\windows\system32\drivers\alcan5wn.sys 2008-12-19 17:04 . 2003-12-08 11:53 5,606 --a------ c:\windows\system32\stci.dll 2008-12-19 17:04 . 2003-12-08 11:53 5,280 --a------ c:\windows\system32\drivers\alcawh.sys 2008-12-19 17:04 . 2003-12-08 11:53 3,968 --a------ c:\windows\system32\drivers\alcacr.sys 2008-12-19 17:03 . 2008-12-19 17:03 <DIR> d-------- c:\program files\Java 2008-12-19 17:03 . 2003-08-04 14:22 94,208 --a------ c:\windows\system32\W32n50.dll 2008-12-19 17:03 . 2002-11-01 20:15 45,175 --------- c:\windows\system32\plugincpl140_03.cpl 2008-12-19 17:03 . 2002-11-01 20:15 41,068 --------- c:\windows\system32\ActPanel.dll 2008-12-19 17:03 . 2004-08-23 14:49 40,960 --a------ c:\windows\system32\FTRTSVC.exe 2008-12-19 17:03 . 2005-10-06 15:55 36,864 --a------ c:\windows\system32\IfHelper.dll 2008-12-19 17:03 . 2003-08-04 14:22 16,128 --------- c:\windows\system32\PCANDIS5.SYS 2008-12-19 17:02 . 2009-01-08 17:46 <DIR> d-------- c:\program files\neostrada tp 2008-12-19 17:01 . 2008-12-19 17:01 <DIR> d--hs---- c:\windows\ftpcache 2008-12-18 15:05 . 2009-01-08 17:47 9,447 --a------ c:\windows\system32\Config.MPF 2008-12-18 15:04 . 2008-12-18 15:04 <DIR> d-------- c:\program files\K-Lite Codec Pack 2008-12-18 15:03 . 2007-11-22 06:44 201,320 --a------ c:\windows\system32\drivers\mfehidk.sys 2008-12-18 15:03 . 2007-07-13 06:20 113,952 --a------ c:\windows\system32\drivers\Mpfp.sys 2008-12-18 15:03 . 2007-11-22 06:44 79,304 --a------ c:\windows\system32\drivers\mfeavfk.sys 2008-12-18 15:03 . 2007-12-02 12:51 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys 2008-12-18 15:03 . 2007-11-22 06:44 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys 2008-12-18 15:03 . 2007-11-22 06:44 33,832 --a------ c:\windows\system32\drivers\mferkdk.sys 2008-12-18 15:02 . 2008-12-18 15:02 <DIR> d-------- c:\program files\McAfee.com 2008-12-18 15:02 . 2009-01-06 08:57 <DIR> d-------- c:\program files\McAfee 2008-12-18 15:02 . 2008-12-18 15:03 <DIR> d-------- c:\program files\Common Files\McAfee 2008-12-18 13:44 . 2008-12-18 15:05 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\McAfee 2008-12-18 13:38 . 2008-12-18 13:38 0 --a------ c:\windows\nsreg.dat 2008-12-18 13:30 . 2008-12-18 13:30 <DIR> d-------- c:\program files\MSECache 2008-12-18 13:16 . 2008-12-18 13:16 <DIR> d-------- c:\program files\Common Files\Adobe 2008-12-18 13:04 . 2007-04-09 13:23 28,040 --a------ c:\windows\system32\mdimon.dll 2008-12-18 13:04 . 2008-12-18 13:04 421 --a------ c:\windows\ODBC.INI 2008-12-18 13:03 . 2008-12-18 13:03 <DIR> d-------- c:\program files\Microsoft.NET 2008-12-18 13:01 . 2008-12-18 13:03 <DIR> d-------- c:\windows\SHELLNEW 2008-12-18 12:37 . 2008-12-18 12:37 <DIR> d-------- c:\windows\system32\pl 2008-12-18 12:37 . 2008-12-18 12:37 <DIR> d-------- c:\windows\system32\bits 2008-12-18 12:37 . 2008-12-18 12:37 <DIR> d-------- c:\windows\l2schemas 2008-12-18 12:36 . 2008-12-18 12:36 <DIR> d-------- c:\windows\ServicePackFiles 2008-12-18 12:30 . 2004-08-04 00:35 701,440 --------- c:\windows\system32\drivers\ati2mtag.sys 2008-12-18 12:24 . 2008-12-18 12:24 <DIR> d-------- c:\program files\Windows Media Connect 2 2008-12-18 12:24 . 2006-10-04 15:06 1,197,294 --a--c--- c:\windows\system32\dllcache\sysmain.sdb 2008-12-18 12:23 . 2008-12-18 12:23 <DIR> d-------- c:\windows\system32\LogFiles 2008-12-18 12:23 . 2008-12-18 12:24 <DIR> d-------- c:\windows\system32\drivers\UMDF . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-02 11:43 139,264 ----a-w c:\windows\system32\hpzjrd01.dll 2008-12-31 12:36 881 ----a-w c:\program files\pekoa24.prv 2008-12-22 22:53 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-18 10:44 --------- d-----w c:\program files\ASUS 2008-12-18 10:39 --------- d-----w c:\program files\Downloaded Installations 2008-12-18 10:34 --------- d-----w c:\program files\Common Files\InstallShield 2008-12-18 10:34 --------- d-----w c:\program files\AGEIA Technologies 2008-12-18 10:33 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-12-18 10:18 319,488 ----a-w c:\windows\HideWin.exe 2008-12-18 10:18 --------- d-----w c:\program files\Realtek 2008-12-18 10:15 --------- d-----w c:\program files\Intel 2008-12-18 09:38 --------- d-----w c:\program files\microsoft frontpage 2008-12-18 09:36 --------- d-----w c:\program files\Usługi online 2008-11-24 14:32 57,344 ----a-w c:\windows\system32\ff_vfw.dll 2008-11-12 12:45 453,152 ----a-w c:\windows\system32\NVUNINST.EXE 2008-10-28 22:35 684,032 ----a-w c:\windows\system32\divx.dll 2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:07 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-13 08:56 70,936 ----a-w c:\windows\system32\PhysXLoader.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domy lne, prawidłowe wpisy nie sš pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}] 2008-07-15 12:33 394688 --a------ c:\program files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{196C3A46-4758-433D-A600-802C804AF39C}"= "c:\program files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll" [2008-07-15 480704] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{196C3A46-4758-433D-A600-802C804AF39C}"= "c:\program files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll" [2008-07-15 480704] [HKEY_CLASSES_ROOT\clsid\{196c3a46-4758-433d-a600-802c804af39c}] [HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar.1] [HKEY_CLASSES_ROOT\TypeLib\{89807A16-AC31-4449-AB91-06A753813543}] [HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] "Shareaza"="c:\program files\Shareaza\Shareaza.exe" [2008-10-01 5723136] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016] "Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-05-14 5958656] "Drive Xpert"="c:\program files\ASUS\Drive Xpert\DriveXpert.exe" [2008-05-22 10235904] "Launch Direct Link"="c:\program files\ASUS\AI Direct Link\AsShare.exe" [2007-11-16 1209856] "Launch As Cmd Runner"="c:\program files\ASUS\AI Direct Link\AsCmd.exe" [2007-04-11 376832] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992] "SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816] "WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2004-08-23 20480] "WOOTASKBARICON"="c:\progra~1\NEOSTR~1\GestMaj.exe" [2004-10-14 32768] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152] "RTHDCPL"="RTHDCPL.EXE" [2008-07-03 c:\windows\RTHDCPL.exe] "nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "e:\\GRY\\MOHAA.exe"= "c:\\Program Files\\Shareaza\\Shareaza.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-12-18 38400] R4 57xx SteelVine Manager;57xx SteelVine;c:\program files\ASUS\Drive Xpert\SteelVine.exe [2008-05-22 1286144] . Zawarto ć folderu 'Zaplanowane zadania' 2008-12-18 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] 2009-01-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] 2009-01-07 c:\windows\Tasks\WebReg Officejet 5600 series.job - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2005-05-12 00:21] . . ------- Skan uzupełniajšcy ------- . uStart Page = hxxp://search.shareazaweb.com/pl/ IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: { - c:\program files\Messenger\msmsgs.exe TCP: {4AE7D711-2E31-48C8-A479-EE4875F1B5CA} = 194.204.159.1 217.98.63.164 FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\kcfz0spt.default\ FF - prefs.js: browser.startup.homepage - hxxp://search.shareazaweb.com/pl/ FF - plugin: c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\kcfz0spt.default\extensions\SignPlugin@pekao.pl\plugins\NPSignPluginPEKAO.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava11.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava12.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava13.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava32.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJPI140_03.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPOJI610.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava11.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava12.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava13.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJPI140_03.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOJI610.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-08 19:41:59 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomy lnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2009-01-08 19:42:44 ComboFix-quarantined-files.txt 2009-01-08 18:42:41 Przed: 153 185 931 264 bajtów wolnych Po: 153,229,758,464 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 257 --- E O F --- 2009-01-02 07:26:16 » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "HijackThis" Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:59:08, on 2009-01-08 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ASUS\Drive Xpert\SteelVine.exe C:\WINDOWS\System32\FTRTSVC.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ASUS\Six Engine\SixEngine.exe C:\Program Files\ASUS\Drive Xpert\DriveXpert.exe C:\Program Files\ASUS\AI Direct Link\AsShare.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\neostrada tp\neostradatp.exe C:\Program Files\neostrada tp\ComComp.exe C:\PROGRA~1\NEOSTR~1\Toaster.exe C:\PROGRA~1\NEOSTR~1\Inactivity.exe C:\PROGRA~1\NEOSTR~1\PollingModule.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\neostrada tp\Watch.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: UrlHelper Class - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll O3 - Toolbar: Shareaza MediaBar - {196C3A46-4758-433D-A600-802C804AF39C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r O4 - HKLM\..\Run: [Drive Xpert] C:\Program Files\ASUS\Drive Xpert\DriveXpert.exe O4 - HKLM\..\Run: [Launch Direct Link] "C:\Program Files\ASUS\AI Direct Link\AsShare.exe" O4 - HKLM\..\Run: [Launch As Cmd Runner] "C:\Program Files\ASUS\AI Direct Link\AsCmd.exe" -reg O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229602726890 O17 - HKLM\System\CCS\Services\Tcpip\..\{4AE7D711-2E31-48C8-A479-EE4875F1B5CA}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip\..\{4AE7D711-2E31-48C8-A479-EE4875F1B5CA}: NameServer = 194.204.159.1 217.98.63.164 O23 - Service: 57xx SteelVine (57xx SteelVine Manager) - Unknown owner - C:\Program Files\ASUS\Drive Xpert\SteelVine.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 7886 bytes Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach More sharing options...
Art385 Napisano 10 Stycznia 2009 Zgłoś Napisano 10 Stycznia 2009 może to Gadu-Ghost Trojan 8O Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach More sharing options...
falar Napisano 12 Stycznia 2009 Zgłoś Napisano 12 Stycznia 2009 A tego Trojana nie byłoby widać w logach? Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach More sharing options...
Kolobos Napisano 12 Stycznia 2009 Zgłoś Napisano 12 Stycznia 2009 Logi sa ok, nie widac infekcji. Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach More sharing options...
