[wirus + logi] Czy to wirus ?
Rozpoczęty przez
Specta
, 14 11 2007 23:22
7 odpowiedzi w tym temacie
#1
Napisano 14 11 2007 - 23:22
Witam dostałem taką wiadomość:
Pod linkiem "Dalsza część wiadomości..." kryje się strona: h##p://www2.fotka.pl.host7016.kdiwr1.hk/se...1cDIJ6YGLqXRUQk
Ja oczywiście naiwnie kliknąłem a strona się nie otwarła - pojawił się jakiś błąd serwera. Czy można sprawdzić czy coś złapałem ? Jak to zrobić ?
Pod linkiem "Dalsza część wiadomości..." kryje się strona: h##p://www2.fotka.pl.host7016.kdiwr1.hk/se...1cDIJ6YGLqXRUQk
Ja oczywiście naiwnie kliknąłem a strona się nie otwarła - pojawił się jakiś błąd serwera. Czy można sprawdzić czy coś złapałem ? Jak to zrobić ?
#2
Napisano 14 11 2007 - 23:33
Daj logi z hjt i zobaczymy czy coś złapałeś
#3
Napisano 14 11 2007 - 23:39
Dzięki za szybką odpowiedź. Zamieszczam LOGA
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:46:40, on 2007-11-14 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\WinFast\WFTVFM\WFWIZ.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe C:\Program Files\PCRemoter\pcr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\MxClock\mxClock.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Portrait Displays\DisplayTune\DTSRVC.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\TC PowerPack\totalcmd.exe F:\Instalacja XP\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft....k/?LinkId=69157[/url] R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url="http://www.faststone.org/ThankYou.htm"]http://www.faststone.org/ThankYou.htm[/url] R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" O4 - HKCU\..\Run: [PCRemoter] C:\Program Files\PCRemoter\pcr.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [mxClock] C:\Program Files\MxClock\mxClock.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Desktop Calendar StartUp.lnk = C:\Program Files\Desktop Calendar\DESKCAL.EXE O4 - Global Startup: DisplayTune.lnk = C:\Program Files\Portrait Displays\DisplayTune\dthtml.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\DisplayTune\DTSRVC.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7143 bytes
Użytkownik pawel315 edytował ten post 05 01 2013 - 17:54
#4
Napisano 14 11 2007 - 23:48
Log czysty.Powiedz mi tylko czy sam instalowałeś ten [PCRemoter] program?
#5
Napisano 15 11 2007 - 00:10
Tak. To program do sterowania komputerem za pomocą pilota. Dodawany w zestawie z pilotem.
Wielkie dzięki.
Wielkie dzięki.
#6
Napisano 17 11 2007 - 19:39
Pokaż logi z: Silent Runners + ComboFix.
#7
Napisano 17 11 2007 - 19:41
odinstaluj ten programik moze pomoze..zainstaluj do pilota girdera.......mam podczerwin wlasnej roboty ktora kosztowala mnie w sumie 5 zeta i 15 min lutowania i pilot od tv
#8
Napisano 18 11 2007 - 00:14
Tutaj Silent Runners:
Tutaj ComboFix:
"Silent Runners.vbs", revision 52, [url="http://www.silentrunners.org/"]http://www.silentrunners.org/[/url] Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "AWMON" = ""C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"" ["Lavasoft Sweden"] "PCRemoter" = "C:\Program Files\PCRemoter\pcr.exe" ["KLOSNET"] "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."] "mxClock" = "C:\Program Files\MxClock\mxClock.exe" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "] "CTSysVol" = "C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r" ["Creative Technology Ltd"] "Kernel and Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."] "P17Helper" = "Rundll32 P17.dll,P17Helper" [MS] "WinFast Schedule" = "C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" ["Leadtek Research Inc."] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."] "QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."] "iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\ {++} "Flag" = hex:0x00000002 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture" -> {HKLM...CLSID} = "BitComet Helper" \InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO.dll" ["BitComet"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] {AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEToolbarHelper Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"] "{19F500E0-9964-11cf-B63D-08002B317C03}" = "Desktop Icon Layout" -> {HKLM...CLSID} = "Desktop Icon Layout" \InProcServer32\(Default) = "Layout.dll" ["Microsoft"] "{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1" -> {HKLM...CLSID} = "dBpShell Class" \InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll" [empty string] "{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter" -> {HKLM...CLSID} = "dMCIShell Class" \InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll" [empty string] "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}" = "jetAudio" -> {HKLM...CLSID} = "JetFlExt Class" \InProcServer32\(Default) = "C:\Program Files\JetAudio\JetFlExt.dll" ["COWON America"] "{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}" = "Logitech Setpoint Extension" -> {HKLM...CLSID} = "KbLogiExt Class" \InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\kbcplext.dll" ["Logitech Inc."] "{B9B9F083-2B04-452A-8691-83694AC1037B}" = "Logitech Setpoint Extension" -> {HKLM...CLSID} = "LogiExt Class" \InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\mcplext.dll" ["Logitech Inc."] "{6B19FEC2-A45B-11CF-9045-00A0C9039735}" = "Registered ActiveX Controls" -> {HKLM...CLSID} = "Registered ActiveX Controls" \InProcServer32\(Default) = "C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL" [MS] "{D545EBD1-BD92-11CF-8772-00A0C9039735}" = "Developer Studio Components" -> {HKLM...CLSID} = "Developer Studio Components" \InProcServer32\(Default) = "C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL" [MS] "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data] "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] "{654D0431-C930-43C4-B8DA-9AA01BA5B486}" = "PDI GUI Engine COM Obj" -> {HKLM...CLSID} = "PDI GUI Engine COM Obj" \InProcServer32\(Default) = "C:\Program Files\Portrait Displays\DisplayTune\HtmlEngine.dll" ["Portrait Displays, Inc"] "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser" -> {HKLM...CLSID} = "Nokia Phone Browser" \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."] HKLM\Software\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"] {FED7043D-346A-414D-ACD7-550D052499A7}\(Default) = "dBpowerAMP Column Handler" -> {HKLM...CLSID} = "dBpShell Class" \InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll" [empty string] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ jetAudio\(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}" -> {HKLM...CLSID} = "JetFlExt Class" \InProcServer32\(Default) = "C:\Program Files\JetAudio\JetFlExt.dll" ["COWON America"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ FineReader8\(Default) = "{F7091C74-EBB1-49D7-94C7-FE4886CCC18D}" -> {HKLM...CLSID} = "FineReader8ExplorerContextMenuHandler" \InProcServer32\(Default) = "C:\Program Files\ABBYY FineReader 8.0 Professional Edition\FECMenu.dll" ["ABBYY Software"] IconLayout\(Default) = "{19F500E0-9964-11cf-B63D-08002B317C03}" -> {HKLM...CLSID} = "Desktop Icon Layout" \InProcServer32\(Default) = "Layout.dll" ["Microsoft"] jetAudio\(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}" -> {HKLM...CLSID} = "JetFlExt Class" \InProcServer32\(Default) = "C:\Program Files\JetAudio\JetFlExt.dll" ["COWON America"] NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\Program Files\AutoPatcher\modules\AddOns\Wallpapers\newwalls\New Bliss.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Program Files\AutoPatcher\modules\AddOns\Wallpapers\newwalls\New Bliss.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\JP_Snow.scr" ["nufsoft.com"] Startup items in "Adi" & "All Users" startup folders: ----------------------------------------------------- C:\Documents and Settings\Adi\Menu Start\Programy\Autostart "Desktop Calendar StartUp" -> shortcut to: "C:\Program Files\Desktop Calendar\DESKCAL.EXE -OnlyDraw" ["Shinonon Free Softrware"] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "DisplayTune" -> shortcut to: "C:\Program Files\Portrait Displays\DisplayTune\dthtml.exe -startup_folder" ["Portrait Displays, Inc"] "Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\SetPoint.exe" ["Logitech Inc."] Enabled Scheduled Tasks: ------------------------ "AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 12 %SystemRoot%\system32\mswsock.dll [MS], 06 - 09, 13 - 24 %SystemRoot%\system32\rsvpsp.dll [MS], 10 - 11 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll" [null data] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided) -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll" [null data] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll" [null data] HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Badanie" {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."] Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.exe" ["Creative Technology Ltd"] Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Portrait Displays Display Tune Service, DTSRVC, "C:\Program Files\Portrait Displays\DisplayTune\DTSRVC.exe" [null data] Ulead Burning Helper, UleadBurningHelper, "C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."] Urządzenie mobilne Apple, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple, Inc."] Usługa iPod, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."] Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]} WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\system32\MsPMSPSv.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."] Canon BJ Language Monitor iP1600\Driver = "CNMLM75.DLL" ["CANON INC."] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] PDFCreator\Driver = "pdfcmnnt.dll" [null data] ---------- (launch time: 2007-11-14 22:53:14) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 52 seconds, including 4 seconds for message boxes)
Tutaj ComboFix:
ComboFix 07-11-08.1 - Adi 2007-11-17 23:16:57.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.490 [GMT 1:00] Running from: F:\Instalacja XP\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\myglobalsearch C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL . ((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 ))))))))))))))))))))))))))))))) . 2007-11-17 23:15 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-17 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\GRETECH 2007-11-17 14:52 <DIR> d-------- C:\Program Files\GRETECH 2007-11-17 14:52 <DIR> d-------- C:\Documents and Settings\Adi\Dane aplikacji\GRETECH 2007-11-17 08:28 <DIR> d-------- C:\Program Files\MagicISO 2007-11-17 06:50 <DIR> d-------- C:\Program Files\Web Idea Tree 2007-11-16 02:11 <DIR> d-------- C:\Program Files\Computerbrains 2007-11-16 02:11 <DIR> d-------- C:\Documents and Settings\Adi\WINDOWS 2007-11-14 23:00 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2007-11-14 21:37 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-11-14 21:36 <DIR> d-------- C:\Program Files\PerformanceTest 2007-11-13 22:44 129,536 --a------ C:\WINDOWS\system32\IJL15.dll 2007-11-12 20:23 <DIR> d-------- C:\Program Files\PF3DEN 2007-11-11 21:30 <DIR> d-------- C:\Program Files\Arjaloc 2007-11-11 09:32 <DIR> d-------- C:\Program Files\iPod 2007-11-10 20:23 <DIR> d-------- C:\WINDOWS\[u]0[/u]4_screensaver_Prima_clock dir 2007-11-10 20:23 12,288 --a------ C:\WINDOWS\impborl.dll 2007-11-10 10:01 <DIR> d-------- C:\Documents and Settings\Adi\Dane aplikacji\Nokia Multimedia Player 2007-11-10 09:49 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2007-11-10 09:49 <DIR> d-------- C:\Program Files\Common Files\Nokia 2007-11-10 09:47 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2007-11-10 09:43 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Installations 2007-11-09 06:34 <DIR> d-------- C:\Documents and Settings\Adi\Dane aplikacji\JAM Software 2007-11-09 06:33 <DIR> d-------- C:\Program Files\JAM Software 2007-11-08 02:10 <DIR> d-------- C:\Program Files\Sonic Foundry 2007-11-08 02:08 <DIR> d-------- C:\Program Files\Sonic Foundry Setup 2007-11-08 01:31 <DIR> d-------- C:\Program Files\Total Video Converter 2007-11-07 19:08 <DIR> d-------- C:\Program Files\IVCsoft 2007-11-07 18:52 <DIR> d-------- C:\Program Files\Absolute Video Converter 2007-11-07 18:45 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\shctxex.vb 2007-11-07 18:45 245,408 --a------ C:\WINDOWS\system32\unicows.dll 2007-11-07 18:45 69,632 --a------ C:\WINDOWS\system32\vzcontextmenu.dll 2007-11-07 18:45 4,608 --a------ C:\WINDOWS\system32\W95INF32.DLL 2007-11-07 18:45 2,272 --a------ C:\WINDOWS\system32\W95INF16.DLL 2007-11-07 18:36 <DIR> d-------- C:\WINDOWS\Mozilla 2007-11-07 18:08 <DIR> d-------- C:\Program Files\MediaCoder 2007-11-07 17:56 <DIR> d-------- C:\Program Files\FLVPlayer 2007-11-06 22:48 <DIR> d-------- C:\Program Files\Futuremark 2007-11-06 22:41 <DIR> d-------- C:\Program Files\Hot CPU Tester Pro 4 LE 2007-11-06 22:12 <DIR> d-------- C:\Program Files\Prime95 2007-11-06 22:05 <DIR> d-------- C:\Program Files\Intel Corporation 2007-11-04 05:33 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet 2007-11-04 05:21 <DIR> d-------- C:\Program Files\Bonjour 2007-11-04 05:07 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2007-11-04 04:56 <DIR> d-------- C:\Program Files\Adobe CS3 2007-11-01 11:47 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Last.fm 2007-11-01 11:43 <DIR> d-------- C:\Program Files\Last.fm 2007-11-01 09:37 <DIR> d-------- C:\Program Files\Acoustica CD Label Maker 2007-11-01 09:37 <DIR> d-------- C:\Documents and Settings\Adi\Dane aplikacji\Acoustica 2007-11-01 09:29 <DIR> d-------- C:\WINDOWS\MVUNINST 2007-11-01 09:29 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared 2007-11-01 08:11 <DIR> d-------- C:\Program Files\Green Point Software 2007-11-01 06:39 <DIR> d-------- C:\Documents and Settings\Adi\Dane aplikacji\VMware 2007-11-01 06:33 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\VMware 2007-11-01 06:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\VMware 2007-10-31 17:42 <DIR> d-------- C:\Documents and Settings\Adi\Dane aplikacji\Picajet.com 2007-10-31 17:41 <DIR> d-------- C:\Program Files\PicaJet 2007-10-30 22:36 <DIR> d-------- C:\Program Files\Google 2007-10-29 17:46 <DIR> d-------- C:\Program Files\Access Password Recovery Genie 2007-10-28 23:56 <DIR> d-------- C:\WINDOWS\system32\Color 2007-10-28 16:05 <DIR> d-------- C:\Program Files\Neoretix 2007-10-27 18:59 <DIR> d-------- C:\Documents and Settings\Adi\Dane aplikacji\FreeCall 2007-10-27 18:58 <DIR> d-------- C:\Program Files\FreeCall.com 2007-10-27 00:02 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2007-10-26 19:07 <DIR> d-------- C:\Documents and Settings\Adi\Dane aplikacji\ACD Systems 2007-10-26 19:05 <DIR> d-------- C:\Program Files\Common Files\ACD Systems 2007-10-26 19:05 <DIR> d-------- C:\Program Files\ACD Systems 2007-10-26 19:05 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ACD Systems 2007-10-26 19:05 9,856 --a------ C:\WINDOWS\system32\drivers\pfc.sys 2007-10-26 05:20 <DIR> d-------- C:\Program Files\Lavalys 2007-10-26 05:05 <DIR> d-------- C:\Program Files\360 Degrees of Freedom 2007-10-26 05:05 1,146,970 --a------ C:\WINDOWS\system32\SWFWriterStandalone.dll 2007-10-23 05:20 <DIR> d-------- C:\Documents and Settings\Adi\Dane aplikacji\DisplayTune 2007-10-23 05:19 11,776 --a------ C:\WINDOWS\system32\drivers\pdiddcci.sys 2007-10-23 05:19 9,984 --a------ C:\WINDOWS\system32\drivers\PdiPorts.sys 2007-10-23 05:18 <DIR> d-------- C:\Program Files\Portrait Displays 2007-10-21 18:46 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-10-21 18:46 118,056 --------- C:\WINDOWS\system32\pxcpyi64.exe 2007-10-21 18:31 307,200 --a------ C:\WINDOWS\IsUn0415.exe 2007-10-21 15:23 <DIR> d-a------ C:\Program Files\HEXelonMAX6 2007-10-21 15:23 <DIR> d-------- C:\Documents and Settings\Adi\Dane aplikacji\HEXelon 2007-10-21 15:02 <DIR> d-------- C:\Program Files\JoshMadison 2007-10-20 09:12 <DIR> d-------- C:\Program Files\MAUS Software 2007-10-20 09:12 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll 2007-10-20 07:38 933,694 --a------ C:\WINDOWS\JP_Snow.scr 2007-10-20 07:30 <DIR> d-------- C:\Program Files\Nufsoft 2007-10-20 07:04 <DIR> d-------- C:\Documents and Settings\Adi\Dane aplikacji\3M . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-17 22:20 --------- d-----w C:\Documents and Settings\Adi\Dane aplikacji\BitTorrent 2007-11-17 22:12 --------- d-----w C:\Program Files\Mozilla Thunderbird 2007-11-17 09:48 --------- d-----w C:\Program Files\BitTorrent 2007-11-17 06:09 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2007-11-16 19:35 --------- d-----w C:\Program Files\SpeedFan 2007-11-12 19:23 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-11 08:32 --------- d-----w C:\Program Files\iTunes 2007-11-11 08:30 --------- d-----w C:\Program Files\QuickTime 2007-11-10 08:52 --------- d-----w C:\Documents and Settings\Adi\Dane aplikacji\Nokia 2007-11-10 08:49 --------- d-----w C:\Program Files\Nokia 2007-11-10 08:47 --------- d-----w C:\Program Files\DIFX 2007-11-06 23:11 --------- d-----w C:\Documents and Settings\Adi\Dane aplikacji\Sony 2007-11-04 08:51 --------- d-----w C:\Program Files\Common Files\Adobe 2007-11-02 17:15 --------- d-----w C:\Program Files\NAPI-PROJEKT 2007-10-31 17:37 --------- d-----w C:\Documents and Settings\Adi\Dane aplikacji\Canon 2007-10-28 13:09 --------- d-----w C:\Program Files\Gadu-Gadu 2007-10-28 09:57 --------- d-----w C:\Program Files\Soulseek 2007-10-26 22:32 --------- d-----w C:\Program Files\Ant Movie Catalog 2007-10-26 22:26 --------- d-----w C:\Program Files\LaserSoft 2007-10-26 22:22 --------- d-----w C:\Program Files\Native Instruments 2007-10-26 22:21 --------- d-----w C:\Program Files\VSTplugins 2007-10-26 22:10 --------- d-----w C:\Program Files\InterActual 2007-10-26 22:03 --------- d-----w C:\Program Files\Alchemy Mindworks 2007-10-26 22:02 --------- d-----w C:\Program Files\EarMaster Pro 5 2007-10-26 21:59 --------- d-----w C:\Program Files\Chess3D 2007-10-26 21:57 --------- d-----w C:\Program Files\BWMeter 2007-10-26 21:57 --------- d-----w C:\Documents and Settings\Adi\Dane aplikacji\DeskSoft 2007-10-26 04:09 --------- d-----w C:\Program Files\FastStone Image Viewer 2007-10-19 22:02 --------- d-----w C:\Documents and Settings\Adi\Dane aplikacji\Thinstall 2007-10-15 22:21 --------- d-----w C:\Program Files\WinISO 2007-10-15 21:18 --------- d-----w C:\Documents and Settings\Adi\Dane aplikacji\Lionhead Studios 2007-10-14 11:06 --------- d-----w C:\Program Files\Mpc2mp3 2007-10-14 10:56 593,272 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe 2007-10-10 20:31 --------- d-----w C:\Documents and Settings\Adi\Dane aplikacji\Spectaculator 2007-10-10 20:22 --------- d-----w C:\Program Files\ZX Spectrum Emulator 2007-10-10 04:34 --------- d-----w C:\Program Files\Leksykonia 2007-10-07 05:35 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\DeskSoft 2007-10-06 04:48 --------- d-----w C:\Documents and Settings\Adi\Dane aplikacji\SlySoft 2007-10-05 04:23 --------- d-----w C:\Program Files\Java 2007-10-05 04:22 --------- d-----w C:\Program Files\Common Files\Java 2007-10-02 20:37 --------- d-----w C:\Program Files\TesterM 2007-10-02 20:37 --------- d-----w C:\Program Files\Apple Software Update 2007-09-30 17:59 --------- d-----w C:\Documents and Settings\Adi\Dane aplikacji\Lasersoft Imaging 2007-09-30 12:39 --------- d-----w C:\Documents and Settings\Adi\Dane aplikacji\Corel 2007-09-30 12:35 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InstallShield 2007-09-30 12:34 --------- d-----w C:\Program Files\Common Files\Corel 2007-09-30 12:33 --------- d-----w C:\Program Files\Corel 2007-09-30 12:33 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-09-30 06:59 --------- d-----w C:\Program Files\Kurs Photoshop CS 2007-09-29 06:23 --------- d-----w C:\Program Files\G DATA Software 2007-09-24 19:52 --------- d-----w C:\Program Files\eMule 2007-09-23 08:12 --------- d-----w C:\Documents and Settings\Adi\Dane aplikacji\Gadu-Gadu 2007-09-23 07:55 --------- d-----w C:\Program Files\Opera 2007-09-23 06:28 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Avery 2007-09-22 00:10 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\SecTaskMan 2007-09-22 00:05 --------- d-----w C:\Program Files\40tude Dialog 2007-09-21 22:26 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\EarMaster 2007-08-30 04:33 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2007-08-27 15:30 44,544 ----a-w C:\WINDOWS\system32\msxml4a.dll 2007-08-25 17:27 197,632 ----a-w C:\Program Files\HexView.exe 1999-10-30 20:54 561,152 ----a-w C:\Program Files\Convert_original.exe 1999-10-30 20:54 561,152 ----a-w C:\Program Files\Convert.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 20:43] "nwiz"="nwiz.exe" [2006-08-11 20:43 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 20:43] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-15 00:47] "CTSysVol"="C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 09:43] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 14:44 C:\WINDOWS\KHALMNPR.Exe] "P17Helper"="P17.dll" [2005-05-03 18:38 C:\WINDOWS\system32\P17.dll] "WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2007-05-22 09:14] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AWMON"="C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" [2005-05-25 11:12] "PCRemoter"="C:\Program Files\PCRemoter\pcr.exe" [2004-08-12 16:19] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-09-23 09:13] "mxClock"="C:\Program Files\MxClock\mxClock.exe" [2006-12-30 08:43] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ DisplayTune.lnk - C:\Program Files\Portrait Displays\DisplayTune\dthtml.exe [2007-10-23 05:19:06] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-15 08:59:05] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup" R0 AFPAnsi;G-DATA Ukrywacz Ansi;C:\WINDOWS\system32\Drivers\AFPAnsi.sys R0 FO_PAnt;FotoOffice VirtualDisc Driver;C:\WINDOWS\system32\Drivers\FO_PAnt.sys R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys R2 hmonitor;hmonitor;\??\C:\WINDOWS\system32\drivers\hmonitor.sys R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys R3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS\system32\Drivers\LUsbFilt.Sys R3 P17;Sound Blaster Live! 24-bit;C:\WINDOWS\system32\drivers\P17.sys R3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys R3 WFIOCTL;WFIOCTL;\??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS S3 DSDrv4;DSDrv4;\??\C:\PROGRA~1\DScaler\DSDrv4.sys S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] \Shell\AutoRun\command - J:\CD_Start.exe . Contents of the 'Scheduled Tasks' folder "2007-10-02 20:37:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2007-11-17 23:22:32 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-17 23:23:24 - machine was rebooted . --- E O F ---
Użytkownik pawel315 edytował ten post 05 01 2013 - 17:53
logi wstawiłem w tagi code
Użytkownicy przeglądający ten temat: 0
0 użytkowników, 0 gości, 0 anonimowych