Skocz do zawartości


Zdjęcie

Logi - Wykryto trojany

Rozpoczęty przez McMokasyn , 04 05 2009 12:27

  • Zamknięty Temat jest zamknięty
3 odpowiedzi w tym temacie

#1 McMokasyn

McMokasyn

    Nowy

  • 2 postów

Napisano 04 05 2009 - 12:27

CODE-BOX
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:06, on 2009-05-04
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\temp1.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing)
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Styler.lnk = ?
O4 - Startup: [TBox] 8 iPod Games.torrent
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6840 bytes


Użytkownik eunstachy edytował ten post 04 05 2009 - 13:09

  • 0

#2 Macsch15

Macsch15

    Profesjonalista

  • 3 705 postów

Napisano 04 05 2009 - 12:35

C:\WINDOWS\system32\temp1.exe
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O20 - AppInit_DLLs:



te powyższe wpisy "sfiksuj"
>>Hijack>>scan(Do a system scan only)>>zaznacz je >>Fix checked.

Daj loga z Combofixa

  • 0

#3 McMokasyn

McMokasyn

    Nowy

  • 2 postów

Napisano 04 05 2009 - 12:41

CODE-BOX
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\copy.exe
C:\host.exe
c:\windows\autorun.inf
c:\windows\svchost.exe
c:\windows\system32\temp1.exe
c:\windows\system32\temp2.exe
c:\windows\xcopy.exe
D:\Autorun.inf
D:\copy.exe
D:\host.exe

.
((((((((((((((((((((((((( Pliki utworzone od 2009-04-04 do 2009-05-04 )))))))))))))))))))))))))))))))
.

2009-05-03 19:52 . 2009-05-03 21:01 -------- d-----w c:\documents and settings\NdL\Dane aplikacji\Hamachi
2009-05-03 19:52 . 2009-05-03 19:52 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-05-03 18:14 . 2009-05-03 19:59 21840 ----atw c:\windows\system32\SIntfNT.dll
2009-05-03 18:14 . 2009-05-03 19:59 17212 ----atw c:\windows\system32\SIntf32.dll
2009-05-03 18:14 . 2009-05-03 19:59 12067 ----atw c:\windows\system32\SIntf16.dll
2009-05-01 17:32 . 2009-05-01 17:32 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\InstallShield
2009-05-01 17:15 . 2009-05-01 17:15 233472 ----a-w c:\windows\system32\REX Shared Library.dll
2009-05-01 17:15 . 2009-05-01 17:15 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Propellerhead Software
2009-05-01 17:15 . 2009-05-01 17:15 225280 ----a-w c:\windows\system32\ReWire.dll
2009-05-01 17:15 . 2009-05-01 17:16 -------- d-----w c:\documents and settings\NdL\Dane aplikacji\Propellerhead Software
2009-05-01 10:15 . 2009-05-01 10:19 -------- d-----w c:\program files\America's Army Deploy Client
2009-04-30 19:49 . 2009-05-01 10:15 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\America's Army Deploy Client
2009-04-17 14:01 . 2009-04-17 14:01 -------- d-----w c:\documents and settings\NdL\Dane aplikacji\Styler
2009-04-17 13:59 . 2009-04-17 14:01 -------- d-----w c:\program files\Styler
2009-04-17 13:29 . 2009-04-17 13:29 -------- d-----w c:\documents and settings\NdL\Ustawienia lokalne\Dane aplikacji\Cooliris
2009-04-11 20:40 . 2009-04-11 20:40 -------- d--h--w c:\windows\system32\GroupPolicy
2009-04-07 13:56 . 2009-04-07 13:56 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\id Software
2009-04-04 11:27 . 2009-04-04 11:27 -------- d-----w c:\documents and settings\NdL\Dane aplikacji\id Software

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 10:43 . 2008-04-21 08:35 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-04 09:22 . 2008-04-21 09:46 189392 ----a-w c:\windows\system32\PnkBstrB.exe
2009-05-04 09:21 . 2008-04-21 09:46 138016 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-05-03 18:39 . 2008-04-21 08:39 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-17 13:54 . 2004-08-03 22:44 219648 ----a-w c:\windows\system32\uxtheme.dll
2009-04-07 14:02 . 2008-04-21 09:45 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-07 13:56 . 2009-02-10 16:08 22328 ----a-w c:\documents and settings\NdL\Dane aplikacji\PnkBstrK.sys
2009-04-07 13:56 . 2009-03-09 06:45 2246144 ----a-w c:\windows\system32\pbsvc.exe
2009-03-19 14:08 . 2009-03-19 14:08 -------- d-----w c:\program files\Kwyshell
2009-03-19 14:04 . 2009-03-19 14:04 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-03-19 14:04 . 2009-03-19 14:04 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-03-19 14:03 . 2009-03-19 14:03 -------- d-----w c:\program files\Common Files\PCSuite
2009-03-19 14:03 . 2009-03-19 14:03 -------- d-----w c:\program files\Common Files\Nokia
2009-03-19 14:03 . 2009-03-19 14:02 -------- d-----w c:\program files\Nokia
2009-03-19 14:03 . 2009-03-19 14:03 -------- d-----w c:\program files\DIFX
2009-03-19 14:03 . 2009-03-19 14:03 -------- d-----w c:\program files\PC Connectivity Solution
2009-03-16 10:11 . 2009-03-16 10:11 -------- d-----w c:\program files\Orban
2009-03-14 07:16 . 2009-03-14 07:16 -------- d-----w c:\program files\ipla
2009-03-11 20:08 . 2008-05-31 11:09 -------- d-----w c:\program files\XAC
2009-03-06 05:56 . 2009-03-05 22:19 -------- d-----w c:\program files\DAEMON Tools Lite
2009-03-05 22:20 . 2009-03-05 22:19 -------- d-----w c:\program files\DAEMON Tools Toolbar
2009-03-05 22:19 . 2009-03-05 21:43 -------- d-----w c:\program files\WinAce
2009-03-05 22:17 . 2009-03-05 22:17 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-05 21:49 . 2009-03-05 21:49 -------- d-----w c:\program files\7-Zip
2009-02-09 22:30 . 2009-02-09 22:30 249592 ----a-w c:\windows\system32\cssdll32.dll
2009-02-09 13:47 . 2009-02-13 23:33 227 ----a-w c:\windows\system.tmp
2009-02-07 09:14 . 2009-02-07 09:14 56 ---ha-w c:\windows\system32\ezsidmv.dat
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-02 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-02 86016]
"VolPanel"="c:\program files\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"Resume copy"="copyfstq.exe" - c:\windows\COPYFSTQ.EXE [2002-03-24 46080]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-02 1657376]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2008-10-08 23552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\NdL\Menu Start\Programy\Autostart\
Styler.lnk - c:\documents and settings\NdL\Dane aplikacji\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2009-4-17 15086]
[TBox] 8 iPod Games.torrent [2009-2-14 31783]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-4-21 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-27 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w c:\program files\common files\logitech\bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Gry\\Fm09\\play\\fm.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-01-03 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2008-10-08 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2008-10-08 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2008-10-08 72728]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2008-10-08 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2008-10-08 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2008-10-08 72728]


--- Inne Usługi/Sterowniki w Pamięci ---

*NewlyCreated* - PNKBSTRB
*NewlyCreated* - PNKBSTRK

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-COMODO Firewall Pro - c:\program files\COMODO\Firewall\cfp.exe


.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\NdL\Dane aplikacji\Mozilla\Firefox\Profiles\53a6irib.default\
FF - prefs.js: browser.search.selectedEngine - Allegro
FF - component: c:\documents and settings\NdL\Dane aplikacji\Mozilla\Firefox\Profiles\53a6irib.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-04 12:44
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-861567501-448539723-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:38,93,a9,af,e9,ae,4a,c9,a2,e6,e0,6d,42,96,80,0f,ab,3b,e8,91,34,
4a,82,14,29,33,cc,e1,4c,7e,0f,c2,87,cc,84,3c,bf,af,9f,70,e6,e7,88,90,fb,19,\
"rkeysecu"=hex:b8,e6,fd,c6,73,c0,8a,0d,12,c9,00,3b,17,48,16,78
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Czas ukończenia: 2009-05-04 12:45
ComboFix-quarantined-files.txt 2009-05-04 10:45
ComboFix2.txt 2009-02-09 13:49

Przed: 1 483 968 512 bajtów wolnych
Po: 2 165 694 464 bajtów wolnych

179

Użytkownik eunstachy edytował ten post 04 05 2009 - 13:10

  • 0

#4 wncvirus

wncvirus

    Leń !

  • 851 postów

Napisano 07 05 2009 - 00:52

czysto

  • 0
Wróć do Bezpieczeństwo (wirusy i trojany)


Użytkownicy przeglądający ten temat: 1

0 użytkowników, 1 gości, 0 anonimowych

  1. Forum Komputerowe Tweaks.pl
  2. Oprogramowanie
  3. Bezpieczeństwo (wirusy i trojany)
  4. Polityka prywatności
  5. Szukaj
  6. Regulamin Forum ·