Skocz do zawartości

  2. Przeglądanie profilu: Posty: MAGx2

MAGx2

Rejestracja: 30 sty 2008
OFFLINE Ostatnio: 11 09 2008 16:25
-----

Moje posty

W temacie: Program do "ochrony" przed niepożądaną treścią najmłodszych

02 09 2008 - 19:34

Wielkie dzięki za pomoc :)

W temacie: Logi - Podejrzenie infekcji

25 08 2008 - 09:51

Wielkie dzięki za pomoc :unsure: i poświęcenie swojego czasu :P

W temacie: Logi - Podejrzenie infekcji

24 08 2008 - 16:58

Zrobiłem to co mówiłeś i wrzucam raport.

[b]SDFix: Version 1.219 [/b]
Run by Administrator on 2008-08-24 at 16:28

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]: 

No Trojan Files Found




Folder C:\Documents and Settings\MAG\Dane aplikacji\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#w*w.redtube.com - Removed
Folder C:\Documents and Settings\MAG\Menu Start\Antivirus 2009 - Removed


Removing Temp Files

[b]ADS Check [/b]:
 


								 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-24 16:35:20
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:a2,65,f0,24,ad,45,ec,ca,8c,5c,ed,b3,c0,cc,44,1d,45,ce,0c,d5,a0,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:07,04,55,bc,67,6a,04,13,0f,85,59,6c,84,d7,fd,bb,82,c0,56,e1,6c,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,0c,4b,74,96,7c,ce,62,43,64,db,1d,d0,10,0f,4e,b2,02,..
"khjeh"=hex:89,81,0a,27,ba,fd,a5,35,06,9b,7b,e0,d6,c4,16,97,ba,36,f8,e5,a1,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5e,57,5f,fc,d4,d0,a5,01,fd,36,51,ee,fd,4a,5a,e4,b2,67,f8,f7,52,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:7b,d9,17,91,4f,41,77,d0,f3,17,57,44,81,ae,7e,c5,36,cf,23,bf,f3,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:da,1a,31,da,0a,77,bf,db,2a,e6,8c,40,14,f8,f7,e8,8a,91,de,8e,03,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:a2,65,f0,24,ad,45,ec,ca,8c,5c,ed,b3,c0,cc,44,1d,45,ce,0c,d5,a0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:07,04,55,bc,67,6a,04,13,0f,85,59,6c,84,d7,fd,bb,82,c0,56,e1,6c,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,0c,4b,74,96,7c,ce,62,43,64,db,1d,d0,10,0f,4e,b2,02,..
"khjeh"=hex:89,81,0a,27,ba,fd,a5,35,06,9b,7b,e0,d6,c4,16,97,ba,36,f8,e5,a1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5e,57,5f,fc,d4,d0,a5,01,fd,36,51,ee,fd,4a,5a,e4,b2,67,f8,f7,52,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:7b,d9,17,91,4f,41,77,d0,f3,17,57,44,81,ae,7e,c5,36,cf,23,bf,f3,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:da,1a,31,da,0a,77,bf,db,2a,e6,8c,40,14,f8,f7,e8,8a,91,de,8e,03,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\<a href="http://www.download.net.pl/297/uTorrent/">uTorrent</a>\\<a href="http://www.download.net.pl/297/uTorrent/">uTorrent</a>.exe"="C:\\Program Files\\<a href="http://www.download.net.pl/297/uTorrent/">uTorrent</a>\\<a href="http://www.download.net.pl/297/uTorrent/">uTorrent</a>.exe:*:Enabled:<a href="http://www.download.net.pl/297/uTorrent/">uTorrent</a>"
"C:\\Program Files\\Konnekt\\konnekt.exe"="C:\\Program Files\\Konnekt\\konnekt.exe:*:Enabled:Konnekt - Core"
"D:\\Martin\\Gry\\Soldir\\SoF2MP.exe"="D:\\Martin\\Gry\\Soldir\\SoF2MP.exe:*:Enabled:SoF2MP"
"D:\\Martin\\Programy\\p2p\\BearShare\\BearShare.exe"="D:\\Martin\\Programy\\p2p\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"D:\\Martin\\Gry\\Tibia\\Boty\\Tibia Tek Bot\\TibiaTekBot.exe"="D:\\Martin\\Gry\\Tibia\\Boty\\Tibia Tek Bot\\TibiaTekBot.exe:*:Enabled:TibiaTek Bot"
"D:\\Martin\\Gry\\Little Fighter II\\lf2.exe"="D:\\Martin\\Gry\\Little Fighter II\\lf2.exe:*:Enabled:lf2"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"
"D:\\Martin\\Gry\\Diablo II\\Diablo II.exe"="D:\\Martin\\Gry\\Diablo II\\Diablo II.exe:*:Enabled:Diablo II"
"D:\\Xawery\\gry\\Flat Out\\flatout.exe"="D:\\Xawery\\gry\\Flat Out\\flatout.exe:*:Enabled:flatout"
"D:\\Xawery\\gry\\James Bond 007 Nightfire\\Bond.exe"="D:\\Xawery\\gry\\James Bond 007 Nightfire\\Bond.exe:*:Enabled:Bond"
"D:\\Martin\\Gry\\Counter Strike\\hl.exe"="D:\\Martin\\Gry\\Counter Strike\\hl.exe:*:Enabled:Half-Life Launcher"
"D:\\Xawery\\gry\\Delta Force Xtrema\\dfx.exe"="D:\\Xawery\\gry\\Delta Force Xtrema\\dfx.exe:*:Enabled:dfx"
"D:\\Xawery\\gry\\Return to Castle Wolfenstein\\WolfMP.exe"="D:\\Xawery\\gry\\Return to Castle Wolfenstein\\WolfMP.exe:*:Enabled:WolfMP"
"C:\\Program Files\\Java\\jdk1.6.0_07\\bin\\java.exe"="C:\\Program Files\\Java\\jdk1.6.0_07\\bin\\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\Java\\jdk1.6.0_07\\jre\\bin\\java.exe"="C:\\Program Files\\Java\\jdk1.6.0_07\\jre\\bin\\java.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\\Xawery\\gry\\Tzar\\Tzar.exe"="D:\\Xawery\\gry\\Tzar\\Tzar.exe:*:Enabled:Tzar"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Fri 28 Mar 2008	 6,104,632 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Tue 18 Mar 2008		 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 12 May 2008		24,064 ...H. --- "C:\Documents and Settings\MAG\Moje dokumenty\~WRL0005.tmp"
Mon 12 May 2008		24,576 ...H. --- "C:\Documents and Settings\MAG\Moje dokumenty\~WRL2301.tmp"
Mon 12 May 2008		25,600 ...H. --- "C:\Documents and Settings\MAG\Moje dokumenty\~WRL3104.tmp"
Mon 12 May 2008		24,576 ...H. --- "C:\Documents and Settings\MAG\Moje dokumenty\~WRL3287.tmp"
Mon 12 May 2008		25,600 ...H. --- "C:\Documents and Settings\MAG\Moje dokumenty\~WRL3904.tmp"
Tue 18 Mar 2008			 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed  7 May 2008			 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\05030212059e1b9876d47b8cf2fa5e95\BITD2.tmp"

[b]Finished![/b]

W temacie: Logi - Podejrzenie infekcji

24 08 2008 - 16:11

Wielki dzięki za pomoc :unsure: .
Już usunąłem te rzeczy które wskazałeś i już zasysam SDFix i zaraz wrzucam raport.

  1. Forum Komputerowe Tweaks.pl
  2. Przeglądanie profilu: Posty: MAGx2
  3. Polityka prywatności
  4. Szukaj
  5. Regulamin Forum ·