Skocz do zawartości

  2. Przeglądanie profilu: Posty: McMokasyn

McMokasyn

Rejestracja: 10 lut 2009
OFFLINE Ostatnio: 04 05 2009 12:44
-----

Moje posty

W temacie: Logi - Wykryto trojany

04 05 2009 - 12:41

CODE-BOX
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\copy.exe
C:\host.exe
c:\windows\autorun.inf
c:\windows\svchost.exe
c:\windows\system32\temp1.exe
c:\windows\system32\temp2.exe
c:\windows\xcopy.exe
D:\Autorun.inf
D:\copy.exe
D:\host.exe

.
((((((((((((((((((((((((( Pliki utworzone od 2009-04-04 do 2009-05-04 )))))))))))))))))))))))))))))))
.

2009-05-03 19:52 . 2009-05-03 21:01 -------- d-----w c:\documents and settings\NdL\Dane aplikacji\Hamachi
2009-05-03 19:52 . 2009-05-03 19:52 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-05-03 18:14 . 2009-05-03 19:59 21840 ----atw c:\windows\system32\SIntfNT.dll
2009-05-03 18:14 . 2009-05-03 19:59 17212 ----atw c:\windows\system32\SIntf32.dll
2009-05-03 18:14 . 2009-05-03 19:59 12067 ----atw c:\windows\system32\SIntf16.dll
2009-05-01 17:32 . 2009-05-01 17:32 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\InstallShield
2009-05-01 17:15 . 2009-05-01 17:15 233472 ----a-w c:\windows\system32\REX Shared Library.dll
2009-05-01 17:15 . 2009-05-01 17:15 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Propellerhead Software
2009-05-01 17:15 . 2009-05-01 17:15 225280 ----a-w c:\windows\system32\ReWire.dll
2009-05-01 17:15 . 2009-05-01 17:16 -------- d-----w c:\documents and settings\NdL\Dane aplikacji\Propellerhead Software
2009-05-01 10:15 . 2009-05-01 10:19 -------- d-----w c:\program files\America's Army Deploy Client
2009-04-30 19:49 . 2009-05-01 10:15 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\America's Army Deploy Client
2009-04-17 14:01 . 2009-04-17 14:01 -------- d-----w c:\documents and settings\NdL\Dane aplikacji\Styler
2009-04-17 13:59 . 2009-04-17 14:01 -------- d-----w c:\program files\Styler
2009-04-17 13:29 . 2009-04-17 13:29 -------- d-----w c:\documents and settings\NdL\Ustawienia lokalne\Dane aplikacji\Cooliris
2009-04-11 20:40 . 2009-04-11 20:40 -------- d--h--w c:\windows\system32\GroupPolicy
2009-04-07 13:56 . 2009-04-07 13:56 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\id Software
2009-04-04 11:27 . 2009-04-04 11:27 -------- d-----w c:\documents and settings\NdL\Dane aplikacji\id Software

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 10:43 . 2008-04-21 08:35 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-04 09:22 . 2008-04-21 09:46 189392 ----a-w c:\windows\system32\PnkBstrB.exe
2009-05-04 09:21 . 2008-04-21 09:46 138016 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-05-03 18:39 . 2008-04-21 08:39 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-17 13:54 . 2004-08-03 22:44 219648 ----a-w c:\windows\system32\uxtheme.dll
2009-04-07 14:02 . 2008-04-21 09:45 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-07 13:56 . 2009-02-10 16:08 22328 ----a-w c:\documents and settings\NdL\Dane aplikacji\PnkBstrK.sys
2009-04-07 13:56 . 2009-03-09 06:45 2246144 ----a-w c:\windows\system32\pbsvc.exe
2009-03-19 14:08 . 2009-03-19 14:08 -------- d-----w c:\program files\Kwyshell
2009-03-19 14:04 . 2009-03-19 14:04 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-03-19 14:04 . 2009-03-19 14:04 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-03-19 14:03 . 2009-03-19 14:03 -------- d-----w c:\program files\Common Files\PCSuite
2009-03-19 14:03 . 2009-03-19 14:03 -------- d-----w c:\program files\Common Files\Nokia
2009-03-19 14:03 . 2009-03-19 14:02 -------- d-----w c:\program files\Nokia
2009-03-19 14:03 . 2009-03-19 14:03 -------- d-----w c:\program files\DIFX
2009-03-19 14:03 . 2009-03-19 14:03 -------- d-----w c:\program files\PC Connectivity Solution
2009-03-16 10:11 . 2009-03-16 10:11 -------- d-----w c:\program files\Orban
2009-03-14 07:16 . 2009-03-14 07:16 -------- d-----w c:\program files\ipla
2009-03-11 20:08 . 2008-05-31 11:09 -------- d-----w c:\program files\XAC
2009-03-06 05:56 . 2009-03-05 22:19 -------- d-----w c:\program files\DAEMON Tools Lite
2009-03-05 22:20 . 2009-03-05 22:19 -------- d-----w c:\program files\DAEMON Tools Toolbar
2009-03-05 22:19 . 2009-03-05 21:43 -------- d-----w c:\program files\WinAce
2009-03-05 22:17 . 2009-03-05 22:17 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-05 21:49 . 2009-03-05 21:49 -------- d-----w c:\program files\7-Zip
2009-02-09 22:30 . 2009-02-09 22:30 249592 ----a-w c:\windows\system32\cssdll32.dll
2009-02-09 13:47 . 2009-02-13 23:33 227 ----a-w c:\windows\system.tmp
2009-02-07 09:14 . 2009-02-07 09:14 56 ---ha-w c:\windows\system32\ezsidmv.dat
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-02 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-02 86016]
"VolPanel"="c:\program files\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"Resume copy"="copyfstq.exe" - c:\windows\COPYFSTQ.EXE [2002-03-24 46080]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-02 1657376]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2008-10-08 23552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\NdL\Menu Start\Programy\Autostart\
Styler.lnk - c:\documents and settings\NdL\Dane aplikacji\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2009-4-17 15086]
[TBox] 8 iPod Games.torrent [2009-2-14 31783]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-4-21 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-27 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w c:\program files\common files\logitech\bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Gry\\Fm09\\play\\fm.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-01-03 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2008-10-08 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2008-10-08 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2008-10-08 72728]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2008-10-08 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2008-10-08 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2008-10-08 72728]


--- Inne Usługi/Sterowniki w Pamięci ---

*NewlyCreated* - PNKBSTRB
*NewlyCreated* - PNKBSTRK

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-COMODO Firewall Pro - c:\program files\COMODO\Firewall\cfp.exe


.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\NdL\Dane aplikacji\Mozilla\Firefox\Profiles\53a6irib.default\
FF - prefs.js: browser.search.selectedEngine - Allegro
FF - component: c:\documents and settings\NdL\Dane aplikacji\Mozilla\Firefox\Profiles\53a6irib.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-04 12:44
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-861567501-448539723-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:38,93,a9,af,e9,ae,4a,c9,a2,e6,e0,6d,42,96,80,0f,ab,3b,e8,91,34,
4a,82,14,29,33,cc,e1,4c,7e,0f,c2,87,cc,84,3c,bf,af,9f,70,e6,e7,88,90,fb,19,\
"rkeysecu"=hex:b8,e6,fd,c6,73,c0,8a,0d,12,c9,00,3b,17,48,16,78
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Czas ukończenia: 2009-05-04 12:45
ComboFix-quarantined-files.txt 2009-05-04 10:45
ComboFix2.txt 2009-02-09 13:49

Przed: 1 483 968 512 bajtów wolnych
Po: 2 165 694 464 bajtów wolnych

179

  1. Forum Komputerowe Tweaks.pl
  2. Przeglądanie profilu: Posty: McMokasyn
  3. Polityka prywatności
  4. Szukaj
  5. Regulamin Forum ·