Od jakiegoś czasu NOD32 wywala mi informację o wirusie. Wrzuciłem go do kwarantanny i rozłączyłem połączenie. Dziś wyskoczyło to samo, lecz tym razem Mozilla sama się otworzyła i weszła na stronę, której połączenie było nieudane. Jakby tego było mało, IE sam tworzy sobie ikonkę na pulpicie. Przesyłam combosa i hijacka:
- Kod: Zaznacz wszystko
ComboFix 08-10-12.01 - Michał -Lordi- 2008-10-14 13:31:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.651 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\Michał -Lordi-\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
* Resident AV is active
[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Michał -Lordi-\Ulubione\Download programs.url
C:\Documents and Settings\Michał -Lordi-\Ulubione\Games.url
C:\Documents and Settings\Michał -Lordi-\Ulubione\Translator.url
C:\Documents and Settings\Michał -Lordi-\Ulubione\Videos.url
C:\WINDOWS\system32\mt_32.dll
C:\WINDOWS\system32\plugin1.dat
C:\WINDOWS\system32\SysPr.prx
----- BITS: Możliwe zainfekowane strony -----
hxxp://lh6.ggpht.com
hxxp://lh3.ggpht.com
hxxp://lh4.ggpht.com
hxxp://lh5.ggpht.com
.
((((((((((((((((((((((((( Pliki utworzone od 2008-09-14 do 2008-10-14 )))))))))))))))))))))))))))))))
.
2008-10-09 13:55 . 2008-10-09 13:55 <DIR> d--hs---- C:\found.004
2008-10-02 20:51 . 2008-10-02 20:51 <DIR> d-------- C:\Program Files\Valve
2008-10-01 18:28 . 2008-10-01 18:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-01 18:28 . 2008-10-01 18:28 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-27 21:19 . 2008-09-27 21:21 <DIR> d-------- C:\Program Files\PhotoScape
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 11:05 --------- d-----w C:\Documents and Settings\Michał -Lordi-\Dane aplikacji\foobar2000
2008-10-12 14:56 --------- d-----w C:\Documents and Settings\Michał -Lordi-\Dane aplikacji\Skype
2008-10-09 13:45 --------- d-----w C:\Program Files\Gadu-Gadu
2008-10-02 18:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-01 16:23 --------- d-----w C:\Program Files\Samurize
2008-09-28 18:03 --------- d-----w C:\Program Files\RocketDock
2008-09-19 19:47 --------- d-----w C:\Program Files\Counter-Strike
2008-09-12 16:53 --------- d-----w C:\Program Files\Sun
2008-09-12 16:52 --------- d-----w C:\Program Files\Java
2008-09-11 09:07 --------- d-----w C:\Documents and Settings\House\Dane aplikacji\Winamp
2008-08-31 14:59 --------- d-----w C:\Program Files\Common Files\Onet.pl
2008-08-31 13:55 --------- d-----w C:\Program Files\Skype
2008-08-31 11:10 --------- d-----w C:\Program Files\Onet
2008-08-31 11:10 --------- d-----w C:\Documents and Settings\Michał -Lordi-\Dane aplikacji\Kamerzysta
2008-08-31 11:10 --------- d-----w C:\Documents and Settings\Michał -Lordi-\Dane aplikacji\AutoUpdate
2008-08-28 19:17 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-08-18 19:39 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-08-18 19:39 --------- d-----w C:\Documents and Settings\Michał -Lordi-\Dane aplikacji\teamspeak2
2008-08-14 19:28 --------- d-----w C:\Program Files\Winamp
2008-08-14 19:26 --------- d-----w C:\Documents and Settings\Michał -Lordi-\Dane aplikacji\Winamp
2008-05-08 15:02 33,600 ----a-w C:\Documents and Settings\Michał -Lordi-\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-03-17 11:56 32,048 ----a-w C:\Documents and Settings\House\Dane aplikacji\GDIPFONTCACHEV1.DAT
2007-12-10 20:10 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2007-11-08 14:12 4,057 ----a-w C:\Program Files\Mozilla FirefoxPEX.PhoneExplorer.txt
2007-08-27 21:05 1,554 ----a-w C:\Program Files\KonnektPEX.PhoneExplorer.txt
2007-05-04 16:45 1,563 ----a-w C:\Program Files\SpoX Editor 2007PEX.PhoneExplorer.txt
2008-01-19 19:45 80 --sh--r C:\WINDOWS\system32\EDAEE81F29.dll
.
------- Sigcheck -------
2005-03-02 20:21 578560 6a93565be9b8422eb7538c66ac732d76 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2001-10-26 19:29 562688 c30a1860fb4608a73023bb417acc93ba C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2004-08-04 01:44 578560 0c81764f50f32d376e6e4b9e9f4b01a0 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 20:18 550400 215fcb47ec6b9a4f023278cf5b14d833 C:\WINDOWS\ServicePackFiles\i386\user32.dll
2005-03-02 20:18 578560 b7eeb1a1af740306049241ddf61f21ff C:\WINDOWS\SoftwareDistribution\Download\ef0eb4021a89170edd4d57c53df1dbef\sp2gdr\user32.dll
2005-03-02 20:21 578560 6a93565be9b8422eb7538c66ac732d76 C:\WINDOWS\SoftwareDistribution\Download\ef0eb4021a89170edd4d57c53df1dbef\sp2qfe\user32.dll
2005-03-02 20:18 578560 b7eeb1a1af740306049241ddf61f21ff C:\WINDOWS\Super Turbo Tango Patcher\Backup\user32.dll
2005-03-02 20:18 550400 215fcb47ec6b9a4f023278cf5b14d833 C:\WINDOWS\system32\user32.dll
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2001-08-18 08:24 327168 e7774698bb0d14b0710a9a31e209f9b6 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2007-06-17 17:56 359040 c81d6a930a7805f6daa0c7902b99037e C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\SoftwareDistribution\Download\9f3c06013c349f7f3e9f976705c500f5\sp2gdr\tcpip.sys
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\SoftwareDistribution\Download\9f3c06013c349f7f3e9f976705c500f5\sp2qfe\tcpip.sys
2007-06-17 17:56 359808 de891ad282e856acfd40990094a63b6f C:\WINDOWS\system32\dllcache\tcpip.sys
2007-06-17 17:56 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\system32\drivers\tcpip.sys
2005-03-02 20:14 2058240 35d11fdc381536ab95e3005489131f44 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2001-10-26 20:03 1898112 0bf3b27c8df71e13d1759a7c820c21fc C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-04 01:38 2058112 44d1bc1b05e0c7c82e81687b79c653c7 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:08 2058112 0f6990820c6ce0a7a911fae5937ef1f6 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2005-03-02 20:08 2230144 c3d87ce5161e894980c66ba6cd884683 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2005-03-02 20:08 2058112 0f6990820c6ce0a7a911fae5937ef1f6 C:\WINDOWS\SoftwareDistribution\Download\ef0eb4021a89170edd4d57c53df1dbef\sp2gdr\ntkrnlpa.exe
2005-03-02 20:14 2058240 35d11fdc381536ab95e3005489131f44 C:\WINDOWS\SoftwareDistribution\Download\ef0eb4021a89170edd4d57c53df1dbef\sp2qfe\ntkrnlpa.exe
2005-03-02 20:08 2058112 0f6990820c6ce0a7a911fae5937ef1f6 C:\WINDOWS\Super Turbo Tango Patcher\Backup\ntkrnlpa.exe
2007-08-25 23:10 2230144 7a77d2169735d00323ea24859f78e89e C:\WINDOWS\system32\ntkrnlpa.exe
2005-03-02 20:14 2180864 dba3e4215279c8012b37d2135b531258 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2001-10-26 18:51 1983616 7be0777d592cbb55712cead4598da88e C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-04 01:39 2182272 dcf53422b7edded3b7431fbae4a7ee3f C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:09 2180608 3f3612846d67352468d2286fc23fb0c2 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2005-03-02 20:09 2352640 a2ff45236dc319eeceaf2707b35ce879 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2005-03-02 20:09 2180608 3f3612846d67352468d2286fc23fb0c2 C:\WINDOWS\SoftwareDistribution\Download\ef0eb4021a89170edd4d57c53df1dbef\sp2gdr\ntoskrnl.exe
2005-03-02 20:14 2180864 dba3e4215279c8012b37d2135b531258 C:\WINDOWS\SoftwareDistribution\Download\ef0eb4021a89170edd4d57c53df1dbef\sp2qfe\ntoskrnl.exe
2005-03-02 20:09 2180608 3f3612846d67352468d2286fc23fb0c2 C:\WINDOWS\Super Turbo Tango Patcher\Backup\ntoskrnl.exe
2007-08-25 23:10 2352640 79c6f38a8d7a74ffde7e1c361ca376b1 C:\WINDOWS\system32\ntoskrnl.exe
2004-08-04 01:44 998912 84e92f81a03897acd3d3880f9b418c6f C:\WINDOWS\explorer.exe
2001-10-26 19:29 1002496 0b6cb4abb3166e1717bda7895f2029d8 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 01:44 998912 84e92f81a03897acd3d3880f9b418c6f C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2004-08-04 01:44 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\Super Turbo Tango Patcher\Backup\explorer.exe
2001-10-26 19:30 113664 19da7b79649993cc2668dac80092ca44 C:\WINDOWS\$NtServicePackUninstall$\wuauclt.exe
2005-05-26 05:16 114968 ffdf3419ddcbf64e24d22f3172e8d59b C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
2005-05-26 05:16 125208 ab6d4996ada75ef2f0393411cfe634f4 C:\WINDOWS\Super Turbo Tango Patcher\Backup\wuauclt.exe
2005-05-26 05:16 114968 ffdf3419ddcbf64e24d22f3172e8d59b C:\WINDOWS\system32\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-19 65536]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 128000]
"Google Update"="C:\Documents and Settings\Michał -Lordi-\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-12 917504]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-09-14 144792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-14 29744]
"SoundMan"="SOUNDMAN.EXE" [2003-04-24 C:\WINDOWS\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]
C:\Documents and Settings\House\Menu Start\Programy\Autostart\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-08-14 106496]
C:\Documents and Settings\Micha -Lordi-\Menu Start\Programy\Autostart\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-08-14 106496]
Skr˘t do miranda32.exe.lnk - D:\Miranda IM\Miranda IM\miranda32.exe [2008-01-13 551508]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.CSCD"= camcodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^honestech Video Patrol 4.0 Trial Scheduler.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\honestech Video Patrol 4.0 Trial Scheduler.lnk
backup=C:\WINDOWS\pss\honestech Video Patrol 4.0 Trial Scheduler.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Kalendarz XP.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Kalendarz XP.lnk
backup=C:\WINDOWS\pss\Kalendarz XP.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Super Turbo Tango Patcher Reloader.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Super Turbo Tango Patcher Reloader.lnk
backup=C:\WINDOWS\pss\Super Turbo Tango Patcher Reloader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Michał -Lordi-^Menu Start^Programy^Autostart^hamachi.lnk]
path=C:\Documents and Settings\Michał -Lordi-\Menu Start\Programy\Autostart\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Michał -Lordi-^Menu Start^Programy^Autostart^Last.fm Helper.lnk]
path=C:\Documents and Settings\Michał -Lordi-\Menu Start\Programy\Autostart\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Michał -Lordi-^Menu Start^Programy^Autostart^Rainlendar.lnk]
path=C:\Documents and Settings\Michał -Lordi-\Menu Start\Programy\Autostart\Rainlendar.lnk
backup=C:\WINDOWS\pss\Rainlendar.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Michał -Lordi-^Menu Start^Programy^Autostart^Rapidown.lnk]
path=C:\Documents and Settings\Michał -Lordi-\Menu Start\Programy\Autostart\Rapidown.lnk
backup=C:\WINDOWS\pss\Rapidown.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Michał -Lordi-^Menu Start^Programy^Autostart^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\Michał -Lordi-\Menu Start\Programy\Autostart\Yahoo! Widget Engine.lnk
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Michał -Lordi-^Menu Start^Programy^Autostart^Yahoo! Widgets.lnk]
path=C:\Documents and Settings\Michał -Lordi-\Menu Start\Programy\Autostart\Yahoo! Widgets.lnk
backup=C:\WINDOWS\pss\Yahoo! Widgets.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVFX Engine]
--------- 2006-06-09 02:11 24576 C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\V0220Cvw.dll]
-ra------ 2006-05-23 19:00 245760 C:\WINDOWS\system32\V0220Cvw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]
--------- 2006-05-31 17:00 143360 C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 16:57 133016 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2008-03-20 12:04 2127296 C:\Program Files\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-08-09 06:03 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]
--a------ 2005-05-24 22:41 565248 C:\KonnektPlus\konnekt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt_6b95416a_Alex]
--a------ 2005-05-24 23:41 503808 C:\Program Files\Konnekt\konnekt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
--a------ 2006-07-13 07:33 57344 C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]
--a------ 2007-05-03 10:02 264704 C:\Program Files\Odkurzacz\odk_mcd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Openwares LiveUpdate]
--a------ 2003-12-13 19:17 61440 C:\Program Files\LIVEUPDATE\LiveUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
--a------ 2007-09-02 13:58 495616 C:\Program Files\RocketDock\RocketDock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-08-11 17:46 21741864 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0220Mon.exe]
-ra------ 2006-06-28 19:01 32768 C:\WINDOWS\V0220Mon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-08-04 01:02 36352 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Konnekt\\konnekt.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Documents and Settings\\Michał -Lordi-\\Moje dokumenty\\utorrent.exe"=
"D:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Last.fm\\LastFM.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\Michał -Lordi-\\Dane aplikacji\\SopCast\\adv\\SopAdver.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\WebServ\\mysql\\bin\\WebServ(mysqld).exe"=
"C:\\Program Files\\WebServ\\apache2\\bin\\WebServ(apache).exe"=
"C:\\Program Files\\Counter-Strike\\hl.exe"=
"C:\\Program Files\\Counter-Strike\\hlds.exe"=
"D:\\Miranda IM\\Miranda IM\\miranda32.exe"=
"C:\\KonnektPlus\\konnekt.exe"=
"C:\\Program Files\\honestech Video Patrol 4.0\\scheduler.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 140800]
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 5504]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-09-12 147456]
R3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\system32\DRIVERS\V0220Dev.sys [2006-06-29 146112]
R3 V0220Vfx;V0220VFX;C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys [2006-06-08 6272]
S3 GoogleDesktopManager-022208-143751;Menedżer Google Desktop 5.7.802.22438;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-14 29744]
S3 IrUSB;ArkMicro USB Infrared Miniport Adapter;C:\WINDOWS\system32\DRIVERS\IrUSB.sys [ ]
S3 siusbmod;siusbmod;C:\WINDOWS\system32\DRIVERS\siusbmod.sys [ ]
S3 ultradfg;ultradfg;C:\WINDOWS\system32\DRIVERS\ultradfg.sys [2007-10-08 23040]
.
Zawartość folderu 'Zaplanowane zadania'
2008-10-12 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\MichaB []
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKLM-Run-Onet.pl AutoUpdate - C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe
MSConfigStartUp-AQQ - C:\PROGRA~1\WapSter\WapSter AQQ\AQQ.exe
MSConfigStartUp-Aqua Dock - C:\Program Files\Aqua Dock\Aqua Dock.exe
MSConfigStartUp-ClocX - C:\Program Files\ClocX\ClocX.exe
MSConfigStartUp-Flashget - C:\Program Files\FlashGet\FlashGet.exe
MSConfigStartUp-ISUSPM Startup - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
MSConfigStartUp-Komunikator - C:\Program Files\Tlen.pl\tlen.exe
MSConfigStartUp-NextSTART - C:\Program Files\Winstep\nextstart.exe
MSConfigStartUp-TopDesk - C:\Program Files\TopDesk\topdesk.exe
MSConfigStartUp-TransBar - D:\TransBar\TransBar.exe
MSConfigStartUp-Workshelf - C:\Program Files\Winstep\workshelf.exe
MSConfigStartUp-Yodm3D - C:\Documents and Settings\Michał -Lordi-\Pulpit\yodm3D\Yodm3D.exe
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\Michał -Lordi-\Dane aplikacji\Mozilla\Firefox\Profiles\qv69k299.default\
FF -: plugin - C:\Documents and Settings\Michał -Lordi-\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-14 13:39:45
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
PROCES: C:\WINDOWS\explorer.exe
-> C:\Program Files\RocketDock\RocketDock.dll
-> C:\WINDOWS\system32\nview.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\MichaC:\Program Files\Last.fm\LastFMHelper.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Czas ukończenia: 2008-10-14 13:46:15 - komputer został uruchomiony ponownie [Michał -Lordi-]
ComboFix-quarantined-files.txt 2008-10-14 11:46:07
Przed: 605,175,808 bajtów wolnych
Po: 781,053,952 bajtów wolnych
305
- Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 13:51:15, on 2008-10-14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Documents and Settings\Michał -Lordi-\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Miranda IM\Miranda IM\miranda32.exe
D:\instalki\przydatne\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Michał -Lordi-\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: Skrót do miranda32.exe.lnk = D:\Miranda IM\Miranda IM\miranda32.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\Office\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted IP range: 192.168.1.1
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4713F27-2CF9-4EED-9D61-44E5B9D2F610}: NameServer = 80.48.64.1,194.204.159.1
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Menedżer Google Desktop 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
