Jak usunąć te ustrojstwo
Aktualizacje na programosy.pl:
Chromium • Kaspersky Rescue Disk • Vim • Zortam Mp3 Media Studio • Software Ideas Modeler Standard Portable • Software Ideas Modeler Standard • Far Manager • Trellix Stinger • Passmark BurnInTest Windows Edition
-
- Ogłoszenie:
win32
10 posty(ów) • Strona 1 z 1
przez wojtas 09 Cze 2007, 15:17
daj logi wg opisu":
http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html
http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html
-
wojtas - *mod
- Posty: 18165
- Dołączenie: 13 Sty 2006, 16:00
- Miejscowość: Krzeszyce
- Pochwały: 1656
przez Mascott 09 Cze 2007, 19:12
Logfile of HijackThis v1.99.1
Scan saved at 18:50:09, on 2007-06-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\System32\nvraidservice.exe
C:\windows\SOUNDMAN.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\windows\retadpu2000352.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\windows\system32\ctfmon.exe
C:\WINDOWS\??crosoft.NET\services.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\SEWERY~1.KOR\USTAWI~1\Temp\Rar$EX00.641\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {C10A4963-D5F7-AE07-DB0E-FEADDC9470E1} - C:\windows\system32\bgh.dll (file missing)
O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [runner1] C:\windows\retadpu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Jtbeqf] C:\WINDOWS\??crosoft.NET\services.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Hito] "C:\PROGRA~1\COMMON~1\CROSOF~1\lsass.exe" -vt ndrv
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool- http://67.15.101.3/g_bin/pl/billard8_2_0_0_31.cab
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O20 - Winlogon Notify: winzdn32 - C:\windows\SYSTEM32\winzdn32.dll
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
- Mascott
- ~user
- Posty: 67
- Dołączenie: 11 Mar 2007, 09:45
- Pochwały: 7
-
przez wojtas 09 Cze 2007, 19:43
Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach)
Start do awaryjnego ( F8 ) przy starcie komputera.
Odpalasz hijackthis i zaznaczasz ptaszkami powyższe wpisy i dajesz Fix checked.
Pogrubione pliki usuwasz ręcznie z dysku
potem nowe logi z hijacka oraz z:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Autor postu otrzymał pochwałę
Start do awaryjnego ( F8 ) przy starcie komputera.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O2 - BHO: (no name) - {C10A4963-D5F7-AE07-DB0E-FEADDC9470E1} - C:\windows\system32\bgh.dll (file missing)
O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O4 - HKLM\..\Run: [runner1] C:\windows\retadpu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [Jtbeqf] C:\WINDOWS\??crosoft.NET\services.exe
O20 - Winlogon Notify: winzdn32 - C:\windows\SYSTEM32\winzdn32.dll
Odpalasz hijackthis i zaznaczasz ptaszkami powyższe wpisy i dajesz Fix checked.
Pogrubione pliki usuwasz ręcznie z dysku
potem nowe logi z hijacka oraz z:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Autor postu otrzymał pochwałę
-
wojtas - *mod
- Posty: 18165
- Dołączenie: 13 Sty 2006, 16:00
- Miejscowość: Krzeszyce
- Pochwały: 1656
-
przez Mascott 10 Cze 2007, 09:22
- Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 09:01:11, on 2007-06-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\DOCUME~1\SEWERY~1.KOR\USTAWI~1\Temp\Rar$EX00.672\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_31.cab
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
- Mascott
- ~user
- Posty: 67
- Dołączenie: 11 Mar 2007, 09:45
- Pochwały: 7
-
przez wojtas 10 Cze 2007, 10:50
daj jeszcze z:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-
wojtas - *mod
- Posty: 18165
- Dołączenie: 13 Sty 2006, 16:00
- Miejscowość: Krzeszyce
- Pochwały: 1656
-
przez Mascott 10 Cze 2007, 19:11
- Kod: Zaznacz wszystko
ComboFix 07-06-09.5 - C:\Documents and Settings\-KCJT6CMI\Pulpit\ComboFix.exe
"Seweryn" - 2007-06-10 18:45:30 - Dodatek Service Pack 2 NTFS
((((((((((((((((((((((((( Files Created from 2007-05-10 to 2007-06-10 )))))))))))))))))))))))))))))))
2007-06-10 16:33 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-06-10 16:33 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-06-10 16:33 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-06-10 16:33 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-06-10 16:33 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-06-10 16:33 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-06-10 16:33 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-06-10 16:33 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-06-10 16:33 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-06-10 16:33 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-06-10 16:33 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-06-10 16:33 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-06-10 16:33 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-06-10 16:33 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-06-09 21:01 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-09 20:39 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-06-09 20:39 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-06-09 19:10 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-06-09 11:37 <DIR> d-------- C:\DOCUME~1\SEWERY~1.KOR\DANEAP~1\Ahead
2007-06-09 11:34 <DIR> d-------- C:\Program Files\Nero
2007-06-09 10:58 <DIR> d-------- C:\Downloads
2007-06-08 21:21 <DIR> d-------- C:\DOCUME~1\SEWERY~1.KOR\DANEAP~1\BearShare
2007-06-08 21:20 <DIR> d-------- C:\Program Files\BearShare Applications
2007-06-08 11:09 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
2007-06-08 11:09 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
2007-06-08 11:09 <DIR> d-------- C:\Program Files\SAGEM WiFi manager
2007-06-08 11:09 <DIR> d-------- C:\Program Files\SAGEM
2007-06-08 11:08 <DIR> d-------- C:\DOCUME~1\SEWERY~1.KOR\DANEAP~1\InstallShield
2007-06-08 11:07 450,560 --a------ C:\WINDOWS\system32\drivers\WlanBZXP.sys
2007-06-08 10:05 <DIR> d-------- C:\DOCUME~1\SEWERY~1.KOR\DANEAP~1\Microsoft Web Folders
2007-06-03 15:27 786,432 --ah----- C:\DOCUME~1\GOEBFF~1\ntuser.dat
2007-06-03 15:27 <DIR> dr-h----- C:\DOCUME~1\GOEBFF~1\Dane aplikacji
2007-06-03 15:27 <DIR> dr------- C:\DOCUME~1\GOEBFF~1\Ulubione
2007-06-03 15:27 <DIR> dr------- C:\DOCUME~1\GOEBFF~1\Moje dokumenty
2007-06-03 15:27 <DIR> dr------- C:\DOCUME~1\GOEBFF~1\Menu Start
2007-06-03 15:27 <DIR> d--h----- C:\DOCUME~1\GOEBFF~1\Ustawienia lokalne
2007-06-03 15:27 <DIR> d--h----- C:\DOCUME~1\GOEBFF~1\Szablony
2007-06-03 15:27 <DIR> d-------- C:\DOCUME~1\GOEBFF~1\Pulpit
2007-06-02 21:26 <DIR> d-------- C:\Program Files\GIF Movie Gear
2007-06-02 16:55 61,440 --a------ C:\WINDOWS\system32\W32N50.dll
2007-06-02 16:55 114,688 --a------ C:\WINDOWS\system32\WLANUTL.dll
2007-05-24 13:46 4,456,448 --a------ C:\DOCUME~1\SEWERY~1.KOR\ntuser.dat
2007-05-24 13:46 233,472 --a------ C:\DOCUME~1\LOCALS~1.ZAR\ntuser.dat
2007-05-20 21:06 4 --a------ C:\WINDOWS\system32\proc1395793746.bin
2007-05-20 21:06 <DIR> d-------- C:\DOCUME~1\SEWERY~1.KOR\DANEAP~1\GanymedeNet
2007-05-20 15:43 <DIR> d-------- C:\DOCUME~1\SEWERY~1.KOR\DANEAP~1\Gadu-Gadu
2007-05-20 14:24 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-05-20 14:24 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-05-20 14:24 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-05-17 16:20 <DIR> d-------- C:\Program Files\WapSter
2007-05-17 16:20 <DIR> d-------- C:\DOCUME~1\SEWERY~1.KOR\WapSter
2007-05-11 15:48 <DIR> dr------- C:\DOCUME~1\LOCALS~1.ZAR\Moje dokumenty
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-10 15:10:29 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-10 15:10:29 -------- d-----w C:\Program Files\Codemasters
2007-06-09 09:38:30 -------- d-----w C:\Program Files\Common Files\Ahead
2007-06-08 09:24:48 -------- d-----w C:\Program Files\Gadu-Gadu
2007-06-03 09:24:51 -------- d-----w C:\Program Files\Google
2007-06-02 20:04:56 1,156 ----a-w C:\windows\mozver.dat
2007-05-20 19:50:23 -------- d-----w C:\Program Files\Winamp
2007-05-11 16:54:14 -------- d-----w C:\DOCUME~1\SEWERY~1.KOR\DANEAP~1\Real
2007-05-05 10:07:38 -------- d-----w C:\DOCUME~1\SEWERY~1.KOR\DANEAP~1\Apple Computer
2007-05-05 10:06:23 -------- d-----w C:\Program Files\Apple Software Update
2007-05-04 20:53:11 -------- d-----w C:\DOCUME~1\SEWERY~1.KOR\DANEAP~1\Media Player Classic
2007-05-04 20:51:31 -------- d-----w C:\Program Files\K-Lite Codec Pack
2007-05-01 07:24:03 -------- d-----w C:\DOCUME~1\SEWERY~1.KOR\DANEAP~1\CursorArts
2007-04-27 20:11:23 67,194 ----a-w C:\windows\system32\perfc015.dat
2007-04-27 20:11:23 436,312 ----a-w C:\windows\system32\perfh015.dat
2007-04-27 13:40:01 -------- d-----w C:\DOCUME~1\SEWERY~1.KOR\DANEAP~1\Google
2007-04-25 19:37:00 -------- d-----w C:\Program Files\Movie Maker
2007-04-25 19:37:00 -------- d-----w C:\Program Files\Messenger
2007-04-25 10:06:22 -------- d-----w C:\Program Files\Windows NT
2007-04-23 17:06:18 -------- d--h--w C:\Program Files\WindowsUpdate
2007-04-22 09:46:59 -------- d-----w C:\DOCUME~1\SEWERY~1.KOR\DANEAP~1\Help
2007-04-18 16:14:32 2,854,400 ----a-w C:\windows\system32\msi.dll
2007-04-17 15:59:45 0 ----a-w C:\windows\nsreg.dat
2007-04-15 19:15:21 -------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-04-15 19:13:57 -------- d-----w C:\Program Files\Hewlett-Packard
2007-04-15 19:12:55 -------- d-----w C:\DOCUME~1\SEWERY~1.KOR\DANEAP~1\CyberLink
2007-04-15 19:12:03 -------- d-----w C:\DOCUME~1\SEWERY~1.KOR\DANEAP~1\InterTrust
2007-04-15 19:12:01 -------- d-----w C:\Program Files\SubEdit-Player
2007-04-15 19:11:51 -------- d-----w C:\Program Files\AvRack
2007-04-15 19:03:30 -------- d-----w C:\Program Files\HP
2007-04-14 19:56:22 112,960 ----a-w C:\windows\hpoins07.dat
2007-04-14 12:10:40 71,807 ----a-w C:\windows\hpqins09.dat
2007-04-13 13:03:52 71,312 ----a-w C:\windows\hpqins01.dat
2007-04-12 15:12:19 60,416 ----a-w C:\windows\ALCFDRTM.EXE
2007-04-10 19:00:02 -------- d-----w C:\Program Files\Common Files\HP
2007-04-10 18:52:38 -------- d-----w C:\DOCUME~1\SEWERY~1.KOR\DANEAP~1\HP
2007-04-10 08:31:57 21,856 ----a-w C:\windows\system32\emptyregdb.dat
2007-03-17 13:45:36 293,376 ----a-w C:\windows\system32\winsrv.dll
2007-03-16 05:27:14 40,960 ----a-w C:\windows\system32\frapsvid.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 18:39]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 12:48 C:\WINDOWS\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2005-06-15 11:20 C:\WINDOWS\system32\nwiz.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-04-27 09:41]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-04 09:44]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
Contents of the 'Scheduled Tasks' folder
2007-06-10 12:37:00 C:\windows\tasks\AppleSoftwareUpdate.job
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-10 18:47:31
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
cmd.exe [1844]
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-10 18:48:16
--- E O F ---
Ostatnio edytowany przez Mascott, 10 Mar 2008, 23:17, edytowano w sumie 1 raz
- Mascott
- ~user
- Posty: 67
- Dołączenie: 11 Mar 2007, 09:45
- Pochwały: 7
-
10 posty(ów) • Strona 1 z 1
Kto jest na forum
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 21 gości