Aktualizacje na programosy.pl: ChromiumKaspersky Rescue DiskVimMuLabGoogle ChromeAwesome Screenshot for ChromePlayOnDiskDiggerFar Manager  

  • Ogłoszenie:

prośba o sprawdzenia loga

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.
Wyślij odpowiedź

Prośba o sprawdzenia loga

Postprzez soberpl 16 Sty 2008, 16:46

reklama
Mam problem z javą. Problem jest dość dziwny i być może nic w logu nie będzie, ale nie mam już pomysłu co z tym zrobić. Niby na stronkach z grami java itd. wszystko działa (mam najnowszą wersję update 3), ale w profilu administracyjnym Joomla! gdy wybieram opcję html w edycji tekstu otwiera się nowe okno, ale białe bez możliwości wpisania czegokolwiek (zarówno FF jak i Opera).

Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:39:29, on 2008-01-16
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Softick\PPP\Bin\PPPGate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Download\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SoftickPPP] "C:\Program Files\Softick\PPP\Bin\PPPGate.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe (file missing)

--
End of file - 5862 bytes
soberpl
~user
 
Posty: 130
Dołączenie: 28 Maj 2005, 18:18
Miejscowość: Zabrze
Pochwały: 1

Góra

Postprzez Dzi@dek 16 Sty 2008, 17:28

Jeśli nie masz już toolbara od winampa to usuń w hijackthis:

O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)


oraz ten wpis:

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Otwórz notatnik i wklej:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000
"**del.DisableTaskMgr"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"DisableTaskMgr"=dword:00000000


Plik > Zapisz jako typ: wszystkie pliki, nazwij go FIX.REG
Uruchom plik w trybie awaryjnym i restart.
Dzi@dek
^zasłużony
 
Posty: 3854
Dołączenie: 11 Gru 2006, 20:18
Miejscowość: Warszawa
Pochwały: 210

Góra

Postprzez soberpl 16 Sty 2008, 18:09

Ok, zrobiłem tak jak napisałeś.

Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:13:09, on 2008-01-16
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Download\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SoftickPPP] "C:\Program Files\Softick\PPP\Bin\PPPGate.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe (file missing)

--
End of file - 5450 bytes


Czysto?
soberpl
~user
 
Posty: 130
Dołączenie: 28 Maj 2005, 18:18
Miejscowość: Zabrze
Pochwały: 1

Góra

Postprzez Dzi@dek 16 Sty 2008, 20:19

Tu jest czysto.
Daj jeszcze log z Combofix
Image Image
Dzi@dek
^zasłużony
 
Posty: 3854
Dołączenie: 11 Gru 2006, 20:18
Miejscowość: Warszawa
Pochwały: 210

Góra

Postprzez soberpl 16 Sty 2008, 20:37

Kod: Zaznacz wszystko
ComboFix 08-01-16.4 - Darek 2008-01-16 19:29:59.1 - NTFSx86
Running from: D:\Download\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\RTELM.dll

.
(((((((((((((((((((((((((   Files Created from 2007-12-16 to 2008-01-16  )))))))))))))))))))))))))))))))
.

2008-01-16 19:28 . 2000-08-31 08:00   51,200   --a--c---   C:\WINDOWS\NirCmd.exe
2008-01-16 16:58 . 2007-02-17 14:30   <DIR>   d--h-c---   C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-01-16 16:58 . 2007-02-17 14:30   <DIR>   d----c---   C:\Documents and Settings\Administrator\Ulubione
2008-01-16 16:58 . 2007-02-17 13:39   <DIR>   d--h-c---   C:\Documents and Settings\Administrator\Szablony
2008-01-16 16:58 . 2008-01-16 17:06   <DIR>   d----c---   C:\Documents and Settings\Administrator\Pulpit
2008-01-16 16:58 . 2007-02-17 14:30   <DIR>   d----c---   C:\Documents and Settings\Administrator\Moje dokumenty
2008-01-16 16:58 . 2007-02-17 14:30   <DIR>   dr---c---   C:\Documents and Settings\Administrator\Menu Start
2008-01-16 16:58 . 2007-02-17 14:30   <DIR>   dr-h-c---   C:\Documents and Settings\Administrator\Dane aplikacji
2008-01-12 15:50 . 2008-01-12 15:55   <DIR>   d----c---   C:\Program Files\Webzen
2008-01-10 23:38 . 2008-01-16 17:11   54,156   --ah-c---   C:\WINDOWS\QTFont.qfn
2008-01-10 23:38 . 2008-01-10 23:38   1,409   --a--c---   C:\WINDOWS\QTFont.for
2008-01-10 23:37 . 2008-01-10 23:37   <DIR>   d----c---   C:\Program Files\iTunes
2008-01-10 23:37 . 2008-01-10 23:37   <DIR>   d----c---   C:\Program Files\iPod
2008-01-05 13:30 . 2008-01-05 13:30   <DIR>   d----c---   C:\Documents and Settings\Tata\Dane aplikacji\Skype
2008-01-05 13:13 . 2008-01-05 13:13   <DIR>   d----c---   C:\Program Files\Free WMA to MP3 Converter
2008-01-04 22:25 . 2008-01-04 22:25   <DIR>   d----c---   C:\Program Files\Opera
2007-12-27 02:10 . 2007-12-28 01:11   82   --a--c---   C:\WINDOWS\VplayerINI.vpl
2007-12-26 23:23 . 2007-12-26 23:23   <DIR>   d----c---   C:\Program Files\Vplayer
2007-12-26 23:23 . 2007-12-28 01:11   2,546   --a--c---   C:\WINDOWS\VPlayer.INI
2007-12-26 23:13 . 2008-01-11 23:34   <DIR>   d----c---   C:\Program Files\NAPI-PROJEKT
2007-12-25 15:41 . 2007-12-25 19:30   <DIR>   d----c---   C:\Documents and Settings\Darek\Dane aplikacji\Audacity
2007-12-24 20:01 . 1997-06-13 15:56   56,832   -----c---   C:\WINDOWS\system32\iyvu9_32.dll
2007-12-24 19:53 . 2007-12-24 19:53   <DIR>   d----c---   C:\Program Files\VID_0E8F&PID_0003
2007-12-23 22:53 . 2008-01-04 22:58   <DIR>   d----c---   C:\Program Files\Cell Phone Manager
2007-12-23 21:24 . 2007-12-23 21:24   <DIR>   d----c---   C:\Documents and Settings\All Users\Dane aplikacji\RTE
2007-12-23 21:10 . 2005-07-25 10:04   48,640   -----c---   C:\WINDOWS\system32\drivers\ser2pl.sys
2007-12-23 00:17 . 2007-12-23 00:17   <DIR>   d----c---   C:\Program Files\Softick
2007-12-22 15:39 . 2007-12-22 15:39   <DIR>   d----c---   C:\Program Files\Intel Desktop Board
2007-12-22 15:21 . 2004-09-17 07:05   84,512   -ra--c---   C:\WINDOWS\system32\drivers\ss_mdm.sys
2007-12-22 15:21 . 2004-09-17 07:05   6,080   -ra--c---   C:\WINDOWS\system32\drivers\ss_cmnt.sys
2007-12-22 15:21 . 2004-09-17 07:05   6,080   -ra--c---   C:\WINDOWS\system32\drivers\ss_cm.sys
2007-12-22 15:21 . 2004-09-17 07:05   6,064   -ra--c---   C:\WINDOWS\system32\drivers\ss_mdfl.sys
2007-12-22 15:20 . 2004-09-17 07:04   52,384   -ra--c---   C:\WINDOWS\system32\drivers\ss_bus.sys
2007-12-22 15:20 . 2004-09-17 07:04   5,744   -ra--c---   C:\WINDOWS\system32\drivers\ss_whnt.sys
2007-12-22 15:20 . 2004-09-17 07:04   5,744   -ra--c---   C:\WINDOWS\system32\drivers\ss_wh.sys
2007-12-22 15:11 . 2007-12-22 22:45   <DIR>   d----c---   C:\Program Files\SAMSUNG
2007-12-21 23:22 . 2007-12-21 23:22   <DIR>   d----c---   C:\Documents and Settings\Darek\Dane aplikacji\InstallShield
2007-12-20 23:00 . 2008-01-15 13:42   2,298   --a--c---   C:\WINDOWS\TSCTNDBG.INI
2007-12-19 23:10 . 2007-12-19 23:10   4,256   --a--c---   C:\WINDOWS\system32\drivers\UserPort.sys
2007-12-19 22:08 . 2007-12-19 22:08   <DIR>   d----c---   C:\Program Files\SmartCom
2007-12-19 22:08 . 2007-12-19 22:08   <DIR>   d----c---   C:\Program Files\Common Files\SmartCom
2007-12-19 22:08 . 2007-12-23 21:24   <DIR>   d----c---   C:\Documents and Settings\Darek\Dane aplikacji\RTE
2007-12-19 22:08 . 2005-06-09 23:18   123,392   --a--c---   C:\WINDOWS\system32\dzip32.dll
2007-12-19 22:02 . 2007-12-19 22:02   33,920   --a--c---   C:\WINDOWS\system32\drivers\oreans32.sys
2007-12-19 22:01 . 2007-12-19 22:01   <DIR>   d----c---   C:\Program Files\SagMaster Team

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 15:17   ---------   dc----w   C:\Documents and Settings\Darek\Dane aplikacji\OpenOffice.org2
2008-01-16 14:42   ---------   dc----w   C:\Documents and Settings\Darek\Dane aplikacji\Tlen.pl
2008-01-14 17:15   ---------   dc----w   C:\Program Files\FlashGet
2008-01-12 15:31   ---------   dc----w   C:\Program Files\hp deskjet 3320 series
2008-01-12 15:31   ---------   dc----w   C:\Program Files\Hewlett-Packard
2008-01-12 14:50   ---------   dc-h--w   C:\Program Files\InstallShield Installation Information
2008-01-10 22:37   ---------   dc----w   C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2007-12-24 18:49   ---------   dc----w   C:\Documents and Settings\Karolina\Dane aplikacji\OpenOffice.org2
2007-12-23 20:49   ---------   dc----w   C:\Documents and Settings\Darek\Dane aplikacji\MyPhoneExplorer
2007-12-22 12:40   ---------   dc----w   C:\Documents and Settings\Darek\Dane aplikacji\Skype
2007-12-19 22:13   ---------   dc----w   C:\Program Files\Winamp
2007-12-10 18:14   ---------   dc----w   C:\Documents and Settings\Karolina\Dane aplikacji\AdobeUM
2007-12-07 19:39   ---------   dc----w   C:\Documents and Settings\Karolina\Dane aplikacji\Media Player Classic
2007-12-07 19:39   ---------   dc----w   C:\Documents and Settings\Karolina\Dane aplikacji\DivX
2007-12-04 00:05   ---------   dc----w   C:\Program Files\Tlen.pl
2007-12-02 15:11   ---------   dc----w   C:\Program Files\Common Files\NSV
2007-12-02 10:55   ---------   dc----w   C:\Program Files\OpenOffice.org 2.3
2007-11-29 13:02   ---------   dc----w   C:\Program Files\MemoriesOnTV3
2007-11-22 22:06   ---------   dc----w   C:\Documents and Settings\Darek\Dane aplikacji\Apple Computer
2007-11-22 22:02   ---------   dc----w   C:\Program Files\Common Files\Apple
2007-11-18 16:31   ---------   dc----w   C:\Documents and Settings\Karolina\Dane aplikacji\Gadu-Gadu
2007-11-16 13:13   ---------   dc----w   C:\Program Files\Gadu-Gadu
2007-02-17 13:38   5   -csha-w   C:\WINDOWS\system32\cdfacc7_s.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2007-10-05 14:20 6226432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-11 14:35 249896]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 11:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22 86016]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"SoftickPPP"="C:\Program Files\Softick\PPP\Bin\PPPGate.exe" [2004-10-20 23:05 160256]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^GN-WPKG Utility.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\GN-WPKG Utility.lnk
backup=C:\WINDOWS\pss\GN-WPKG Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Remote Controller.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Remote Controller.lnk
backup=C:\WINDOWS\pss\Remote Controller.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^TV Scheduler.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\TV Scheduler.lnk
backup=C:\WINDOWS\pss\TV Scheduler.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Darek^Menu Start^Programy^Autostart^WlanUtility.lnk]
path=C:\Documents and Settings\Darek\Menu Start\Programy\Autostart\WlanUtility.lnk
backup=C:\WINDOWS\pss\WlanUtility.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
--a--c--- 2001-05-10 17:49 102400 C:\Program Files\Creative\SBLive\Program\AHQInit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]
--a--c--- 2001-08-17 17:01 180224 C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a--c--- 2004-08-03 23:44 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a--c--- 2007-01-17 14:55 1548288 C:\PROGRA~1\FlashGet\Flashget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator]
--a--c--- 2007-10-05 14:20 6226432 C:\Program Files\Tlen.pl\tlen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerS]
--a--c--- 2001-08-03 17:56 159800 C:\WINDOWS\PowerS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra--c--- 2007-09-13 13:37 22983464 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2006-12-15 03:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a--c--- 2000-05-11 01:00 90112 C:\WINDOWS\Updreg.exe

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-12-19 22:02]
R1 UserPort;UserPort;C:\WINDOWS\system32\drivers\UserPort.sys [2007-12-19 23:10]
R2 BT848;BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.SYS [2003-01-16 17:14]
R2 BTTUNER;BtTuner, WDM TV Tuner;C:\WINDOWS\system32\drivers\BTTUNER.SYS [2003-01-16 17:14]
R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.SYS [2003-01-16 17:14]
S3 M2500;802.11g Wireless Network Driver;C:\WINDOWS\system32\DRIVERS\M2500.sys []
S3 NETDLWL;D-Link Air Wireless Adapter(DL) NT Driver;C:\WINDOWS\system32\DRIVERS\NETDLWL.SYS [2003-11-14 10:38]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2004-09-17 07:04]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2004-09-17 07:05]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2004-09-17 07:05]
S3 STUSB2Ir;SigmaTel USB 2.0 IrDA Bridge;C:\WINDOWS\system32\DRIVERS\stusb2ir.sys [2004-05-28 06:22]
S3 usb2vcom;USB Data Cable;C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2005-12-21 04:32]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-10 21:45:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 19:34:42
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-16 19:36:18
ComboFix-quarantined-files.txt  2008-01-16 18:36:14
.
2008-01-10 15:04:42   --- E O F --- 
soberpl
~user
 
Posty: 130
Dołączenie: 28 Maj 2005, 18:18
Miejscowość: Zabrze
Pochwały: 1

Góra

Postprzez Dzi@dek 16 Sty 2008, 20:48

Czysto.

Autor postu otrzymał pochwałę
Image Image
Dzi@dek
^zasłużony
 
Posty: 3854
Dołączenie: 11 Gru 2006, 20:18
Miejscowość: Warszawa
Pochwały: 210

Góra

Postprzez soberpl 16 Sty 2008, 22:20

Wielkie dzięki :)
soberpl
~user
 
Posty: 130
Dołączenie: 28 Maj 2005, 18:18
Miejscowość: Zabrze
Pochwały: 1

Góra
Wyślij odpowiedź

Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 17 gości

Powered by phpBB © Group
Forum Programosy.pl