• Ogłoszenie:

Dziwne procesy w menadzerze urzadzen

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.

Dziwne procesy w menadzerze urzadzen

Postprzez Batonn 02 Lis 2008, 14:30

reklama
Kumplowi pada komp....zwalnia w menadzerze urzadzen zauwazylem jakies dziwne procesy. Prosze o sprawdzenie loga:
Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:26:55, on 2008-10-27
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
[quote]
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\neostrada tp\neostradatp.exe
C:\Program Files\neostrada tp\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Toaster.exe
C:\PROGRA~1\NEOSTR~1\Inactivity.exe
C:\PROGRA~1\NEOSTR~1\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\neostrada tp\Watch.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Documents and Settings\Bayo\Pulpit\VundoFix.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: {07a18cf6-e618-d458-ed14-cc938b465920} - {029564b8-39cc-41de-854d-816e6fc81a70} - C:\WINDOWS\system32\nquhgb.dll
O2 - BHO: (no name) - {22E77BAE-2C7B-48ED-8DA8-0B7A4F8333D2} - C:\WINDOWS\system32\qoMeEXnn.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: (no name) - {EEBCEA7B-BA5B-435E-883F-D142A2F1B51A} - C:\WINDOWS\system32\hgGxUnNe.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [dptracker] C:\Program Files\DigitalPeers\CamTrack\dptracker.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C29AAB5-8D9B-43D0-BCAC-F1A38EAEC057}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: nquhgb.dll
O20 - Winlogon Notify: hgGxUnNe - C:\WINDOWS\SYSTEM32\hgGxUnNe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - H:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


--
End of file - 12264 bytes[/quote]
Awatar użytkownika
Batonn
 
Posty: 623
Dołączenie: 22 Sty 2006, 17:05
Miejscowość: Kraków
Pochwały: 54



Dziwne procesy w menadzerze urzadzen

Postprzez Magik 02 Lis 2008, 14:46

brakuje combofixa........


na fix:

Kod: Zaznacz wszystko
O2 - BHO: {07a18cf6-e618-d458-ed14-cc938b465920} - {029564b8-39cc-41de-854d-816e6fc81a70} - C:\WINDOWS\system32\nquhgb.dll
O2 - BHO: (no name) - {22E77BAE-2C7B-48ED-8DA8-0B7A4F8333D2} - C:\WINDOWS\system32\qoMeEXnn.dll (file missing)
O2 - BHO: (no name) - {EEBCEA7B-BA5B-435E-883F-D142A2F1B51A} - C:\WINDOWS\system32\hgGxUnNe.dll
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O20 - AppInit_DLLs: nquhgb.dll
O20 - Winlogon Notify: hgGxUnNe - C:\WINDOWS\SYSTEM32\hgGxUnNe.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
Image Image
Awatar użytkownika
Magik
~user
 
Posty: 7956
Dołączenie: 08 Maj 2004, 09:17
Miejscowość: Głogów
Pochwały: 886



Re: dziwne procesy w menadzerze urzadzen

Postprzez Batonn 02 Lis 2008, 14:51

Log z Combofixa:
Kod: Zaznacz wszystko
ComboFix 08-11-01.05 - Bayo 2008-11-02 13:38:58.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.884 [GMT 1:00]
Uruchomiony z: C:\Documents and Settings\Bayo\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania

[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.
[i] ADS - WINDOWS: deleted 24 bytes in 1 streams. [/i]

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\s32.txt
C:\WINDOWS\system32\_000110_.tmp.dll
C:\WINDOWS\system32\bbyhkutd.dll
C:\WINDOWS\system32\byXQHxxU.dll
C:\WINDOWS\system32\ccrhigba.dll
C:\WINDOWS\system32\hgGxUnNe.dll
C:\WINDOWS\system32\ieupdates.exe.tmp
C:\WINDOWS\system32\jmegdtma.ini
C:\WINDOWS\system32\jqubbnmw.ini
C:\WINDOWS\system32\nnXEeMoq.ini
C:\WINDOWS\system32\nnXEeMoq.ini2
C:\WINDOWS\system32\nquhgb.dll
C:\WINDOWS\system32\srsgfu.dll
C:\WINDOWS\ws386.ini

----- BITS: Możliwe zainfekowane strony -----

hxxp://simon.elementfx.com
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASPIMGR


(((((((((((((((((((((((((   Pliki utworzone od 2008-10-02 do 2008-11-02  )))))))))))))))))))))))))))))))
.

2008-10-27 13:26 . 2008-10-27 13:26   <DIR>   d--------   C:\Program Files\Trend Micro
2008-10-27 13:25 . 2008-10-27 13:25   <DIR>   d--------   C:\VundoFix Backups
2008-10-27 13:12 . 2008-10-27 13:12   <DIR>   d--------   C:\Program Files\Lavasoft
2008-10-27 13:12 . 2008-10-27 13:18   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-10-27 13:09 . 2008-10-27 13:09   <DIR>   d--h-c---   C:\Documents and Settings\All Users\Dane aplikacji\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-27 13:05 . 2008-10-27 13:05   <DIR>   d--------   C:\!FixIEDef
2008-10-26 22:00 . 2008-10-26 22:00   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems
2008-10-26 21:58 . 2008-10-26 21:58   <DIR>   d--------   C:\Program Files\Common Files\Adobe Systems Shared
2008-10-26 18:35 . 2008-10-26 18:35   891   --a------   C:\WINDOWS\VPlayer.INI
2008-10-26 18:35 . 2008-10-26 18:35   69   --a------   C:\WINDOWS\VplayerINI.vpl
2008-10-26 18:34 . 2008-10-26 18:34   <DIR>   d--------   C:\Program Files\Vplayer
2008-10-26 18:28 . 2008-10-26 18:29   <DIR>   d--------   C:\Documents and Settings\Bayo\Dane aplikacji\BESTplayer
2008-10-26 18:25 . 2008-10-26 18:25   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-10-26 18:25 . 2008-10-26 18:25   1,409   --a------   C:\WINDOWS\QTFont.for
2008-10-26 16:25 . 2008-10-26 16:25   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Fallout3
2008-10-26 16:23 . 2008-10-26 16:23   <DIR>   d--------   C:\Program Files\MSBuild
2008-10-26 16:20 . 2008-10-26 16:20   <DIR>   d--------   C:\WINDOWS\system32\XPSViewer
2008-10-26 16:19 . 2008-10-26 16:19   <DIR>   d--------   C:\Program Files\Reference Assemblies
2008-10-26 16:18 . 2006-06-29 13:07   14,048   ---------   C:\WINDOWS\system32\spmsg2.dll
2008-10-26 16:17 . 2008-10-26 16:17   <DIR>   d--------   C:\WINDOWS\system32\xlive
2008-10-26 16:08 . 2008-10-28 17:55   5,930,090,496   --a------   C:\rld-fou3.iso
2008-10-26 15:15 . 2008-10-26 15:25   <DIR>   d--------   C:\Program Files\SlySoft
2008-10-26 15:15 . 2008-10-26 15:15   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\SlySoft
2008-10-24 12:16 . 2007-10-31 19:24   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-10-24 12:16 . 2007-10-31 19:24   <DIR>   d--------   C:\Documents and Settings\Administrator\Ulubione
2008-10-24 12:16 . 2007-10-31 18:31   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Szablony
2008-10-24 12:16 . 2007-10-31 19:24   <DIR>   d--------   C:\Documents and Settings\Administrator\Pulpit
2008-10-24 12:16 . 2007-10-31 19:24   <DIR>   d--------   C:\Documents and Settings\Administrator\Moje dokumenty
2008-10-24 12:16 . 2007-10-31 19:24   <DIR>   dr-------   C:\Documents and Settings\Administrator\Menu Start
2008-10-24 12:16 . 2007-10-31 19:24   <DIR>   dr-h-----   C:\Documents and Settings\Administrator\Dane aplikacji
2008-10-24 12:16 . 2008-10-24 12:16   <DIR>   d--------   C:\Documents and Settings\Administrator
2008-10-05 13:02 . 2008-10-05 13:33   766   --a------   C:\WINDOWS\CoD.INI
2008-10-04 13:22 . 2008-09-16 17:09   30,080   --a------   C:\WINDOWS\system32\drivers\RKHit.sys
2008-10-04 13:22 . 2008-10-04 13:22   42   --a------   C:\WINDOWS\system32\AK083E209605E394C.lie

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-02 12:43   ---------   d-----w   C:\Program Files\Symantec AntiVirus
2008-11-02 12:37   ---------   d-----w   C:\Program Files\neostrada tp
2008-10-27 12:11   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2008-10-26 20:58   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-10-26 16:16   ---------   d---a-w   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-10-26 15:25   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-10-26 14:47   ---------   d-----w   C:\Documents and Settings\Bayo\Dane aplikacji\Azureus
2008-10-26 13:14   ---------   d-----w   C:\Program Files\Java
2008-10-17 16:58   ---------   d-----w   C:\Program Files\WildGames
2008-10-15 21:56   ---------   d-----w   C:\Documents and Settings\Bayo\Dane aplikacji\Skype
2008-10-15 21:09   ---------   d-----w   C:\Documents and Settings\Bayo\Dane aplikacji\skypePM
2008-10-04 08:52   ---------   d-----w   C:\Documents and Settings\Bayo\Dane aplikacji\AdobeUM
2008-09-27 11:57   ---------   d-----w   C:\Program Files\WorldUnlock Codes Calculator
2008-09-15 12:02   ---------   d-----w   C:\Documents and Settings\Bayo\Dane aplikacji\XRay Engine
2008-09-14 13:38   ---------   d-----w   C:\Program Files\DX-Ball
2008-09-14 11:24   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\WildTangent
2008-09-14 11:23   ---------   d-----w   C:\Documents and Settings\Bayo\Dane aplikacji\WildTangent
2008-09-12 11:03   ---------   d-----w   C:\Program Files\Gadu-Gadu
2008-09-11 18:03   2,915,944   ----a-w   C:\WINDOWS\system32\drivers\appdrv01.sys
2008-09-11 11:31   279,712   ----a-w   C:\WINDOWS\system32\drivers\atksgt.sys
2008-09-11 11:31   25,888   ----a-w   C:\WINDOWS\system32\drivers\lirsgt.sys
2008-09-06 09:42   ---------   d-----w   C:\Documents and Settings\Bayo\Dane aplikacji\U3
2008-03-09 13:11   14,290   -c--a-w   C:\Program Files\settings.dat
2008-02-23 13:08   24   -c--a-w   C:\Documents and Settings\Bayo\mylist.dat
2008-01-14 19:32   32   ----a-w   C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-01-10 16:32   20   ---h--w   C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLec.DAT
2008-01-10 16:32   20   ---h--w   C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLds.DAT
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{F4F10C1D-87C7-404A-B4B3-000000000000}"= "C:\PROGRA~1\DAP\SBSearch.dll" [2008-08-05 32768]

[HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-03 68856]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-09-30 270336]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"dptracker"="C:\Program Files\DigitalPeers\CamTrack\dptracker.exe" [2005-12-18 331776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=nquhgb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.divxa32"= divxa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Last.fm Helper.lnk]
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^NkbMonitor.exe.lnk]
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bayo^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Bayo^Menu Start^Programy^Autostart^Last.fm Helper.lnk]
backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Bayo^Menu Start^Programy^Autostart^Xfire.lnk]
backup=C:\WINDOWS\pss\Xfire.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dptracker

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraFixer]
--a------ 2006-04-12 09:08 20480 C:\WINDOWS\CameraFixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 10:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-08-05 12:04 3065344 C:\Program Files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 14:57 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2007-10-23 01:47 360448 C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-19 17:44 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 17:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
-ra------ 2005-09-05 08:55 339968 C:\WINDOWS\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-11-03 10:38 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
--a------ 2005-11-04 15:05 90112 C:\WINDOWS\tsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
--------- 2004-10-14 14:55 32768 C:\PROGRA~1\NEOSTR~1\GestMAJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--------- 2004-08-23 12:49 20480 C:\PROGRA~1\NEOSTR~1\Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a--c--- 2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"H:\\nwn2\\nwn2main.exe"=
"H:\\nwn2\\nwn2main_amdxp.exe"=
"H:\\nwn2\\nwupdate.exe"=
"H:\\nwn2\\nwn2server.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Tlen.pl\\tlen.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"J:\\crysis\\Bin32\\Crysis.exe"=
"J:\\crysis\\Bin32\\CrysisDedicatedServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"J:\\Mass Effect\\Binaries\\MassEffect.exe"=
"J:\\Mass Effect\\MassEffectLauncher.exe"=
"H:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"=
"H:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 appdrv01;Application Driver (01);C:\WINDOWS\system32\Drivers\appdrv01.sys [2008-09-11 2915944]
R2 MSSQL$AUTODESKVAULT;SQL Server (AUTODESKVAULT);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-13 28933976]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 116992]
R3 EraserUtilDrvI7;EraserUtilDrvI7;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys [2008-09-17 99376]
R3 uscbs109;uscbs109;C:\WINDOWS\system32\DRIVERS\uscbs109.sys [2005-03-21 8672]
R3 uscsc109;uscsc109;C:\WINDOWS\system32\DRIVERS\uscsc109.sys [2005-03-21 102336]
S2 appdrvrem01;Application Driver Auto Removal Service (01);C:\WINDOWS\System32\appdrvrem01.exe svc [ ]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 64000]
S3 GameConsoleService;GameConsoleService;C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe [2008-08-26 242424]
S3 RkHit;RkHit;C:\WINDOWS\system32\drivers\RKHit.sys [2008-09-16 30080]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc63c344-6589-11dd-9dfc-4d6564696130}]
\Shell\AutoRun\command - K:\autorun.exe
.
- - - - USUNIĘTO PUSTE WPISY - - - -

BHO-{029564b8-39cc-41de-854d-816e6fc81a70} - C:\WINDOWS\system32\nquhgb.dll
BHO-{22E77BAE-2C7B-48ED-8DA8-0B7A4F8333D2} - C:\WINDOWS\system32\qoMeEXnn.dll
BHO-{EEBCEA7B-BA5B-435E-883F-D142A2F1B51A} - C:\WINDOWS\system32\hgGxUnNe.dll
ShellExecuteHooks-{EEBCEA7B-BA5B-435E-883F-D142A2F1B51A} - C:\WINDOWS\system32\hgGxUnNe.dll
MSConfigStartUp-69448718212622670223354533722497 - C:\Program Files\Antivirus 2009\av2009.exe
MSConfigStartUp-AQQ - C:\DOCUME~1\Bayo\MOJEDO~1\AQQ\AQQ.exe
MSConfigStartUp-Startup Manager - C:\Documents and Settings\Bayo\Dane aplikacji\Systweak\ASO 2\smstartUp manager.exe


.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\Bayo\Dane aplikacji\Mozilla\Firefox\Profiles\cjtxheze.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.wp.pl/
FF -: plugin - C:\Program Files\Anti-Leech\ALNN\npalnn.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npalnn.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPCARDS.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPMAHJONG.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPMARBLES.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPWORDSSINGLE.dll
FF -: plugin - G:\Reader\browser\nppdf32.dll
.
.
------- Skojarzenia plików -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-02 13:43:14
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\system32\FTRTSVC.exe
H:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
H:\MATLAB6p5\bin\win32\matlab.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Czas ukończenia: 2008-11-02 13:48:00 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2008-11-02 12:47:56

Przed: 2 411 261 952 bajtów wolnych
Po: 2,557,333,504 bajtów wolnych

295   --- E O F ---   2008-10-24 13:03:29
Awatar użytkownika
Batonn
 
Posty: 623
Dołączenie: 22 Sty 2006, 17:05
Miejscowość: Kraków
Pochwały: 54



Dziwne procesy w menadzerze urzadzen

Postprzez Magik 02 Lis 2008, 14:56

ten pliki przeskanuj na virustotal.com i wklej raport

Kod: Zaznacz wszystko
C:\WINDOWS\system32\AK083E209605E394C.lie
C:\Program Files\settings.dat
C:\Documents and Settings\Bayo\mylist.dat
C:\WINDOWS\CameraFixer.exe



wklej do notatnika
Kod: Zaznacz wszystko
Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc63c344-6589-11dd-9dfc-4d6564696130}]


zapisz jako fix.reg i odpal

przeskanuj kompa i wklej raport

http://www.kaspersky.com/virusscanner
Image Image
Awatar użytkownika
Magik
~user
 
Posty: 7956
Dołączenie: 08 Maj 2004, 09:17
Miejscowość: Głogów
Pochwały: 886



Re: dziwne procesy w menadzerze urzadzen

Postprzez Batonn 02 Lis 2008, 16:21

Pierwszy plik:
Kod: Zaznacz wszystko
Antywirus     Wersja     Ostatnia aktualizacja     Wynik
AhnLab-V3   2008.11.1.0   2008.11.01   -
AntiVir   7.9.0.10   2008.10.31   -
Authentium   5.1.0.4   2008.11.01   -
Avast   4.8.1248.0   2008.11.01   -
AVG   8.0.0.161   2008.11.02   -
BitDefender   7.2   2008.11.02   -
CAT-QuickHeal   9.50   2008.11.01   -
ClamAV   0.94.1   2008.11.02   -
DrWeb   4.44.0.09170   2008.11.02   -
eSafe   7.0.17.0   2008.10.30   -
eTrust-Vet   31.6.6185   2008.11.01   -
Ewido   4.0   2008.11.02   -
F-Prot   4.4.4.56   2008.11.01   -
F-Secure   8.0.14332.0   2008.11.02   -
Fortinet   3.117.0.0   2008.10.31   -
GData   19   2008.11.02   -
Ikarus   T3.1.1.44.0   2008.11.02   -
K7AntiVirus   7.10.514   2008.11.01   -
Kaspersky   7.0.0.125   2008.11.02   -
McAfee   5421   2008.11.02   -
Microsoft   1.4005   2008.11.02   -
NOD32   3575   2008.10.31   -
Norman   5.80.02   2008.10.31   -
Panda   9.0.0.4   2008.11.02   -
PCTools   4.4.2.0   2008.11.02   -
Prevx1   V2   2008.11.02   -
Rising   21.01.62.00   2008.11.02   -
SecureWeb-Gateway   6.7.6   2008.11.02   -
Sophos   4.35.0   2008.11.02   -
Sunbelt   3.1.1767.2   2008.10.31   -
Symantec   10   2008.11.02   -
TheHacker   6.3.1.1.135   2008.10.31   -
TrendMicro   8.700.0.1004   2008.10.31   -
VBA32   3.12.8.9   2008.11.02   -
ViRobot   2008.10.31.1446   2008.10.31   -
VirusBuster   4.5.11.0   2008.11.01   -
Dodatkowe informacje
File size: 42 bytes
MD5...: 7c83d770a2924472d0d25cae7e5d9372
SHA1..: b0695b4d0c0495279275e7842c490e6ddc7e70ed
SHA256: 53d19c5da24b2fd8887292341d60ddaa1f7fb55b8d7b84c46767be53588b5b68
SHA512: 3e646482701ecdc9ab632f5c443b2a7c093589bee2076a1c69c7655bdeb383ba
86c64687ab97c0280802301d0bcfbe02264dfaefd71e621f34fe6d854e4c5ccd
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -


Drugi plik:
Kod: Zaznacz wszystko
Antywirus     Wersja     Ostatnia aktualizacja     Wynik
AhnLab-V3   2008.11.1.0   2008.11.01   -
AntiVir   7.9.0.10   2008.10.31   -
Authentium   5.1.0.4   2008.11.01   -
Avast   4.8.1248.0   2008.11.01   -
AVG   8.0.0.161   2008.11.02   -
BitDefender   7.2   2008.11.02   -
CAT-QuickHeal   9.50   2008.11.01   -
ClamAV   0.94.1   2008.11.02   -
DrWeb   4.44.0.09170   2008.11.02   -
eSafe   7.0.17.0   2008.10.30   -
eTrust-Vet   31.6.6185   2008.11.01   -
Ewido   4.0   2008.11.02   -
F-Prot   4.4.4.56   2008.11.01   -
F-Secure   8.0.14332.0   2008.11.02   -
Fortinet   3.117.0.0   2008.10.31   -
GData   19   2008.11.02   -
Ikarus   T3.1.1.44.0   2008.11.02   -
K7AntiVirus   7.10.514   2008.11.01   -
Kaspersky   7.0.0.125   2008.11.02   -
McAfee   5421   2008.11.02   -
Microsoft   1.4005   2008.11.02   -
NOD32   3575   2008.10.31   -
Norman   5.80.02   2008.10.31   -
Panda   9.0.0.4   2008.11.02   -
PCTools   4.4.2.0   2008.11.02   -
Prevx1   V2   2008.11.02   -
Rising   21.01.62.00   2008.11.02   -
SecureWeb-Gateway   6.7.6   2008.11.02   -
Sophos   4.35.0   2008.11.02   -
Sunbelt   3.1.1767.2   2008.10.31   -
Symantec   10   2008.11.02   -
TheHacker   6.3.1.1.135   2008.10.31   -
TrendMicro   8.700.0.1004   2008.10.31   -
VBA32   3.12.8.9   2008.11.02   -
ViRobot   2008.10.31.1446   2008.10.31   -
VirusBuster   4.5.11.0   2008.11.01   -
Dodatkowe informacje
File size: 14290 bytes
MD5...: bb54a9e1f9e72e5be033068dc0f559c2
SHA1..: 6a145be6d574900e7ad1f93e3df687ca8f8b9aed
SHA256: 0270c9d6762fd2668a9d6aed61a3297cac3f4f9dd6215d0c70aa5dea927d927e
SHA512: 6b0bc9d2378c79ab2531926dfdd005ee6ff02100a744f6219e44684b85940554
52ae1311e1c8c2bdb7cf9f760ed6f2452e8fb5775f5a25cb32bfbeafa211b9ce
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -


Trzeci pilk:
Kod: Zaznacz wszystko
Antywirus     Wersja     Ostatnia aktualizacja     Wynik
AhnLab-V3   2008.11.1.0   2008.11.01   -
AntiVir   7.9.0.10   2008.10.31   -
Authentium   5.1.0.4   2008.11.01   -
Avast   4.8.1248.0   2008.11.01   -
AVG   8.0.0.161   2008.11.02   -
BitDefender   7.2   2008.11.02   -
CAT-QuickHeal   9.50   2008.11.01   -
ClamAV   0.94.1   2008.11.02   -
DrWeb   4.44.0.09170   2008.11.02   -
eSafe   7.0.17.0   2008.10.30   -
eTrust-Vet   31.6.6185   2008.11.01   -
Ewido   4.0   2008.11.02   -
F-Prot   4.4.4.56   2008.11.01   -
F-Secure   8.0.14332.0   2008.11.02   -
Fortinet   3.117.0.0   2008.10.31   -
GData   19   2008.11.02   -
Ikarus   T3.1.1.44.0   2008.11.02   -
K7AntiVirus   7.10.514   2008.11.01   -
Kaspersky   7.0.0.125   2008.11.02   -
McAfee   5421   2008.11.02   -
Microsoft   1.4005   2008.11.02   -
NOD32   3575   2008.10.31   -
Norman   5.80.02   2008.10.31   -
Panda   9.0.0.4   2008.11.02   -
PCTools   4.4.2.0   2008.11.02   -
Prevx1   V2   2008.11.02   -
Rising   21.01.62.00   2008.11.02   -
SecureWeb-Gateway   6.7.6   2008.11.02   -
Sophos   4.35.0   2008.11.02   -
Sunbelt   3.1.1767.2   2008.10.31   -
Symantec   10   2008.11.02   -
TheHacker   6.3.1.1.135   2008.10.31   -
TrendMicro   8.700.0.1004   2008.10.31   -
VBA32   3.12.8.9   2008.11.02   -
ViRobot   2008.10.31.1446   2008.10.31   -
VirusBuster   4.5.11.0   2008.11.01   -
Dodatkowe informacje
File size: 24 bytes
MD5...: 6c1d40d4643c4c8f5d6ae093042ef95c
SHA1..: 544c666a86bda861a4b4e82d6f22d0404adcf4bf
SHA256: e75661db1613039d2d584f4efac389da1ef60bbe03eccb7520d705af04a812ba
SHA512: 0a6e6a5f40629cff5b6f9b627a944ae45480d6204bd62c6131677f8c9e63579a
3144871d7ca7a2e652db59c6355feb9862f2cc8a7e5ccab3ed6606bde3b6db9b
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -


Czwarty plik:
Kod: Zaznacz wszystko
Antywirus     Wersja     Ostatnia aktualizacja     Wynik
AhnLab-V3   2008.11.1.0   2008.11.01   -
AntiVir   7.9.0.10   2008.10.31   -
Authentium   5.1.0.4   2008.11.01   -
Avast   4.8.1248.0   2008.11.01   -
AVG   8.0.0.161   2008.11.02   -
BitDefender   7.2   2008.11.02   -
CAT-QuickHeal   9.50   2008.11.01   -
ClamAV   0.94.1   2008.11.02   -
DrWeb   4.44.0.09170   2008.11.02   -
eSafe   7.0.17.0   2008.10.30   -
eTrust-Vet   31.6.6185   2008.11.01   -
Ewido   4.0   2008.11.02   -
F-Prot   4.4.4.56   2008.11.01   -
F-Secure   8.0.14332.0   2008.11.02   -
Fortinet   3.117.0.0   2008.10.31   Misc/VirtInf
GData   19   2008.11.02   -
Ikarus   T3.1.1.44.0   2008.11.02   -
K7AntiVirus   7.10.514   2008.11.01   -
McAfee   5421   2008.11.02   -
Microsoft   1.4005   2008.11.02   -
NOD32   3575   2008.10.31   -
Norman   5.80.02   2008.10.31   -
Panda   9.0.0.4   2008.11.02   Suspicious file
PCTools   4.4.2.0   2008.11.02   -
Prevx1   V2   2008.11.02   -
Rising   21.01.62.00   2008.11.02   -
SecureWeb-Gateway   6.7.6   2008.11.02   -
Sophos   4.35.0   2008.11.02   -
Sunbelt   3.1.1767.2   2008.10.31   -
Symantec   10   2008.11.02   -
TheHacker   6.3.1.1.135   2008.10.31   -
TrendMicro   8.700.0.1004   2008.10.31   -
VBA32   3.12.8.9   2008.11.02   -
ViRobot   2008.10.31.1446   2008.10.31   -
VirusBuster   4.5.11.0   2008.11.01   -
Dodatkowe informacje
File size: 20480 bytes
MD5...: 117780d1ae72c81c1eb669baa6a9e2b9
SHA1..: b76dcd839ad6020a8b3bb6b3bcd5d06acd6b8682
SHA256: cd0ad9043e5a3d302150e0cf0833f0986c33bf0645f79e60afccefb1a91447a5
SHA512: cfb0ab8d938f0aec2fdb10f57ef3437a3609b63c78305db297d9ed209c519c3e
5e010537ec72faa41883a862ae4ca79b669ddb23965c1db506a2a56d585be902
PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40184e
timedatestamp.....: 0x443c5312 (Wed Apr 12 01:08:34 2006)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xaa2 0x1000 4.35 05c980546be08d65022ae1e636ee7952
.rdata 0x2000 0x9c2 0x1000 3.53 37deb4e749d849c6bbcf7870bc5f7117
.data 0x3000 0x188 0x1000 0.30 7ad3db42a2f9d91d3008d8fac53b1054
.rsrc 0x4000 0xa18 0x1000 2.34 45871359b2d7311476f2c17f1f7ed923

( 5 imports )
> MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> MSVCRT.dll: __p__fmode, __set_app_type, _except_handler3, _controlfp, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, _onexit, __p__commode, _setmbcp, __CxxFrameHandler, _strupr, strstr, __dllonexit
> KERNEL32.dll: Process32First, GetStartupInfoA, OpenProcess, TerminateProcess, GetModuleHandleA, CreateToolhelp32Snapshot, Process32Next, CloseHandle
> USER32.dll: IsIconic, KillTimer, EnableWindow, GetSystemMetrics, GetClientRect, DrawIcon, SendMessageA, SetTimer, LoadIconA
> ADVAPI32.dll: RegDeleteValueA, RegEnumValueA, RegOpenKeyExA

( 0 exports )
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=117780d1ae72c81c1eb669baa6a9e2b9


Log z Kasperskiego:
Kod: Zaznacz wszystko
Sunday, November 2, 2008
Operating System: Microsoft Windows XP Professional Dodatek Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, November 02, 2008 07:40:08
Records in database: 1367023
Scan settings
Scan using the following database    extended
Scan archives    yes
Scan mail databases    yes
Scan area    Critical Areas
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
C:\Documents and Settings\Bayo\Menu Start\Programy\Autostart
C:\Program Files
C:\WINDOWS
Scan statistics
Files scanned    57450
Threat name    1
Infected objects    1
Suspicious objects    0
Duration of the scan    00:49:57

File name    Threat name    Threats count
C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll   Infected: not-a-virus:WebToolbar.Win32.Zango.aw   1   
The selected area was scanned.
Awatar użytkownika
Batonn
 
Posty: 623
Dołączenie: 22 Sty 2006, 17:05
Miejscowość: Kraków
Pochwały: 54



Dziwne procesy w menadzerze urzadzen

Postprzez Magik 02 Lis 2008, 16:32

jedyna rzecza do ktorej mozna sie przyzcepic to

wklej do notatnika
Kod: Zaznacz wszystko
FILE::
C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll


>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
Image Image
Awatar użytkownika
Magik
~user
 
Posty: 7956
Dołączenie: 08 Maj 2004, 09:17
Miejscowość: Głogów
Pochwały: 886



Dziwne procesy w menadzerze urzadzen

Postprzez djarta 02 Lis 2008, 16:48

C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll Infected: not-a-virus:WebToolbar.Win32.Zango.aw 1
The selected area was scanned.

Wg mnie - jest to False Alarm.

Sprawdź go na --> http://virusscan.jotti.org/
albo na http://www.virustotal.com/en/indexf.html.


=================
K.
Pozdrawiam djarta. :)
djarta
~user
 
Posty: 684
Dołączenie: 31 Lip 2008, 10:49
Pochwały: 55




Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 16 gości