Komputer zawirusowany??

**Posty:** 35 · przez **Believer** 06 Gru 2008, 15:35

Wiec mam serwer gry muonline , jednak od dluszego czasu przegladarka zaczyna szfankowac , Norton 2008 wykrywa Tockingcookie czy jakos tak ale usunac nie moze , a w zwiazku z tym ze chce aby w czasie uruchomienia serwera nie wystepowaly zadne problemy skladam sie do was z prosba , jak moge usunac te wiry (Bez formata).

RSIT :

Kod: Zaznacz wszystko: Logfile of random's system information tool 1.04 (written by random/random) Run by Server at 2008-12-06 03:36:16 Microsoft Windows XP Professional Dodatek Service Pack 3 System drive C: has 84 GB (84%) free of 100 GB Total RAM: 3326 MB (61% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 03:36:23, on 2008-12-06 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20900) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe C:\AppServ\Apache2\bin\Apache.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe C:\AppServ\MySQL\bin\mysqld-nt.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\TeamViewer3\TeamViewer_Service.exe C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Dyn.pl DNSUpdate\DNSUpdate.exe C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Program Files\RealVNC\VNC4\winvnc4.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\Winamp\winamp.exe C:\AppServ\Apache2\bin\Apache.exe C:\Documents and Settings\Server\Pulpit\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Server.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKCU\..\Run: [DNSUpdate] C:\Program Files\Dyn.pl DNSUpdate\DNSUpdate.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - S-1-5-18 Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: Norton Internet Security.lnk = C:\Program Files\Common Files\Symantec Shared\NPC\2.0\uiStub2.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (User 'SYSTEM') O4 - .DEFAULT Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (User 'Default user') O4 - .DEFAULT Startup: Norton Internet Security.lnk = C:\Program Files\Common Files\Symantec Shared\NPC\2.0\uiStub2.exe (User 'Default user') O4 - .DEFAULT Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (User 'Default user') O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O4 - Startup: Norton Internet Security.lnk = C:\Program Files\Common Files\Symantec Shared\NPC\2.0\uiStub2.exe O4 - Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{798DF77F-ECEE-46C6-A461-9650AE8C3EA9}: NameServer = 194.204.159.1,194.204.159.64 O17 - HKLM\System\CCS\Services\Tcpip\..\{7E9400E4-951C-414F-839C-8EB308C95C61}: NameServer = 194.204.159.1,104.204.159.64 O17 - HKLM\System\CCS\Services\Tcpip\..\{BB3C3DF0-54C4-4AE3-BA54-196CD6D01FDD}: NameServer = 194.204.152.34 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache2 - Apache Software Foundation - C:\AppServ\Apache2\bin\Apache.exe O23 - Service: Harmonogram automatycznej usługi LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- End of file - 8485 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Norton Internet Security - Uruchom pełne skanowanie systemu - Server.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-09-27 308832] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll [2008-06-30 349552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-10-12 116088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2008-06-30 349552] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848] "nwiz"=nwiz.exe /install [] "AdslTaskBar"=C:\WINDOWS\system32\stmctrl.dll [2006-06-02 151552] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-11 86016] "osCheck"=C:\Program Files\Norton Internet Security\osCheck.exe [2008-02-06 718704] "ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-09-27 185872] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-10-17 16844800] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"=C:\Program Files\Gadu-Gadu\gg.exe [2008-03-20 2127296] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-08-12 21741864] "Orb"=C:\Program Files\Winamp Remote\bin\OrbTray.exe [2008-04-01 507904] "DNSUpdate"=C:\Program Files\Dyn.pl DNSUpdate\DNSUpdate.exe [2007-04-08 290816] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Documents and Settings\Server\Menu Start\Programy\Autostart hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe Norton Internet Security.lnk - C:\Program Files\Common Files\Symantec Shared\NPC\2.0\uiStub2.exe Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2007-10-09 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "DisableStatusMessages"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoSMMyPictures"=1 "NoSMConfigurePrograms"=1 "NoSMHelp"=1 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb" "C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray" "C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2008-12-06 03:36:16 ----D---- C:\rsit 2008-12-03 20:24:34 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Google 2008-12-03 17:56:49 ----D---- C:\Documents and Settings\Server\Dane aplikacji\Hamachi 2008-12-03 17:56:19 ----D---- C:\Program Files\Hamachi 2008-11-30 18:55:02 ----D---- C:\Program Files\RealVNC 2008-11-25 12:55:14 ----D---- C:\Documents and Settings\Server\Dane aplikacji\MargonemMapki 2008-11-21 18:07:35 ----A---- C:\WINDOWS\system32\MRT.exe 2008-11-16 18:23:45 ----D---- C:\Program Files\Common Files\Borland Shared 2008-11-16 18:23:44 ----D---- C:\Program Files\Borland 2008-11-13 04:00:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2008-11-13 04:00:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$ 2008-11-13 04:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2008-11-11 00:28:25 ----D---- C:\Program Files\WinHex 2008-11-09 16:11:31 ----D---- C:\Documents and Settings\Server\Dane aplikacji\Media Player Classic 2008-11-09 09:29:17 ----D---- C:\Fraps ======List of files/folders modified in the last 1 months====== 2008-12-06 03:36:19 ----D---- C:\WINDOWS\Temp 2008-12-06 03:36:19 ----D---- C:\Program Files\Common Files\Symantec Shared 2008-12-06 03:36:17 ----D---- C:\WINDOWS\Prefetch 2008-12-06 00:30:05 ----D---- C:\Program Files\Mozilla Firefox 2008-12-05 18:48:13 ----D---- C:\Program Files\TeamViewer3 2008-12-04 19:36:46 ----D---- C:\AppServ 2008-12-03 20:59:54 ----D---- C:\Documents and Settings\Server\Dane aplikacji\Skype 2008-12-03 20:59:47 ----D---- C:\Documents and Settings\Server\Dane aplikacji\skypePM 2008-12-03 20:59:39 ----D---- C:\WINDOWS\system32\dllcache 2008-12-03 20:59:38 ----D---- C:\WINDOWS 2008-12-03 20:59:19 ----D---- C:\WINDOWS\system32\CatRoot2 2008-12-03 20:58:40 ----D---- C:\WINDOWS\system32 2008-12-03 20:57:50 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-12-03 17:56:31 ----HD---- C:\WINDOWS\inf 2008-12-03 17:56:27 ----D---- C:\WINDOWS\system32\drivers 2008-12-03 17:56:19 ----RD---- C:\Program Files 2008-12-03 13:40:33 ----D---- C:\WINDOWS\system32\CatRoot 2008-12-03 13:38:36 ----D---- C:\WINDOWS\Help 2008-11-30 09:08:00 ----A---- C:\WINDOWS\HEDIT.INI 2008-11-25 21:20:43 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-11-23 18:15:03 ----A---- C:\WINDOWS\wincmd.ini 2008-11-21 20:32:03 ----A---- C:\WINDOWS\wcx_ftp.ini 2008-11-21 18:07:37 ----D---- C:\WINDOWS\Debug 2008-11-16 18:24:17 ----SHD---- C:\WINDOWS\Installer 2008-11-16 18:23:45 ----D---- C:\Program Files\Common Files 2008-11-13 04:00:28 ----HD---- C:\WINDOWS\$hf_mig$ 2008-11-11 09:08:59 ----D---- C:\Program Files\Winamp Remote 2008-11-09 09:36:02 ----AD---- C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-11-09 09:30:16 ----D---- C:\Program Files\Gadu-Gadu ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [] R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2004-05-05 4228] R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [] R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-01-31 43696] R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-06-13 184240] R1 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032] R2 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\drivers\CO_Mon.sys [] R2 rspndr;Responder odnajdywania topologii warstwy łącza; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2006-11-08 62336] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [] R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-12-03 25280] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2007-10-16 138752] R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-17 4617728] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-10-16 12160] R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081205.008\NAVENG.SYS [] R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081205.008\NAVEX15.SYS [] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-11 3958496] R3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-01-31 279088] R3 Stmatm;ATM/ADSL miniport; C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 60255] R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2008-06-13 13616] R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [] R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2008-06-13 96432] R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2008-06-13 38576] R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20081204.001\SymIDSCo.sys [] R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280] R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2008-06-13 37424] R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320] R3 TaurusUsb;ADSL Modem USB Service; C:\WINDOWS\system32\DRIVERS\torususb.sys [2006-05-25 684265] R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys [] S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\LNE100V5.sys [2007-10-17 36224] S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS [] S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS [] S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-01-31 317616] S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280] S3 teamviewervpn;TeamViewer VPN Adapter; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2007-10-09 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2007-10-09 82944] S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-10-17 265856] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-09-28 72704] R2 Apache2;Apache2; C:\AppServ\Apache2\bin\Apache.exe [2006-04-29 20541] R2 Automatic LiveUpdate Scheduler;Harmonogram automatycznej usługi LiveUpdate; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-09 238968] R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352] R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352] R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352] R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352] R2 MSSQLSERVER;MSSQLSERVER; C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe [2000-08-06 7442493] R2 mysql;mysql; C:\AppServ\MySQL\bin\mysqld-nt --defaults-file=C:\AppServ\MySQL\my.ini mysql [] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715] R2 SQLSERVERAGENT;SQLSERVERAGENT; C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe [2000-08-06 303170] R2 TeamViewer;TeamViewer 3; C:\Program Files\TeamViewer3\TeamViewer_Service.exe [2008-10-07 185640] R3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-10-12 1245064] S2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2006-05-12 439248] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-22 55640] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-09-05 3220856] S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2000-08-06 65602] S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] -----------------EOF-----------------[/quote] [b] ComboFix:[/b] [quote]ComboFix 08-12-05.02 - Server 2008-12-06 3:38:34.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1988 [GMT 1:00] Uruchomiony z: c:\documents and settings\Server\Pulpit\ComboFix.exe * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\Cfx32.lic c:\windows\system32\cfx32.ocx . ((((((((((((((((((((((((( Pliki utworzone od 2008-11-06 do 2008-12-06 ))))))))))))))))))))))))))))))) . 2008-12-06 03:36 . 2008-12-06 03:36 <DIR> d-------- C:\rsit 2008-12-03 17:56 . 2008-12-03 17:56 <DIR> d-------- c:\program files\Hamachi 2008-12-03 17:56 . 2008-12-06 03:25 <DIR> d-------- c:\documents and settings\Server\Dane aplikacji\Hamachi 2008-12-03 17:56 . 2008-12-03 17:56 25,280 --a------ c:\windows\system32\drivers\hamachi.sys 2008-11-30 18:55 . 2008-11-30 18:55 <DIR> d-------- c:\program files\RealVNC 2008-11-25 12:55 . 2008-11-25 12:55 <DIR> d-------- c:\documents and settings\Server\Dane aplikacji\MargonemMapki 2008-11-16 18:24 . 2008-11-16 18:29 <DIR> d-------- c:\documents and settings\Server\.borland 2008-11-16 18:23 . 2008-11-16 18:23 <DIR> d-------- c:\program files\Common Files\Borland Shared 2008-11-16 18:23 . 2008-11-16 18:23 <DIR> d-------- c:\program files\Borland 2008-11-12 19:18 . 2008-09-04 18:17 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll 2008-11-12 19:18 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-11 00:28 . 2008-11-11 00:35 <DIR> d-------- c:\program files\WinHex 2008-11-09 16:11 . 2008-11-09 16:11 <DIR> d-------- c:\documents and settings\Server\Dane aplikacji\Media Player Classic 2008-11-09 09:29 . 2008-11-11 08:28 <DIR> d-------- C:\Fraps . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-06 02:39 --------- d-----w c:\program files\Common Files\Symantec Shared 2008-12-05 17:48 --------- d-----w c:\program files\TeamViewer3 2008-12-03 19:59 --------- d-----w c:\documents and settings\Server\Dane aplikacji\skypePM 2008-12-03 19:59 --------- d-----w c:\documents and settings\Server\Dane aplikacji\Skype 2008-11-11 08:08 --------- d-----w c:\program files\Winamp Remote 2008-11-09 08:36 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP 2008-11-09 08:30 --------- d-----w c:\program files\Gadu-Gadu 2008-11-01 12:10 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\NVIDIA 2008-11-01 11:55 --------- d-----w c:\program files\Sunbelt Software 2008-10-31 14:31 --------- d-----w c:\program files\Kerio 2008-10-31 14:12 --------- d-----w c:\documents and settings\Server\Dane aplikacji\uTorrent 2008-10-31 14:11 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-10-31 13:56 --------- d-----w c:\program files\AutoConnect 2008-10-31 13:49 --------- d-----w c:\program files\neostrada tp 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-18 22:21 --------- d-----w c:\documents and settings\Server\Dane aplikacji\TeamViewer 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll 2008-10-13 18:50 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Symantec 2008-10-12 06:54 --------- d-----w c:\program files\Dyn.pl DNSUpdate 2008-10-12 06:47 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2008-10-12 06:47 60,800 ----a-w c:\windows\system32\S32EVNT1.DLL 2008-10-12 06:47 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS 2008-10-12 06:47 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2008-10-12 06:47 --------- d-----w c:\program files\Symantec 2008-10-12 06:38 --------- d-----w c:\program files\Norton Internet Security 2008-10-12 06:37 --------- d-----w c:\program files\Windows Sidebar 2008-10-11 23:45 --------- d-----w c:\program files\Trend Micro 2008-10-11 21:42 --------- d-----w c:\program files\Sony Ericsson 2008-10-11 13:34 --------- d-----w c:\documents and settings\Server\Dane aplikacji\Noth2 2008-10-11 13:33 --------- d-----w c:\program files\NotH 2008-10-11 12:22 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-11 12:22 --------- d-----w c:\program files\Common Files\Teleca Shared 2008-10-11 12:22 --------- d-----w c:\documents and settings\Server\Dane aplikacji\Teleca 2008-10-11 12:22 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Sony Ericsson 2008-10-11 12:16 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Teleca 2008-10-11 12:15 --------- d-----w c:\documents and settings\Server\Dane aplikacji\Sony 2008-10-11 09:00 --------- d-----w c:\program files\Common Files\Adobe 2008-10-11 08:59 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Adobe Systems 2008-10-11 07:53 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\OrbNetworks 2008-10-10 06:56 --------- d-----w c:\windows\system32\config\systemprofile\Dane aplikacji\TeamViewer 2008-10-09 21:11 --------- d-----w c:\documents and settings\LocalService\Dane aplikacji\TeamViewer 2008-10-09 14:45 --------- d-----w c:\program files\microsoft frontpage 2008-10-03 16:23 6,068,224 ------w c:\windows\system32\dllcache\ieframe.dll 2008-10-02 23:46 81,920 ----a-w c:\windows\system32\frapsvid.dll 2008-09-15 15:27 1,846,656 ----a-w c:\windows\system32\win32k.sys 2008-09-15 15:27 1,846,656 ------w c:\windows\system32\dllcache\win32k.sys 2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll 2008-09-10 01:15 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll 2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys . ((((((((((((((((((((((((((((( snapshot@2008-11-01_12.29.59,67 ))))))))))))))))))))))))))))))))))))))))) . + 2008-09-10 01:12:48 1,379,840 ----a-w c:\windows\$hf_mig$\KB954459\SP3QFE\msxml6.dll + 2007-11-30 12:40:46 19,320 ----a-w c:\windows\$hf_mig$\KB954459\spmsg.dll + 2007-11-30 12:40:46 234,360 ----a-w c:\windows\$hf_mig$\KB954459\spuninst.exe + 2007-11-30 12:40:46 26,488 ----a-w c:\windows\$hf_mig$\KB954459\update\spcustom.dll + 2007-11-30 12:40:47 763,256 ----a-w c:\windows\$hf_mig$\KB954459\update\update.exe + 2007-11-30 12:40:47 398,200 ----a-w c:\windows\$hf_mig$\KB954459\update\updspapi.dll + 2008-10-04 19:16:46 1,887,080 ----a-w c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe + 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys + 2008-11-16 17:24:12 4,710 ----a-r c:\windows\Installer\{72263053-50D1-4598-9502-51ED64E54C51}\ARPPRODUCTICON.exe - 2008-11-01 10:34:34 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2008-12-03 14:49:05 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-11-01 10:34:34 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat + 2008-12-03 14:49:05 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat - 2008-11-01 10:34:34 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat + 2008-12-03 14:49:05 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat + 2008-01-25 09:12:34 25,088 ----a-w c:\windows\system32\drivers\teamviewervpn.sys + 2008-10-05 03:16:26 235,936 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.exe + 2008-11-25 20:20:42 89,102 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe + 1995-01-13 12:10:00 149,504 ----a-w c:\windows\system32\MFCANS32.DLL + 2008-11-03 15:10:26 17,318,336 ----a-w c:\windows\system32\MRT.exe - 2008-04-14 17:20:39 1,104,896 ----a-w c:\windows\system32\msxml3.dll + 2008-09-04 17:17:13 1,106,944 ----a-w c:\windows\system32\msxml3.dll + 1995-05-21 22:00:00 640,512 ----a-w c:\windows\system32\OC30.DLL + 2002-08-09 12:00:00 4,082,688 ----a-w c:\windows\system32\qtintf70.dll + 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll + 2008-10-16 13:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll - 2007-11-30 11:21:28 19,320 ------w c:\windows\system32\spmsg.dll + 2008-07-08 13:20:04 19,320 ------w c:\windows\system32\spmsg.dll + 1997-08-05 01:01:00 345,536 ----a-w c:\windows\system32\stdvcl32.dll + 2002-08-09 12:00:00 549,888 ----a-w c:\windows\system32\stdvcl40.dll + 1995-10-27 15:06:04 1,115,136 ----a-w c:\windows\system32\VCFIDL32.DLL + 1995-10-27 15:06:04 566,784 ----a-w c:\windows\system32\VCFIWZ32.DLL + 1995-10-27 15:41:46 62,464 ----a-w c:\windows\system32\VSPELL32.DLL + 2008-12-03 19:59:15 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_440.dat . -- Migawka wyzerowana -- . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864] "Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904] "DNSUpdate"="c:\program files\Dyn.pl DNSUpdate\DNSUpdate.exe" [2007-04-08 290816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016] "osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2008-02-06 718704] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-27 185872] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe] "AdslTaskBar"="stmctrl.dll" [2006-06-02 c:\windows\system32\stmctrl.dll] "RTHDCPL"="RTHDCPL.EXE" [2007-10-17 c:\windows\RTHDCPL.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-08-26 c:\windows\system32\advpack.dll] c:\documents and settings\Server\Menu Start\Programy\Autostart\ hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-12-03 625952] Norton Internet Security.lnk - c:\program files\Common Files\Symantec Shared\NPC\2.0\uiStub2.exe [2008-02-06 104312] Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2008-10-06 69632] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2008-10-06 69632] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMHelp"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMHelp"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "d:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "80:TCP"= 80:TCP:Enabled "6112:TCP"= 6112:TCP:war R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-01-25 149352] R2 TeamViewer;TeamViewer 3;"c:\program files\TeamViewer3\TeamViewer_Service.exe" -service [2008-10-07 185640] R3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2008-01-12 23888] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-10-12 99376] R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\DRIVERS\stmatm.sys [2008-09-25 60255] R3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\DRIVERS\torususb.sys [2008-09-25 684265] S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\DRIVERS\LNE100V5.sys [2007-10-17 36224] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088] *Newly Created Service* - COMHOST . Zawartość folderu 'Zaplanowane zadania' 2008-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-12-05 c:\windows\Tasks\Norton Internet Security - Uruchom pełne skanowanie systemu - Server.job - c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 07:05] . . ------- Skan uzupełniający ------- . uLocal Page = uStart Page = hxxp://www.neostrada.pl TCP: {798DF77F-ECEE-46C6-A461-9650AE8C3EA9} = 194.204.159.1,194.204.159.64 TCP: {7E9400E4-951C-414F-839C-8EB308C95C61} = 194.204.159.1,104.204.159.64 TCP: {BB3C3DF0-54C4-4AE3-BA54-196CD6D01FDD} = 194.204.152.34 217.98.63.164 FireFox -: Profile - c:\documents and settings\Server\Dane aplikacji\Mozilla\Firefox\Profiles\tm353g5o.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava11.dll FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava12.dll FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava13.dll FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava32.dll FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJPI140_03.dll FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPOJI610.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava11.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava12.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava13.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava32.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJPI140_03.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPOJI610.dll FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll FF -: plugin - d:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - d:\program files\RealPlayer\Netscape6\nppl3260.dll FF -: plugin - d:\program files\RealPlayer\Netscape6\nprjplug.dll FF -: plugin - d:\program files\RealPlayer\Netscape6\nprpjplug.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-06 03:39:35 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mysql] "ImagePath"="c:\appserv\MySQL\bin\mysqld-nt --defaults-file=c:\appserv\MySQL\my.ini mysql" . Czas ukończenia: 2008-12-06 3:40:10 ComboFix-quarantined-files.txt 2008-12-06 02:39:58 ComboFix2.txt 2008-11-01 11:31:11 Przed: 87 654 490 112 bajtów wolnych Po: 87,831,691,264 bajtów wolnych 257 --- E O F --- 2008-11-21 17:08:33

**Posty:** 18165 · przez **wojtas** 06 Gru 2008, 18:16

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

**Posty:** 35 · przez **Believer** 06 Gru 2008, 23:29

Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:28:58, on 2008-12-06
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\AppServ\Apache2\bin\Apache.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\AppServ\MySQL\bin\mysqld-nt.exe
C:\AppServ\Apache2\bin\Apache.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TeamViewer3\TeamViewer_Service.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe
C:\Program Files\Gadu-Gadu\gg.exe
D:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Dyn.pl DNSUpdate\DNSUpdate.exe
D:\MuServer\MUServerStartUP.exe
d:\muserver\dataserver1\dataserver1.exe
d:\muserver\dataserver2\dataserver2.exe
d:\muserver\joinserver\joinserver.exe
C:\Documents and Settings\Server\Moje dokumenty\HiJackThis.exe
d:\muserver\connectserver\cs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [DNSUpdate] C:\Program Files\Dyn.pl DNSUpdate\DNSUpdate.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - S-1-5-18 Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Norton Internet Security.lnk = C:\Program Files\Common Files\Symantec Shared\NPC\2.0\uiStub2.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (User 'Default user')
O4 - .DEFAULT Startup: Norton Internet Security.lnk = C:\Program Files\Common Files\Symantec Shared\NPC\2.0\uiStub2.exe (User 'Default user')
O4 - .DEFAULT Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Norton Internet Security.lnk = C:\Program Files\Common Files\Symantec Shared\NPC\2.0\uiStub2.exe
O4 - Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{798DF77F-ECEE-46C6-A461-9650AE8C3EA9}: NameServer = 194.204.159.1,194.204.159.64
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E9400E4-951C-414F-839C-8EB308C95C61}: NameServer = 194.204.159.1,104.204.159.64
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB3C3DF0-54C4-4AE3-BA54-196CD6D01FDD}: NameServer = 194.204.152.34 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\AppServ\Apache2\bin\Apache.exe
O23 - Service: Harmonogram automatycznej usługi LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 8413 bytes

**Posty:** 300 · przez **sgsman** 07 Gru 2008, 00:04

1. Wsadź loga z hijackthisa w tagi code.
2. Zrób to, co polecił Wojtas, po czym rzuć logi z tych programów