przez lolek93 21 Sie 2008, 15:46
Witam. Dzisiaj ściągnąłem keygena do win rara włączyłem go i sprawdziłem czy działa. Następnie zainstalowałem win rara i chciałem odpalić key'a ale coś się wyświetliło serwer.exe. Wiem, że są trojany, że wysyła się plik serwer, a sobie się zostawi klienta. Zrobiłem loga z hijack This i było coś tam serwer.exe ale zrobiłem nowego i już tego nie było. Wstawiam logi z combofixa i hijack this.
- Kod: Zaznacz wszystko
ComboFix 08-08-19.06 - Kuba 2008-08-21 15:33:59.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1578 [GMT 2:00]
Running from: C:\Documents and Settings\Kuba\Pulpit\ComboFix.exe
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Kuba\Dane aplikacji\inst.exe
C:\WINDOWS\OPTIONS\CABS\_desktop.ini
.
---- Previous Run -------
.
C:\WINDOWS\lsass.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-21 to 2008-08-21 )))))))))))))))))))))))))))))))
.
2008-08-21 15:28 . 2008-08-21 15:28 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-20 17:52 . 2008-08-21 14:53 <DIR> d-------- C:\Pobrane
2008-08-20 17:47 . 2008-08-20 17:47 <DIR> d--h----- C:\WINDOWS\PIF
2008-08-14 12:50 . 2007-08-02 22:09 5,624,832 --a------ C:\WINDOWS\system\DriveIcon.dll
2008-08-14 12:50 . 2007-09-18 15:08 44,032 --a------ C:\WINDOWS\system32\drivers\RTSTOR.sys
2008-08-14 12:50 . 2004-06-30 16:24 5,430 --a------ C:\WINDOWS\system\MyMulti.ico
2008-08-14 12:14 . 2008-08-14 12:14 <DIR> d-------- C:\Program Files\Hamachi
2008-08-14 12:14 . 2008-08-14 15:46 <DIR> d-------- C:\Documents and Settings\Kuba\Dane aplikacji\Hamachi
2008-08-14 12:14 . 2008-08-14 12:14 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-08-13 18:46 . 2008-08-13 18:46 <DIR> d-------- C:\Program Files\Lonely Cat Games
2008-08-13 18:05 . 2008-08-13 18:05 <DIR> d-------- C:\Documents and Settings\Kuba\Dane aplikacji\mSzyfrFree
2008-08-13 17:15 . 2008-08-13 17:15 <DIR> d-------- C:\Program Files\SEGA
2008-08-13 11:58 . 2008-08-13 11:58 <DIR> d-------- C:\Documents and Settings\Kuba\Dane aplikacji\Ubisoft
2008-08-13 11:55 . 2008-08-13 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
2008-08-13 11:48 . 2008-08-13 11:48 <DIR> d-------- C:\Program Files\Ubisoft
2008-08-11 21:14 . 2008-08-11 21:15 25 --a------ C:\WINDOWS\system32\aces.ini
2008-08-11 15:23 . 2008-08-11 15:23 2,286,592 --a------ C:\WINDOWS\system32\TUKernel.exe
2008-08-11 15:14 . 2008-08-11 15:14 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-08-11 15:14 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-08-11 15:13 . 2008-08-11 15:13 <DIR> d-------- C:\Documents and Settings\Kuba\Dane aplikacji\TuneUp Software
2008-08-11 15:12 . 2008-08-11 15:14 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-08-11 15:12 . 2008-08-11 15:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-11 15:12 . 2008-08-11 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software
2008-08-11 13:18 . 2008-08-11 13:18 <DIR> d-------- C:\Program Files\URUSoft
2008-08-11 12:30 . 2008-08-11 12:31 <DIR> d-------- C:\Program Files\Allok RM RMVB to AVI MPEG DVD Converter
2008-08-11 11:47 . 2008-08-11 11:49 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-08-11 11:47 . 2008-08-11 11:47 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-08-11 11:46 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-08-11 11:23 . 2008-08-11 11:23 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-08-11 11:23 . 2008-08-11 11:23 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-08-11 11:23 . 2008-08-11 11:23 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-08-11 11:23 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-08-11 11:23 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-08-11 11:23 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-08-11 11:23 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-08-11 11:23 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-08-11 11:23 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-08-08 20:15 . 2008-08-08 20:16 4,905,558 --a------ C:\opera-portable-oneuse-pl-9.24.exe
2008-08-07 20:48 . 2008-08-07 20:48 <DIR> d-------- C:\FirefoxPortable
2008-08-06 12:10 . 2008-08-06 12:10 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\Xfire
2008-08-04 11:27 . 2008-08-04 11:27 <DIR> d-------- C:\Program Files\Atari
2008-08-02 13:59 . 2008-08-08 20:25 589 --a------ C:\Documents and Settings\Kuba\Dane aplikacji\szyfrator.dat
2008-08-02 13:56 . 2008-08-02 13:56 <DIR> d-------- C:\Program Files\mSzyfr
2008-08-01 22:27 . 2008-08-02 10:51 <DIR> d-------- C:\Program Files\mkvtoavis
2008-08-01 22:27 . 2008-08-02 10:51 <DIR> d-------- C:\Program Files\MKVTOAVI
2008-08-01 22:21 . 2008-08-01 22:21 <DIR> d-------- C:\Program Files\MarBit
2008-08-01 12:04 . 2008-08-01 12:12 <DIR> d-------- C:\Program Files\CPU Speed Pro
2008-07-30 22:12 . 2008-08-11 12:55 <DIR> d-------- C:\Program Files\Gabest
2008-07-30 22:11 . 2008-07-30 22:11 <DIR> d-------- C:\Program Files\XviD
2008-07-30 22:11 . 2008-08-11 12:54 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-07-30 22:11 . 2005-12-30 20:16 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-07-30 11:52 . 2008-08-02 14:02 <DIR> d-------- C:\Program Files\rFactor
2008-07-28 20:59 . 2008-04-14 22:50 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-07-28 20:59 . 2008-04-14 00:15 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-07-28 20:59 . 2008-04-14 00:15 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-07-28 20:59 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-07-28 17:34 . 2008-07-28 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
2008-07-28 17:28 . 2008-07-28 17:28 <DIR> d-------- C:\Program Files\Bonjour
2008-07-28 17:23 . 2008-07-28 17:23 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-25 19:50 . 2008-07-25 19:50 <DIR> d-------- C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire
2008-07-25 19:48 . 2008-08-06 12:09 <DIR> d-------- C:\Program Files\Xfire
2008-07-25 19:48 . 2008-08-06 12:11 <DIR> d-------- C:\Documents and Settings\Kuba\Dane aplikacji\Xfire
2008-07-25 18:49 . 2008-07-25 18:49 <DIR> d-------- C:\Program Files\uTorrent
2008-07-25 18:49 . 2008-08-13 15:06 <DIR> d-------- C:\Documents and Settings\Kuba\Dane aplikacji\uTorrent
2008-07-25 11:15 . 2008-07-25 11:15 <DIR> d-------- C:\Program Files\WoW-FE
2008-07-25 10:42 . 2008-08-21 10:52 <DIR> d-------- C:\Logs
2008-07-24 22:34 . 2008-07-24 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-07-24 14:07 . 2008-07-24 14:07 <DIR> d-------- C:\Program Files\FlashFXP
2008-07-24 14:07 . 2008-07-24 14:07 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\FlashFXP
2008-07-24 13:33 . 2008-07-24 13:33 <DIR> d-------- C:\Program Files\UltraISO
2008-07-24 13:33 . 2008-07-24 13:33 <DIR> d-------- C:\Program Files\Common Files\EZB Systems
2008-07-24 13:20 . 2008-07-28 13:09 <DIR> d-------- C:\Program Files\World of Warcraft
2008-07-24 13:20 . 2008-07-24 13:20 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-07-23 10:59 . 2008-04-14 00:15 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-07-23 10:59 . 2008-04-14 00:15 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-07-23 10:59 . 2008-07-23 10:59 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-07-23 10:59 . 2008-07-23 10:59 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-07-23 10:54 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-07-22 20:33 . 2008-07-22 20:34 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-07-22 20:33 . 2008-08-13 16:19 <DIR> d-------- C:\Documents and Settings\Kuba\SystemRequirementsLab
2008-07-22 14:50 . 2008-08-17 19:47 <DIR> d-------- C:\!Temp
2008-07-22 02:42 . 2008-07-22 02:42 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-07-21 21:17 . 2008-07-21 21:17 <DIR> d-------- C:\Program Files\OpenAL
2008-07-21 21:17 . 2008-07-21 21:17 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Codemasters
2008-07-21 21:16 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-07-21 21:16 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-07-21 21:12 . 2008-07-21 21:16 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-07-21 21:12 . 2008-07-21 21:12 <DIR> d-------- C:\WINDOWS\Logs
2008-07-21 20:38 . 2008-04-14 00:15 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-21 15:49 . 2008-07-21 15:49 <DIR> d-------- C:\Program Files\DIFX
2008-07-21 15:49 . 2008-08-11 11:55 <DIR> d-------- C:\Documents and Settings\Kuba\Dane aplikacji\Nokia
2008-07-21 15:49 . 2008-07-21 15:49 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
2008-07-21 15:48 . 2008-08-11 11:51 <DIR> d-------- C:\Program Files\Nokia
2008-07-21 15:48 . 2008-07-21 16:10 <DIR> d-------- C:\Documents and Settings\Kuba\Dane aplikacji\PC Suite
2008-07-21 15:48 . 2008-08-11 11:24 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Installations
2008-07-21 15:48 . 2008-05-07 07:38 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-07-21 13:40 . 2008-07-21 13:41 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-07-21 13:39 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-07-21 13:39 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-07-21 13:39 . 2008-07-21 13:39 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-07-21 13:39 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 12:36 --------- d-----w C:\Program Files\Dziobas Rar Player
2008-08-14 10:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-14 10:46 --------- d-----w C:\Documents and Settings\Kuba\Dane aplikacji\DAEMON Tools
2008-08-11 13:38 --------- d-----w C:\Documents and Settings\Kuba\Dane aplikacji\Vso
2008-08-11 09:49 --------- d-----w C:\Program Files\MSBuild
2008-08-06 10:11 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-08-06 10:11 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-06 10:10 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-08-05 12:38 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-08-04 14:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-01 20:20 --------- d-----w C:\Program Files\ESET
2008-08-01 20:08 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-07-21 19:17 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-07-21 19:17 109,080 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-07-21 11:40 22,328 ----a-w C:\Documents and Settings\Kuba\Dane aplikacji\PnkBstrK.sys
2008-07-21 11:34 --------- d-----w C:\Program Files\Electronic Arts
2008-07-20 15:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\vsosdk
2008-07-20 14:52 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-20 14:52 47,360 ----a-w C:\Documents and Settings\Kuba\Dane aplikacji\pcouffin.sys
2008-07-20 14:52 --------- d-----w C:\Program Files\VSO
2008-07-20 14:24 --------- d-----w C:\Program Files\Ontrack
2008-07-20 14:24 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-20 14:21 --------- d-----w C:\Program Files\WinAVI Video Converter
2008-07-20 14:21 --------- d-----w C:\Program Files\Total Video Converter
2008-07-20 14:09 --------- d-----w C:\Documents and Settings\Kuba\Dane aplikacji\Ahead
2008-07-18 08:57 --------- d-----w C:\Program Files\Microsoft Works
2008-07-17 14:29 --------- d-----w C:\Program Files\Mass Effect
2008-07-16 19:29 --------- d-----w C:\Documents and Settings\Kuba\Dane aplikacji\Media Player Classic
2008-07-16 16:05 --------- d-----w C:\Program Files\TrueCrypt
2008-07-16 15:30 --------- d-----w C:\Program Files\Sunbelt Software
2008-07-16 15:26 --------- d-----w C:\Program Files\Tibia
2008-07-16 15:24 --------- d-----w C:\Documents and Settings\Kuba\Dane aplikacji\Tibia
2008-07-03 11:16 --------- d-----w C:\Program Files\Java
2008-07-03 11:13 --------- d-----w C:\Program Files\Common Files\Java
2008-07-03 10:25 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-07-03 10:24 --------- d-----w C:\Program Files\Ahead
2008-07-03 10:23 --------- d-----w C:\Program Files\Common Files\Nero
2008-07-03 10:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-07-03 10:19 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-03 08:05 --------- d--h--r C:\Documents and Settings\Kuba\Dane aplikacji\SecuROM
2008-07-03 07:38 --------- d-----w C:\Program Files\EA Sports
2008-07-02 20:48 --------- d-----w C:\Program Files\BearShare Pro
2008-07-02 19:50 --------- d-----w C:\Program Files\Activision
2008-07-02 19:35 --------- d-----w C:\Program Files\Gadu-Gadu
2008-07-02 18:51 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-02 18:48 --------- d-----w C:\Program Files\JoWooD Productions
2008-07-02 18:32 --------- d-----w C:\Documents and Settings\Kuba\Dane aplikacji\Nowe Gadu-Gadu
2008-07-02 14:22 --------- d-----w C:\Documents and Settings\Kuba\Dane aplikacji\Gadu-Gadu
2008-07-02 14:19 --------- d-----w C:\Program Files\Winamp
2008-07-02 14:19 --------- d-----w C:\Program Files\foobar2000
2008-07-02 14:19 --------- d-----w C:\Documents and Settings\Kuba\Dane aplikacji\Winamp
2008-07-02 14:01 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-07-02 13:46 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-07-02 13:37 --------- d-----w C:\Program Files\Max Soft
2008-07-02 13:37 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-07-02 13:33 --------- d-----w C:\Program Files\Damian Pasternak
2008-07-02 13:25 --------- d-----w C:\Program Files\Realtek
2008-07-02 13:25 --------- d-----w C:\Documents and Settings\Kuba\Dane aplikacji\InstallShield
2008-07-02 13:24 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-07-02 13:24 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-07-02 13:21 --------- d-----w C:\Program Files\Intel
2008-07-02 13:17 --------- d-----w C:\Program Files\Usługi online
2008-07-02 13:14 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-07-02 13:14 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-07-02 13:14 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2008-07-02 12:56 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 12:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:51 15360]
"Catcher"="D:\programy\Catcher.exe" [2008-04-25 14:16 1439744]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-19 22:13 486856]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-07-02 15:14 949376]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 11:33 16132608 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 22:51 15360]
C:\Documents and Settings\Kuba\Menu Start\Programy\Autostart\
TuneUp Updater.exe [2008-08-07 12:46:02 28012]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"VIDC.YV12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-06-18 14:31 1122816 C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\BearShare Pro\\Bearshare.exe"=
"C:\\Program Files\\Java\\jre1.6.0_06\\launch4j-tmp\\JDownloader.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Java\\jre1.6.0_06\\bin\\javaw.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"D:\\obrazy\\Grid\\GRID.exe"=
"C:\\Program Files\\Java\\jre1.6.0_06\\bin\\java.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\SEGA\\Medieval II Total War\\medieval2.exe"=
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 22:51]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-11 15:14]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2008-08-21 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-lsass.exe - C:\WINDOWS\lsass.exe
HKU-Default-Run-Nokia.PCSync - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
MSConfigStartUp-Comrade - C:\Program Files\GameSpy\Comrade\Comrade.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\[u]0[/u]4qvfcyp.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.onet.pl
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-21 15:35:48
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
lsass.exe = C:\WINDOWS\lsass.exe?????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-08-21 15:36:52
ComboFix-quarantined-files.txt 2008-08-21 13:36:33
Pre-Run: 125,649,907,712 bajtów wolnych
Post-Run: 125,639,479,296 bajtów wolnych
297
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:39:00, on 2008-08-21
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
D:\programy\Catcher.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\Kuba\Menu Start\Programy\Autostart\TuneUp Updater.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Kuba\Pulpit\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Catcher] D:\programy\Catcher.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: TuneUp Updater.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 5802 bytes
CPU: Intel Core i3-2330M 2.2GHz | RAM: 4GB DDR 3 | GPU: GEFORCE GT 540M 1GB | OS: Windows 8 | NET: TOYA 30 Mbit |
