Problem bodajze z Keylogerem

Dla specjalistów Bezpieczeństwo
#1

Zrobiłem jak kazałeś ale co zrobic z Unknown application ??

to log po fixowaniu :

Logfile of HijackThis v1.99.1

Scan saved at 18:26:14, on 2007-11-11

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe

C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe

C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe

C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

C:\WINDOWS\VM303_STI.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\SOUNDMAN.EXE

E:\Program Files\D-Tools\daemon.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

C:\Program Files\YahooFriend\YahooFriend.exe

C:\WINDOWS\services.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\mozilla.org\Mozilla\mozilla.exe

C:\WINDOWS\system32\NOTEPAD.EXE

E:\hijackthis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: TBSB03006 - {23B79195-6807-4098-9ECD-3B6EADCE87AB} - F:\Programy\Tubely Toolbar\tubely.dll

O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL

O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)

O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O3 - Toolbar: Tubely Toolbar - {BFB5F154-9212-46F3-B547-AC6106030A54} - F:\Programy\Tubely Toolbar\tubely.dll

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"

O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"

O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

O4 - HKLM\..\Run: [Onet.pl AutoUpdate] "C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe" /updateexetsr

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [BearShare] "E:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [Repair Registry Pro] e:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s

O4 - HKLM\..\Run: [BearFlix] "e:\Program Files\BearFlix\BearFlix.exe" /pause

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

O4 - HKLM\..\Run: [Yahoo! Friend] C:\Program Files\YahooFriend\YahooFriend.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe

O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [Windows] C:\WINDOWS\services.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [FreeCall] "F:\Programy\FreeCall\FreeCall.exe" -nosplash -minimized

O4 - HKCU\..\Run: [STManager] C:/Program Files/SpeedTouch/Dr SpeedTouch/drst.exe -b

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [SMS Express] "C:\Program Files\SMS Express\smsexpr.exe" /tray

O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKCU\..\Run: [AVSystemCare] C:\Program Files\AVSystemCare\pgs.exe /min

O4 - HKCU\..\Run: [DumbEggs] C:\DOCUME~1\Rodzinka\DANEAP~1\1GRIM~1\SizeBait.exe

O4 - HKCU\..\Run: [BitDownload] "C:\Program Files\BitDownload\BitDownload.exe" /minimized

O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [Yahoo! Pager] ~"F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe

O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?01d38c443a764d7b91ac73ab68059b57

O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?01d38c443a764d7b91ac73ab68059b57

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - http://slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocx

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://82.146.224.245:85/activex/AxisCamControl.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C4} (GameDesire Pool Training) - http://67.15.101.3/g_bin/pl/billardt_2_0_0_31.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4F321D90-9F5B-433A-B86D-5E10FD6DB09D}: NameServer = 213.241.79.37 83.238.255.76

O17 - HKLM\System\CS1\Services\Tcpip\..\{4F321D90-9F5B-433A-B86D-5E10FD6DB09D}: NameServer = 213.241.79.37 83.238.255.76

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
#2

usuń wpisy HJT

Daj log z ComboFix oraz

Pobierz program SDFix

#3

Przepraszam za nie objecie Tagiem i za nie prawidłowy temat to moja wina nie doczytałem się tego na forum.

o to log z ComboFix :

ComboFix 07-11-08.1 - Rodzinka 2007-11-11 23:23:39.1 - NTFSx86 

Microsoft Windows XP Home Edition 5.1.2600.1.1250.1.1045.18.207 [GMT 1:00]

Running from: C:\Documents and Settings\Rodzinka\Pulpit\ComboFix.exe

 * Created a new restore point

.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.


C:\Documents and Settings\Rodzinka\Dane aplikacji.\AVSystemCare

C:\Documents and Settings\Rodzinka\Dane aplikacji.\AVSystemCare\avtasks.dat

C:\Documents and Settings\Rodzinka\Dane aplikacji.\AVSystemCare\Logs\av.log

C:\Documents and Settings\Rodzinka\Dane aplikacji.\AVSystemCare\Logs\ga6Support.log

C:\Documents and Settings\Rodzinka\Dane aplikacji\FunWebProducts

C:\Documents and Settings\Rodzinka\Dane aplikacji\install_en[1].exe

C:\Documents and Settings\Rodzinka\Dane aplikacji\MessengerSkinner

C:\Documents and Settings\Rodzinka\Dane aplikacji\MessengerSkinner\Userdata\languages_v2.xml

C:\Documents and Settings\Rodzinka\Dane aplikacji\MessengerSkinner\Userdata\pack1.cab

C:\Documents and Settings\Rodzinka\Menu Start\Programy\MessengerSkinner

C:\Documents and Settings\Rodzinka\Menu Start\Programy\MessengerSkinner\MessengerSkinner.lnk

C:\Documents and Settings\Rodzinka\Menu Start\Programy\MessengerSkinner\Privacy Policy.lnk

C:\Documents and Settings\Rodzinka\Menu Start\Programy\MessengerSkinner\Terms and conditions.lnk

C:\Documents and Settings\Rodzinka\Menu Start\Programy\MessengerSkinner\Website.lnk

C:\Documents and Settings\Rodzinka\ResErrors.log

C:\Program Files\AVSystemCare

C:\Program Files\AVSystemCare\history.db

C:\Program Files\FunWebProducts

C:\Program Files\FunWebProducts\ScreenSaver\Images\[u]0[/u]0A5F615.urr

C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html

C:\Program Files\internet explorer\msimg32.dll

C:\Program Files\myglobalsearch

C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR

C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST

C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR

C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST

C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL

C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL

C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]067CA6F.bin

C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]067CCFF.bin

C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]067D04B.bin

C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]0E630F4

C:\Program Files\myglobalsearch\bar\Cache\files.ini

C:\Program Files\myglobalsearch\bar\History\search

C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm

C:\Program Files\MyWebSearch

C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG

C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR

C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE

C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV

C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT

C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR

C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST

C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE

C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR

C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST

C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE

C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE

C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE

C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL

C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL

C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL

C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]030423F

C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0A5C3F9

C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0A5CF82

C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0A5F2E9.bin

C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0A5FB84.bin

C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0A6093F.bin

C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0A611AC.bin

C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0AA07B5

C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0C2D2A2.bin

C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0C2E04E.bin

C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0C31AD6.bin

C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0C31D47.bin

C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0C32B32.bin

C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]25016A5

C:\Program Files\MyWebSearch\bar\Cache\files.ini

C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S

C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S

C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S

C:\Program Files\MyWebSearch\bar\History\search2

C:\Program Files\MyWebSearch\bar\icons\CM.ICO

C:\Program Files\MyWebSearch\bar\icons\MFC.ICO

C:\Program Files\MyWebSearch\bar\icons\PSS.ICO

C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO

C:\Program Files\MyWebSearch\bar\icons\WB.ICO

C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO

C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S

C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S

C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S

C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S

C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S

C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S

C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S

C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S

C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S

C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S

C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm

C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat

C:\Program Files\MyWebSearch\bar\Settings\setting2.htm

C:\Program Files\MyWebSearch\bar\Settings\settings.dat

C:\UGA6P

C:\WINDOWS\b.exe

C:\WINDOWS\pack.epk

C:\WINDOWS\services.exe

C:\WINDOWS\system32\f3PSSavr.scr

C:\WINDOWS\system32\nvs2.inf

c:\WINDOWS\system32\ugsljfuvtd.dat

C:\WINDOWS\system32\ugsljfuvtd.exe

C:\WINDOWS\system32\ugsljfuvtd_nav.dat

c:\WINDOWS\system32\ugsljfuvtd_navps.dat


.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


.

-------\LEGACY_FMTR



((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 )))))))))))))))))))))))))))))))

.


2007-11-11 23:14	51,200	--a------	C:\WINDOWS\NirCmd.exe

2007-11-11 15:45	
[/code] 



[color=darkblue][size=75][i][b]Złączono Posta[/b]: 12.11.2007 (Pon) 0:18[/i][/size][/color]

A tu Raport z SDfixa:

[code]SDFix: Version 1.114 Run by Rodzinka on 2007-11-12 at 00:00 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\SYSTEM32\TASKKILL.EXE - Deleted Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-12 00:06:07 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes … scanning hidden services & system hive … [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40] “khjeh”=hex:20,02,00,00,f8,e3,0e,3b,63,c6,96,2c,80,42,c4,44,ee,47,94,61,f0,… “hj34z0”=hex:be,c5,6a,30,3f,1e,d2,30,87,1b,83,15,64,36,7d,6a,7c,f1,20,d8,57,… scanning hidden registry entries … [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,… scanning hidden files … C:\Documents and Settings\Rodzinka\Ustawienia lokalne\Dane aplikacji\Microsoft\Messenger\mari40671@hotmail.com\SharingMetadata\xavierpgt2030@hotmail.com\DFSR\Staging\CS{E316E884-92B4-AC29-275F-23E12381E534}\01\10-{E316E884-92B4-AC29-275F-23E12381E534}-v1-{9ADDB43A-07EC-47C2-9147-56B072C0AE5F}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API C:\Documents and Settings\Rodzinka\Ustawienia lokalne\Dane aplikacji\Microsoft\Messenger\mariola3967@hotmail.com\SharingMetadata\stkhan_49@hotmail.com\DFSR\Staging\CS{08AF1368-312B-A388-EBE0-2D1798A1F959}\01\10-{08AF1368-312B-A388-EBE0-2D1798A1F959}-v1-{3FF21D0F-F4BC-4BF3-BFA3-B17422E37FA9}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API C:\Documents and Settings\Rodzinka\Ustawienia lokalne\Dane aplikacji\Microsoft\Messenger\nicesmile4067@hotmail.com\SharingMetadata\man_errs@hotmail.com\DFSR\Staging\CS{ADB165CE-CDCA-A22A-77C3-3FBFE136C95A}\01\10-{ADB165CE-CDCA-A22A-77C3-3FBFE136C95A}-v1-{4AC120FD-9664-4450-A5FF-B8CDB5B3862F}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API C:\Documents and Settings\Rodzinka\Ustawienia lokalne\Dane aplikacji\Microsoft\Messenger\nicesmile4067@hotmail.com\SharingMetadata\mub951@hotmail.com\DFSR\Staging\CS{28ED19BC-79BF-6BF9-C0EF-2CFBF2831EAD}\01\12-{28ED19BC-79BF-6BF9-C0EF-2CFBF2831EAD}-v1-{4AC120FD-9664-4450-A5FF-B8CDB5B3862F}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 4 Remaining Services: ------------------

#4

przeskanuj plik http://virusscan.jotti.org/ jak powie, że syf to usuń go ręcznie

#5

okey Dzieki nic nie wykrylo.

Bez twojej pomocy troszke bym sie pomeczyl. ;p zart zaraz bym formata robil ;]

Najleprze forum!! Polecam

#6

To już powinno być Ok