Automagiczna zmiana proxy

Get · Czerwiec 26, 2008

Witam.

Mam problem którego nie jestem w stanie nazwać :huh: - otóż jakiś program zmienia mi proxy na takie, które uniemożliwia różnym aplikacjom łączenie się z internetem. Nie jestem w stanie zlokalizować tego programu, niczego też ostatnio nie instalowałem.

http://img187.imageshack.us/my.php?image=uo0070rm9.jpg

http://img167.imageshack.us/my.php?image=uo0069fi4.jpg

http://img167.imageshack.us/my.php?image=uo0066lx3.jpg"

http://img187.imageshack.us/my.php?image=uo0068jg8.jpg"

To napewno nie firewall. Jakieś propozycje?

Ghost · Czerwiec 26, 2008

A masz zainstalowaną usługę proxy na swoim komputerze? Bo w tym ostatnim screenie widać, że kierujesz ruch na swój własny komputer, a skoro tak to znaczy, że używasz masz włączony jakiś program proxy.

Czy jak ustawiasz opcję "bez serwera proxy" to wraca do tych ustawień co pokazuje ten screen?

Get · Czerwiec 27, 2008

Tak. Co do tego programu proxy to niczego ostatnio nie instalowałem, ale biorąc pod uwagę że z komputera korzysta pięć osób, to się nie dowiem...

HiJackThis wykaz:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:15:37, on 2008-06-27

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Hotspot Shield\bin\openvpnas.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\progra~1\scansoft\paperport\pptd40nt.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\WINDOWS\system32\hphmon04.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AdVantage\AdVantage.exe

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\Program Files\Neostrada TP\ComComp.exe

C:\WINDOWS\system32\HPHipm11.exe

C:\Program Files\Neostrada TP\Watch.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url="http://search.bearshare.com/sidebar.html?src=ssb"]http://search.bearshare.com/sidebar.html?src=ssb[/url]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://google.bearshare.com/pl"]http://google.bearshare.com/pl[/url]

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url="http://www.google.pl/"]http://www.google.pl/[/url]

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [url="http://www.google.pl/search?q=%s"]http://www.google.pl/search?q=%s[/url]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=127.0.0.1:7070

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll

O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperport\pptd40nt.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe

O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe

O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"

O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{BA2F8C04-C436-4478-BEEA-D179AFD9BA7C}: NameServer = 194.204.159.1 217.98.63.164

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX? - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel? Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Anno 1503 Zlota Edycja Drivers Auto Removal (pr2ajfae) (pr2ajfae) - Cenega Poland - C:\WINDOWS\system32\pr2ajfae.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


--

End of file - 10244 bytes

W sumie nie wiem czmu go dałem xd

Ghost · Czerwiec 27, 2008

C:\Program Files\Hotspot Shield\bin\openvpnas.exe

Ta pozycja jest dla mnie niejasna. Wyłącz ten program i sprawdź czy pomogło.

wies.niak · Czerwiec 27, 2008

Usuń pliki i katalogi oznaczone na czerwono. W razie problemów, użyj programu killbox z zaznaczoną opcją delete on reboot (najpierw dodaj wszystkie pliki, a później restart). Wywal bearshare.

C:\Program Files\AdVantage\AdVantage.exe

Wpisy do usunięcia:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http: //search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http: //google.bearshare.com/pl

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=127.0.0.1:7070

O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll

O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

Do usunięcia

O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll

użyj programu LSPFix. Tylko uwaga: jeśli program pokaże więcej wpisów, a nie tylko ten jeden, to pozostałych nie ruszasz, one są ok - usuwasz tylko ten jeden.

Ghost -> Z tego co znalazłem, ta cała aplikacja to coś w stylu firewalla Hotspot Shield.

O, dodam to, co właśnie znalazłem na necie odnośnie tego gamelink.dll:

Part of an app. called Easy2Game, an "overseas online gaming" proxy service

Get · Czerwiec 27, 2008

Wszystko udało się usunąć bezproblemowo... Wycisnąłem z brata zeznania, i okazało się że zainstalował jakiś "program do anonimowego ip", ale "coś się zepsuło" i go usunął... Nie pamięta nazwy programu...

Macie jakieś inne pomysły prócz formatu? (i izolacji młodszego brata od komp.?)

wies.niak · Czerwiec 27, 2008

Udało się usunąć, ale nie pomogło, tak? (Zrestartowałeś system po tym?)

Odpal combofix i wklej z niego log, albo daj w załączniku.

Get · Czerwiec 27, 2008

Tak, zrestartowałem. Próbowałem też back-upa, rezultat ten sam.

ComboFix 08-06-20.4 - Windows 2008-06-27 20:34:22.1 - NTFSx86

Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.703 [GMT 2:00]

Running from: C:\Documents and Settings\Windows\Pulpit\ComboFix.exe

 * Created a new restore point

 * Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.


C:\Program Files\myglobalsearch

C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR

C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST

C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR

C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST

C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL

C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL


.

(((((((((((((((((((((((((   Files Created from 2008-05-27 to 2008-06-27  )))))))))))))))))))))))))))))))

.


2008-06-27 14:24 . 2008-06-27 14:24	<DIR>	d--------	C:\Program Files\jv16 PowerTools

2008-06-27 13:05 . 2008-06-27 13:05	<DIR>	d--------	C:\Program Files\Maxis

2008-06-27 13:04 . 2008-06-27 14:20	555	--a------	C:\WINDOWS\eReg.dat

2008-06-27 12:51 . 2008-06-27 12:57	<DIR>	d--------	C:\!KillBox

2008-06-27 08:15 . 2008-06-27 08:15	<DIR>	d--------	C:\Program Files\Trend Micro

2008-06-26 16:33 . 2008-06-26 16:33	<DIR>	d--------	C:\Program Files\BearShare Applications

2008-06-26 16:33 . 2007-11-22 16:00	483,328	--a------	C:\WINDOWS\system32\actskn45.ocx

2008-06-26 15:01 . 2008-06-26 15:01	<DIR>	d--------	C:\Program Files\Kolekcja Klasyki

2008-06-25 10:11 . 2008-06-25 10:11	<DIR>	d--------	C:\Documents and Settings\Windows\Dane aplikacji\CoopNet

2008-06-22 10:06 . 2008-03-25 02:37	69,632	--a------	C:\WINDOWS\system32\javacpl.cpl

2008-06-21 18:35 . 2008-06-21 18:35	<DIR>	d--------	C:\Program Files\14 Degrees East

2008-06-21 09:56 . 2008-06-21 09:58	<DIR>	d--------	C:\Program Files\Agent Hugo - Lemoon Twist

2008-06-19 23:46 . 2008-06-19 23:46	<DIR>	d--------	C:\Program Files\Valve

2008-06-19 09:46 . 2008-06-22 08:39	<DIR>	d--------	C:\AeriaGames

2008-06-18 09:20 . 2008-06-18 12:46	<DIR>	d--------	C:\Documents and Settings\Windows\Dane aplikacji\SPORE Creature Creator

2008-06-18 09:20 . 2008-06-18 09:20	1,096	--a------	C:\WINDOWS\system32\ealregsnapshot1.reg

2008-06-18 09:18 . 2008-06-18 09:18	<DIR>	d--------	C:\Program Files\Electronic Arts

2008-06-18 08:31 . 2008-06-18 08:48	<DIR>	d--------	C:\Documents and Settings\Windows\Dane aplikacji\Hide IP NG

2008-06-13 09:48 . 2008-06-13 10:33	43,520	--a------	C:\WINDOWS\system32\CmdLineExt03.dll

2008-06-12 21:28 . 2008-06-18 21:52	<DIR>	d--------	C:\Documents and Settings\Windows\Dane aplikacji\Corel

2008-06-12 21:26 . 2008-06-12 21:26	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Corel

2008-06-12 21:24 . 2008-06-12 21:25	<DIR>	d--------	C:\Program Files\Common Files\Corel

2008-06-12 21:22 . 2008-06-12 21:24	<DIR>	d--------	C:\Program Files\Corel

2008-06-12 21:22 . 2008-06-18 21:53	3,764	--ahs----	C:\WINDOWS\system32\KGyGaAvL.sys

2008-06-12 21:22 . 2008-06-18 21:52	88	-r-hs----	C:\WINDOWS\system32\14444ECC35.sys

2008-06-12 17:08 . 2008-03-05 15:56	3,786,760	--a------	C:\WINDOWS\system32\D3DX9_37.dll

2008-06-12 17:08 . 2008-03-05 15:56	1,420,824	--a------	C:\WINDOWS\system32\D3DCompiler_37.dll

2008-06-12 17:08 . 2008-03-05 16:03	479,752	--a------	C:\WINDOWS\system32\XAudio2_0.dll

2008-06-12 17:08 . 2008-02-05 23:07	462,864	--a------	C:\WINDOWS\system32\d3dx10_37.dll

2008-06-12 17:08 . 2008-03-05 16:03	238,088	--a------	C:\WINDOWS\system32\xactengine3_0.dll

2008-06-12 17:08 . 2008-03-05 16:00	25,608	--a------	C:\WINDOWS\system32\X3DAudio1_3.dll

2008-06-12 11:37 . 2008-06-12 11:37	<DIR>	d--------	C:\Program Files\XviD

2008-06-12 11:29 . 2008-06-12 17:01	<DIR>	d--------	C:\Program Files\Bad Day LA

2008-06-10 12:47 . 2008-06-10 12:47	<DIR>	d--------	C:\Program Files\Sol Edit

2008-06-07 23:01 . 2008-06-07 23:01	<DIR>	d--------	C:\Program Files\Interplay

2008-06-07 22:41 . 2008-06-07 22:44	<DIR>	d--------	C:\Program Files\DAEMON Tools Lite

2008-06-02 21:17 . 2008-06-02 21:18	<DIR>	d--------	C:\Program Files\GoD

2008-06-02 21:17 . 2008-06-02 21:17	<DIR>	d--------	C:\Downloaded

2008-05-29 18:09 . 2008-06-02 15:24	<DIR>	d--------	C:\Program Files\Defcon


.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-27 18:33	---------	d-----w	C:\Program Files\Neostrada TP

2008-06-27 17:51	---------	d-----w	C:\Program Files\XP Codec Pack

2008-06-27 16:44	---------	d-----w	C:\Documents and Settings\Windows\Dane aplikacji\Hamachi

2008-06-27 14:10	---------	d-----w	C:\Documents and Settings\Windows\Dane aplikacji\Skype

2008-06-27 12:58	---------	d-----w	C:\Program Files\BearShare

2008-06-27 12:55	---------	d-----w	C:\Documents and Settings\Windows\Dane aplikacji\MegauploadToolbar

2008-06-27 12:50	---------	d-----w	C:\Program Files\Conduit

2008-06-27 10:38	---------	d--h--w	C:\Program Files\InstallShield Installation Information

2008-06-27 10:22	---------	d-----w	C:\Program Files\Common Files\Adobe

2008-06-27 07:22	---------	d-----w	C:\Documents and Settings\Windows\Dane aplikacji\skypePM

2008-06-26 12:58	---------	d-----w	C:\Program Files\Wolfenstein - Enemy Territory

2008-06-26 12:53	22,328	----a-w	C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-06-26 12:53	107,832	----a-w	C:\WINDOWS\system32\PnkBstrB.exe

2008-06-22 08:06	---------	d-----w	C:\Program Files\Java

2008-06-18 07:20	107,888	----a-w	C:\WINDOWS\system32\CmdLineExt.dll

2008-06-12 08:42	---------	d-----w	C:\Program Files\Common Files\InstallShield

2008-06-11 19:46	---------	d-----w	C:\Program Files\sXe Injected

2008-06-10 10:46	---------	d-----w	C:\Program Files\Opera

2008-06-07 20:37	717,296	----a-w	C:\WINDOWS\system32\drivers\sptd.sys

2008-06-02 13:31	---------	d-----w	C:\Program Files\Odkurzacz

2008-06-02 11:14	---------	d-----w	C:\Program Files\Sigma-Team

2008-05-26 12:36	---------	d-----w	C:\Program Files\ESET

2008-05-26 12:36	---------	d-----w	C:\Program Files\Easy CD-DA Extractor 11

2008-05-26 12:36	---------	d-----w	C:\Program Files\AIDA32 - Enterprise System Information

2008-05-24 14:35	---------	d-----w	C:\Program Files\ZeroOnline

2008-05-24 14:27	---------	d-----w	C:\Program Files\EA GAMES

2008-05-24 14:23	---------	d-----w	C:\Program Files\Dealio

2008-05-24 14:22	---------	d-----w	C:\Program Files\BitComet

2008-05-24 14:22	---------	d-----w	C:\Program Files\Badongo

2008-05-19 11:48	---------	d-----w	C:\Program Files\Hamachi

2008-05-19 11:47	25,280	----a-w	C:\WINDOWS\system32\drivers\hamachi.sys

2008-05-16 14:04	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard

2008-05-16 14:04	---------	d-----w	C:\Program Files\AGEIA Technologies

2008-05-16 10:57	---------	d-----w	C:\Program Files\YouTube Downloader 3000

2008-05-16 10:52	---------	d-----w	C:\Program Files\FDRLab

2008-05-16 10:47	---------	d-----w	C:\Program Files\Softick

2008-05-16 10:43	---------	d-----w	C:\Program Files\Space Plasma 3D Screensaver

2008-05-15 14:49	82,380	----a-w	C:\WINDOWS\system32\drivers\AFS2K.SYS

2008-05-10 17:15	---------	d-----w	C:\Program Files\SHOUTcast

2008-05-10 17:03	---------	d-----w	C:\Program Files\Winamp

2008-05-09 14:09	52,736	----a-w	C:\WINDOWS\ipuninst.exe

2008-05-04 14:52	---------	d-----w	C:\Program Files\1C

2008-05-03 21:50	---------	d-----w	C:\Program Files\Alcohol Soft

2008-05-03 21:09	---------	d-----w	C:\Documents and Settings\Windows\Dane aplikacji\DAEMON Tools

2008-05-01 22:32	---------	d-----w	C:\Program Files\kRk Software

2008-04-27 05:42	---------	d-----w	C:\Documents and Settings\Windows\Dane aplikacji\MAGIX

2008-04-27 05:39	---------	d-----w	C:\Program Files\MAGIX

2008-04-27 05:39	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\MAGIX

2008-03-08 01:04	32	----a-w	C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

.


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]

			C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}]

2008-04-17 09:44	398776	--a------	C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 19:21 21898024]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]

"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-03-03 14:44 266240]

"Steam"="c:\progra~1\valve\steam\steam.exe" [2008-06-19 23:51 1271032]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008]

"nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920]

"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-01-25 16:34 949376]

"PRONoMgr.exe"="c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2002-10-23 11:15 86016]

"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 18:36 90112]

"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 19:07 24576]

"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38 866816]

"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 19:07 20480]

"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 19:07 53248]

"BearShare"="C:\Program Files\BearShare\BearShare.exe" [ ]

"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 11:42 69632]

"PaperPort PTD"="c:\progra~1\scansoft\paperport\pptd40nt.exe" [2002-03-19 09:53 29184]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 21:49 188416]

"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2002-11-22 21:48 348160]

"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-11-22 21:50 49152]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]


C:\Documents and Settings\Windows\Menu Start\Programy\Autostart\

hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-04-27 18:05:51 624416]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

"VIDC.FFDS"= ffdshow.ax


[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup


[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-05-04 11:39 149040 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]

--a------ 2007-11-14 12:54 2131392 C:\Program Files\Gadu-Gadu\gg.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

--a------ 2006-12-05 23:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

--a------ 2007-04-19 14:26 484904 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-05-04 11:59 161328 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--------- 2006-11-23 16:10 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2006-12-15 04:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wuauserv"=2 (0x2)

"wscsvc"=2 (0x2)


[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Gadu-Gadu\\gg.exe"=

"C:\\Program Files\\NEXON\\EuropeMapleStory\\Patcher.exe"=

"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=

"C:\\Program Files\\NEXON\\EuropeMapleStory\\MapleStory.exe"=

"C:\\Sierra\\Half-Life\\PingTool\\PingTool.exe"=

"C:\\Program Files\\Opera\\Opera.exe"=

"C:\\Program Files\\Hamachi\\hamachi.exe"=

"C:\\Program Files\\Google\\Google Earth\\googleearth.exe"=

"C:\\Program Files\\Valve\\Steam\\SteamApps\\error_toja\\counter-strike\\hl.exe"=

"C:\\AeriaGames\\LastChaosUSA\\LC.exe"=

"C:\\Program Files\\Valve\\Steam\\Steam.exe"=

"C:\\Program Files\\14 Degrees East\\Fallout Tactics\\BOS.exe"=

"C:\\WINDOWS\\system32\\dplaysvr.exe"=

"C:\\Program Files\\Java\\jre1.6.0_06\\bin\\javaw.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9097:TCP"= 9097:TCP:BitComet 9097 TCP

"9097:UDP"= 9097:UDP:BitComet 9097 UDP

"8461:TCP"= 8461:TCP:GoD High Port

"8462:TCP"= 8462:TCP:GoD Low Port


R0 pe3ajfae;Anno 1503 Zlota Edycja Environment Driver (pe3ajfae);C:\WINDOWS\system32\drivers\pe3ajfae.sys [2007-02-13 18:26]

R0 ps6ajfae;Anno 1503 Zlota Edycja Synchronization Driver (ps6ajfae);C:\WINDOWS\system32\drivers\ps6ajfae.sys [2007-02-13 18:25]

S2 pr2ajfae;Anno 1503 Zlota Edycja Drivers Auto Removal (pr2ajfae);C:\WINDOWS\system32\pr2ajfae.exe svc []

S3 ADM8511;Konwerter z USB na Fast Ethernet ADMtek ADM8511/AN986;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 21:11]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18]

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]

S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-03-13 04:38]


*Newly Created Service* - CATCHME


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

.

**************************************************************************


catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-27 20:37:45

Windows 5.1.2600 Dodatek Service Pack 2 NTFS


scanning hidden processes ... 


scanning hidden autostart entries ...


scanning hidden files ... 


scan completed successfully

hidden files: 0


**************************************************************************

.

Completion time: 2008-06-27 20:39:09

ComboFix-quarantined-files.txt  2008-06-27 18:39:03


Pre-Run: 13,012,373,504 bajtów wolnych

Post-Run: 13,475,213,312 bajtów wolnych


229

Następne skany wrzucam na jakiś serwer bo się tłoczy topic.

Zaloguj się

Zarchiwizowany

Automagiczna zmiana proxy

Polecane posty

Get

Link do komentarza

Udostępnij na innych stronach

Ghost

Link do komentarza

Udostępnij na innych stronach

Get

Link do komentarza

Udostępnij na innych stronach

Ghost

Link do komentarza

Udostępnij na innych stronach

wies.niak

Link do komentarza

Udostępnij na innych stronach

Get

Link do komentarza

Udostępnij na innych stronach

wies.niak

Link do komentarza

Udostępnij na innych stronach

Get

Link do komentarza

Udostępnij na innych stronach

Kto przegląda 0 użytkowników

CD-Action

Przeglądaj

Aktywność