Komp caly czas wysyla e–maile
Jak w temacie komp mi caly czas wysyla maile
Logfile of HijackThis v1.97.7
Scan saved at 10:41:44, on 2005–03–02
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe
C:\WINDOWS\System\mssecure.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\skrzynka bogiego\skrzynka.exe
C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FAPIEXE.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Documents and Settings\komp 7\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: ICQ Toolbar – {855F3B16–6D32–4fe6–8A56–BBB695989046} – C:\Program Files\ICQToolbar\toolbaru.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: ICQ Toolbar – {855F3B16–6D32–4fe6–8A56–BBB695989046} – C:\Program Files\ICQToolbar\toolbaru.dll
O4 – HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 – HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 – HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 – HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 – HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 – HKLM\..\Run: [CallControl 4.5] C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe /autoload
O4 – HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe –minimize
O4 – HKLM\..\Run: [.mssecure] C:\WINDOWS\System\mssecure.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [skrzynka bogiego] C:\Program Files\skrzynka bogiego\skrzynka.exe
O4 – HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe –trayboot
O4 – Global Startup: ę ńń Canon LBP–810.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 – Extra context menu item: &ICQ Toolbar Search – res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: ICQ 4 (HKLM)
O9 – Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 – Extra button: Messenger (HKLM)
O9 – Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{E08EB5F0–494F–4118–96E1–036B0ACA972D}: NameServer = 194.204.159.1,194.204.152.34
O17 – HKLM\System\CCS\Services\Tcpip\..\{E8859024–869A–4966–82A6–43E62FFE39C9}: NameServer = 194.204.159.1,194.204.152.34
Logfile of HijackThis v1.97.7
Scan saved at 10:41:44, on 2005–03–02
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe
C:\WINDOWS\System\mssecure.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\skrzynka bogiego\skrzynka.exe
C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FAPIEXE.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Documents and Settings\komp 7\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: ICQ Toolbar – {855F3B16–6D32–4fe6–8A56–BBB695989046} – C:\Program Files\ICQToolbar\toolbaru.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: ICQ Toolbar – {855F3B16–6D32–4fe6–8A56–BBB695989046} – C:\Program Files\ICQToolbar\toolbaru.dll
O4 – HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 – HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 – HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 – HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 – HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 – HKLM\..\Run: [CallControl 4.5] C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe /autoload
O4 – HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe –minimize
O4 – HKLM\..\Run: [.mssecure] C:\WINDOWS\System\mssecure.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [skrzynka bogiego] C:\Program Files\skrzynka bogiego\skrzynka.exe
O4 – HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe –trayboot
O4 – Global Startup: ę ńń Canon LBP–810.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 – Extra context menu item: &ICQ Toolbar Search – res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: ICQ 4 (HKLM)
O9 – Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 – Extra button: Messenger (HKLM)
O9 – Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{E08EB5F0–494F–4118–96E1–036B0ACA972D}: NameServer = 194.204.159.1,194.204.152.34
O17 – HKLM\System\CCS\Services\Tcpip\..\{E8859024–869A–4966–82A6–43E62FFE39C9}: NameServer = 194.204.159.1,194.204.152.34
Odpowiedzi: 3
Chyba sie wsza na yaykach :wink: .
Nie ma za co.
Nie ma za co.
Chyba pomoglo :D
DZIEKUJE
DZIEKUJE
Powinienes sie cieszyc, bo innym nie chce w ogole :P .jot:
komp mi caly czas wysyla maile
Masz "tylko" IRC backdoor Trojana :wink:
C:\WINDOWS\System\mssecure.exe
O4 – HKLM\..\Run: [.mssecure] C:\WINDOWS\System\mssecure.exe
Strona 1 / 1