Skocz do zawartości


Zdjęcie

Przestarzałe tematy dotyczące sprawdzania logów

Rozpoczęty przez warrez , 12 01 2007 23:57

  • Zamknięty Temat jest zamknięty
180 odpowiedzi w tym temacie

#161 api

api

    Obserwator

  • 5 postów

Napisano 24 07 2007 - 19:18

Hej, Ponizej log, Bardzo bym prosił o sprawdzenie i ewentualna podpowiedz, bo mam pare błedów na kompie i nie wiem co juz mam z nim zrobić. (nie moge np. za oraz przeinstalowac windowsa) :/



Logfile of HijackThis v1.99.1
Scan saved at 19:16:22, on 2007-07-24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Kalendarz XP\Kalendarz.exe
F:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Gadu-Gadu\gg.exe
D:\Program Files\Winamp\winamp.exe
D:\Program Files\Opera\Opera.exe
D:\Program Files\AVerTV\QuickTV.exe
D:\Documents and Settings\Adrian\Pulpit\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinDVR SchSvr] "D:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kalendarz XP] D:\Program Files\Kalendarz XP\Kalendarz.exe
O4 - HKCU\..\Run: [STYLEXP] D:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O8 - Extra context menu item: Download all links using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - F:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - D:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - F:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: StyleXPService - Unknown owner - D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

Dzieki!

  • 0

#162 Maciej13

Maciej13

    SecurityMaster

  • 261 postów

Napisano 25 07 2007 - 00:13 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

Fix w Hjt.

Pokaż logi z: Silent Runners + ComboFix.

  • 0

#163 api

api

    Obserwator

  • 5 postów

Napisano 25 07 2007 - 18:12

Oto Logi z Silent Runners:

"Silent Runners.vbs", revision R51, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"STYLEXP" = "D:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide" [empty string]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]
"WinampAgent" = "D:\Program Files\Winamp\winampa.exe" [null data]
"WMC_AutoUpdate" = "(empty string)" [file not found]
"nod32kui" = ""D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
"WinDVR SchSvr" = ""D:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"" ["InterVideo Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"QuickTime Task" = ""D:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"Kalendarz XP" = "D:\Program Files\Kalendarz XP\Kalendarz.exe" [empty string]

HKLM\Software\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "D:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"
-> {HKLM...CLSID} = "BitComet Helper"
\InProcServer32\(Default) = "D:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll" ["BitComet"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" [file not found]
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}" = "Microsoft Agent Character Property Sheet Handler"
-> {HKLM...CLSID} = "Microsoft Agent Character Property Sheet Handler"
\InProcServer32\(Default) = "D:\WINDOWS\msagent\agentpsh.dll" [file not found]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "D:\WINDOWS\system32\shdocvw.dll" [MS]
"{E07111B5-44B3-4DD6-B77E-1FA21F1F3A37}" = "iolo Context Defrag"
-> {HKLM...CLSID} = "iolo Context Defrag"
\InProcServer32\(Default) = "D:\PROGRA~1\iolo\System Mechanic 5 Professional\CONTEXTDEFRAG.DLL" [file not found]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "D:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\rpshell.dll" [file not found]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" [file not found]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" [file not found]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "D:\Program Files\Eset\nodshex.dll" [null data]
"{79BC0345-1015-11D2-A299-006008312725}" = "blue.shell"
-> {HKLM...CLSID} = "Studio.Project"
\InProcServer32\(Default) = "f:\Pinnacle\Studio 10\programs\BlueShellExt.dll" [file not found]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" [file not found]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "D:\Program Files\Eset\nodshex.dll" [null data]
SM_ContextDefrag\(Default) = "{E07111B5-44B3-4DD6-B77E-1FA21F1F3A37}"
-> {HKLM...CLSID} = "iolo Context Defrag"
\InProcServer32\(Default) = "D:\PROGRA~1\iolo\System Mechanic 5 Professional\CONTEXTDEFRAG.DLL" [file not found]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
SM_ContextDefrag\(Default) = "{E07111B5-44B3-4DD6-B77E-1FA21F1F3A37}"
-> {HKLM...CLSID} = "iolo Context Defrag"
\InProcServer32\(Default) = "D:\PROGRA~1\iolo\System Mechanic 5 Professional\CONTEXTDEFRAG.DLL" [file not found]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "D:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoSMBalloonTip" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoSaveSettings" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Desktop|
Don't save settings at exit}

"NoRecentDocsHistory" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"CDRAutoRun" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"MemCheckBoxInRunDlg" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoClose" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoAutoTrayNotify" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoResolveTrack" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoResolveSearch" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"LinkResolveIgnoreLinkInfo" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoStartBanner" = (REG_BINARY) hex:01 00 00 00
{Remove "Click here to begin" from Start button}

"NoWelcomeScreen" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoRecentDocsNetHood" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoDesktopCleanupWizard" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoSharedDocuments" = (REG_DWORD) hex:0x00000001
{User Configuration|Administrative Templates|Windows Components|Windows Explorer|
Remove Shared Documents from My Computer}

"NoThemesTab" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoRemoteRecursiveEvents" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoStrCmpLogical" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoClose" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoCDBurning" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"NoDispAppearancePage" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoColorChoice" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoDispBackgroundPage" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Control Panel|Display|
Hide Desktop tab}

"NoDispCPL" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Control Panel|Display|
Remove Display in Control Panel}

"NoDispSettingsPage" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoDispScrSavPage" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoVisualStyleChoice" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoSizeChoice" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\

"NoUpdateCheck" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"RunStartupScriptSync" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"SynchronousMachineGroupPolicy" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"SynchronousUserGroupPolicy" = (REG_DWORD) hex:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\Documents and Settings\Adrian\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
D:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 11
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 27
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_07"
\InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll" ["Sun Microsystems, Inc."]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

MSSQL$PINNACLESYS, MSSQL$PINNACLESYS, ""F:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS" [MS]
NOD32 Kernel Service, NOD32krn, ""D:\Program Files\Eset\nod32krn.exe"" ["Eset "]
NVIDIA Display Driver Service, NVSvc, "D:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "D:\WINDOWS\system32\wdfmgr.exe" [MS]


---------- (launch time: 2007-07-25 18:07:47)
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 56 seconds, including 11 seconds for message boxes)




i Combo fix


"Adrian" - 2007-07-25 17:44:49 - ComboFix 07-07-13.8 - Dodatek Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


D:\WINDOWS\system32\jhqougln.dll
D:\WINDOWS\system32\nlguoqhj.ini
D:\WINDOWS\system32\ayyxx.bak1
D:\WINDOWS\system32\ayyxx.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


D:\WINDOWS\system32\components


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-06-25 to 2007-07-25 )))))))))))))))))))))))))))))))


2007-07-20 09:30 89,184 --a------ D:\WINDOWS\system32\drivers\imagedrv.sys
2007-07-20 09:30 155,648 --a------ D:\WINDOWS\system32\NeroCheck.exe
2007-07-20 09:30 <DIR> d-------- D:\Program Files\Common Files\Ahead
2007-07-20 09:30 <DIR> d-------- D:\Program Files\Ahead
2007-07-19 23:49 <DIR> d-------- D:\DOCUME~1\Adrian\DANEAP~1\Apple Computer
2007-07-19 09:07 <DIR> d-------- D:\Program Files\Common Files\TV
2007-07-19 09:07 <DIR> d-------- D:\Program Files\AVerTV
2007-07-19 08:32 33,340 --a------ D:\WINDOWS\system32\dbmsqlgc.dll
2007-07-19 08:32 24,576 --a------ D:\WINDOWS\system32\dbmsgnet.dll
2007-07-19 08:31 <DIR> d-------- D:\Program Files\Microsoft SQL Server
2007-07-19 08:30 765,952 --------- D:\WINDOWS\system32\msvcp71d.dll
2007-07-19 08:30 544,768 --------- D:\WINDOWS\system32\msvcr71d.dll
2007-07-19 08:30 <DIR> d-------- D:\WINDOWS\Cache
2007-07-19 08:20 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\Apple Computer
2007-07-19 08:18 171,008 --a------ D:\WINDOWS\system32\drivers\MarvinBus.sys
2007-07-19 08:17 65,536 --a------ D:\WINDOWS\system32\MFC71DEU.DLL
2007-07-19 08:17 61,440 --a------ D:\WINDOWS\system32\MFC71ITA.DLL
2007-07-19 08:17 61,440 --a------ D:\WINDOWS\system32\MFC71FRA.DLL
2007-07-19 08:17 61,440 --a------ D:\WINDOWS\system32\MFC71ESP.DLL
2007-07-19 08:17 57,344 --a------ D:\WINDOWS\system32\MFC71ENU.DLL
2007-07-19 08:17 49,152 --a------ D:\WINDOWS\system32\MFC71KOR.DLL
2007-07-19 08:17 49,152 --a------ D:\WINDOWS\system32\MFC71JPN.DLL
2007-07-19 08:17 45,056 --a------ D:\WINDOWS\system32\MFC71CHT.DLL
2007-07-19 08:17 40,960 --a------ D:\WINDOWS\system32\MFC71CHS.DLL
2007-07-19 08:17 <DIR> d-------- D:\WINDOWS\Downloaded Installations
2007-07-19 08:14 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\Pinnacle Studio
2007-07-19 08:14 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\Pinnacle
2007-07-19 08:13 14,165 --a------ D:\WINDOWS\system32\drivers\Pclepci.sys
2007-07-19 08:13 <DIR> d-------- D:\Program Files\Pinnacle
2007-07-18 22:46 <DIR> d-------- D:\DOCUME~1\Adrian\DANEAP~1\GetRightToGo
2007-07-18 00:33 <DIR> d-------- D:\Video
2007-07-18 00:32 286,720 --a------ D:\WINDOWS\iun506.exe
2007-07-18 00:31 <DIR> d-------- D:\Program Files\Home Media Networks Limited
2007-07-18 00:28 <DIR> d-------- D:\Program Files\JTV
2007-07-17 23:19 9,312 -ra------ D:\WINDOWS\system32\drivers\cx88xbar.sys
2007-07-17 23:19 45,056 -ra------ D:\WINDOWS\system32\IOCtl880.dll
2007-07-17 23:19 32,032 -ra------ D:\WINDOWS\system32\drivers\cx88tune.sys
2007-07-17 23:18 270,336 -ra------ D:\WINDOWS\system32\drivers\cx88vid.sys
2007-07-17 22:59 <DIR> d-------- D:\Program Files\Realtek AC97
2007-07-17 22:27 <DIR> d-------- D:\WINDOWS\setup.pss
2007-07-17 22:26 <DIR> d-------- D:\WINDOWS\setupupd
2007-07-17 21:59 51,200 --a------ D:\WINDOWS\nircmd.exe
2007-07-17 09:32 49,152 --a------ D:\WINDOWS\system32\ChCfg.exe
2007-07-17 09:31 315,392 --a------ D:\WINDOWS\alcupd.exe
2007-07-17 00:55 9,856 --------- D:\WINDOWS\system32\drivers\pfc.sys
2007-07-17 00:55 204,800 --a------ D:\WINDOWS\system32\IVIresizeW7.dll
2007-07-17 00:55 200,704 --a------ D:\WINDOWS\system32\IVIresizeA6.dll
2007-07-17 00:55 20,480 --a------ D:\WINDOWS\system32\IVIresize.dll
2007-07-17 00:55 192,512 --a------ D:\WINDOWS\system32\IVIresizeP6.dll
2007-07-17 00:55 192,512 --a------ D:\WINDOWS\system32\IVIresizeM6.dll
2007-07-17 00:55 188,416 --a------ D:\WINDOWS\system32\IVIresizePX.dll
2007-07-16 23:18 <DIR> d-------- D:\Program Files\SkanerOnline
2007-07-16 21:54 <DIR> d-------- D:\Program Files\Real Alternative
2007-07-16 21:54 <DIR> d-------- D:\Program Files\Media Player Classic
2007-07-16 21:54 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\Real
2007-07-16 21:54 <DIR> d-------- D:\DOCUME~1\Adrian\DANEAP~1\Real
2007-07-16 21:16 <DIR> d-------- D:\WINDOWS\CSC
2007-07-15 23:35 2,494,464 --a------ D:\WINDOWS\system32\AdvrCntr2.dll
2007-07-15 23:35 2,494,464 --a------ D:\WINDOWS\system\AdvrCntr2.dll
2007-07-14 20:46 <DIR> d-------- D:\Program Files\XviD
2007-07-14 20:45 <DIR> d-------- D:\Program Files\ffdshow
2007-07-14 19:08 1,376 --a------ D:\WINDOWS\system32\wind13p.sys
2007-07-14 19:04 <DIR> d-------- D:\Program Files\ChrisTV
2007-07-14 18:51 19,840 --a------ D:\WINDOWS\system32\drivers\PhilTune.sys
2007-07-14 18:25 420,240 --a------ D:\WINDOWS\system32\mpg4c32.dll
2007-07-14 18:23 <DIR> d-------- D:\Program Files\WinFast
2007-07-14 18:22 <DIR> d-------- D:\WinFast WorkArea
2007-07-14 17:33 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\InterVideo
2007-07-14 17:32 <DIR> d-------- D:\Program Files\InterVideo
2007-07-14 17:32 <DIR> d-------- D:\Program Files\Common Files\InterVideo
2007-07-14 16:12 73,728 --a------ D:\WINDOWS\system32\VbiCallback.dll
2007-07-14 16:05 54,784 --a------ D:\WINDOWS\system32\vfwwdm32.dll
2007-07-13 00:47 144,896 --a------ D:\WINDOWS\system32\schannel.dll
2007-07-13 00:33 502,368 --a------ D:\WINDOWS\system32\drivers\amon.sys
2007-07-13 00:33 274,432 --a------ D:\WINDOWS\system32\imon.dll
2007-07-12 23:22 86,016 --a------ D:\WINDOWS\system32\install.dll
2007-07-12 23:22 45,056 --a------ D:\WINDOWS\system32\DEDriverDLL.dll
2007-07-12 23:22 397,312 --a------ D:\WINDOWS\system32\RaConfig.exe
2007-07-12 23:22 36,864 --a------ D:\WINDOWS\system32\WRLSetup.exe
2007-07-12 23:22 32,768 --a------ D:\WINDOWS\system32\SmartInstallCfg2.dll
2007-07-12 23:22 28,672 --a------ D:\WINDOWS\system32\CCS24.exe
2007-07-12 21:42 0 -rahs---- D:\MSDOS.SYS
2007-07-12 21:42 0 -rahs---- D:\IO.SYS
2007-07-12 21:42 0 --a------ D:\CONFIG.SYS
2007-07-12 21:42 0 --a------ D:\AUTOEXEC.BAT
2007-07-10 22:05 18,944 --a------ D:\WINDOWS\system32\simptcp.dll
2007-07-10 21:22 62,848 --a------ D:\WINDOWS\system32\drivers\RT2400.sys
2007-06-28 23:34 <DIR> d-------- D:\WINDOWS\srchasst
2007-06-28 23:34 <DIR> d-------- D:\WINDOWS\peernet
2007-06-28 23:34 <DIR> d-------- D:\WINDOWS\msagent


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-25 15:45:37 -------- d-----w D:\Program Files\Kalendarz XP
2007-07-25 15:39:45 87,846 ----a-w D:\WINDOWS\system32\perfc015.dat
2007-07-25 15:39:45 477,964 ----a-w D:\WINDOWS\system32\perfh015.dat
2007-07-24 17:37:26 -------- d--h--w D:\Program Files\InstallShield Installation Information
2007-07-19 06:21:14 -------- d-----w D:\Program Files\QuickTime
2007-07-17 20:13:47 -------- d-----w D:\Program Files\Common Files\Symantec Shared
2007-07-16 21:50:59 -------- d-----w D:\Program Files\CyberLink
2007-07-15 21:11:53 -------- d-----w D:\DOCUME~1\Adrian\DANEAP~1\TransRender
2007-07-15 21:11:14 -------- d-----w D:\DOCUME~1\Adrian\DANEAP~1\Temporary
2007-07-15 21:10:23 -------- d-----w D:\DOCUME~1\Adrian\DANEAP~1\Samsung
2007-07-15 21:00:45 -------- d-----w D:\Program Files\Samsung
2007-07-14 07:34:33 -------- d-----w D:\Program Files\Opera
2007-07-13 21:39:38 -------- d-----w D:\Program Files\Last.fm
2007-07-11 21:40:24 -------- d-----w D:\Program Files\Windows NT
2007-06-28 20:06:47 -------- d-----w D:\Program Files\Winamp
2007-06-26 21:18:48 -------- d-----w D:\Program Files\Shareaza
2007-06-23 08:31:23 964,797 --sh--w D:\WINDOWS\system32\fhjjl.bak1
2007-06-22 15:54:53 910,917 --sh--w D:\WINDOWS\system32\ddggh.ini2
2007-06-22 09:55:00 911,612 --sh--w D:\WINDOWS\system32\ddggh.bak1
2007-06-22 09:54:56 911,170 --sh--w D:\WINDOWS\system32\ddggh.bak2
2007-06-20 23:20:55 -------- d-----w D:\DOCUME~1\Adrian\DANEAP~1\Skype
2007-06-13 20:45:07 -------- d-----w D:\Program Files\Gadu-Gadu
2007-05-31 21:30:24 -------- d-----w D:\DOCUME~1\Adrian\DANEAP~1\ConvertTemp
2007-04-25 15:04:46 108,144 ----a-w D:\WINDOWS\system32\CmdLineExt.dll
2006-09-26 18:29:19 14 --sh--w D:\WINDOWS\mswtpdxp.dll
2006-09-26 18:29:38 21 --sh--w D:\WINDOWS\prwttrxp.dll
2006-10-15 20:39:45 88 --sh--r D:\WINDOWS\system32\33F97ACC58.sys
2006-09-26 18:29:19 21 --sh--w D:\WINDOWS\system32\dpwttaxp.dll
2006-10-15 20:39:51 3,766 --sha-w D:\WINDOWS\system32\KGyGaAvL.sys
2006-09-26 18:29:19 14 --sh--w D:\WINDOWS\system32\mswtpaxp.dll
2006-09-26 18:29:09 2 --sh--w D:\WINDOWS\system32\verwttxp.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
2007-03-29 16:31 394816 --a------ D:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-05-03 03:14 434279 --a------ D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-10-22 12:22 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 D:\WINDOWS\system32\nvmctray.dll]
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22]
"WMC_AutoUpdate"="" []
"nod32kui"="D:\Program Files\Eset\nod32kui.exe" [2007-07-13 00:33]
"WinDVR SchSvr"="D:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2005-02-17 00:03]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 D:\WINDOWS\soundman.exe]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-07-19 08:21]
"Kalendarz XP"="D:\Program Files\Kalendarz XP\Kalendarz.exe" [2007-02-11 00:10]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="D:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=0 (0x0)
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=1 (0x1)
"NoStrCmpLogical"=1 (0x1)
"NoClose"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=1 (0x1)
"NoSaveSettings"=0 (0x0)
"NoRecentDocsHistory"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"MemCheckBoxInRunDlg"=0 (0x0)
"NoClose"=0 (0x0)
"NoAutoTrayNotify"=0 (0x0)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoStartBanner"=01000000
"NoWelcomeScreen"=1 (0x1)
"NoRecentDocsNetHood"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoSharedDocuments"=1 (0x1)
"NoThemesTab"=0 (0x0)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d222be0-f326-11db-8d19-806d6172696f}]
AutoRun\command- I:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d7daa80-064b-11dc-af6e-001617433dc3}]
AutoRun\command- D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command- K:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf36dcf6-1114-11db-b338-00304f25d8fe}]
AutoRun\command- J:\AutoPlay.exe


**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-25 17:51:05
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-25 17:53:04 - machine was rebooted
D:\ComboFix-quarantined-files.txt ... 2007-07-25 17:52

--- E O F ---
  • 0

#164 Maciej13

Maciej13

    SecurityMaster

  • 261 postów

Napisano 31 07 2007 - 11:57

Pobierz narzędzie The Avenger.

Uruchom program w Trybie Awaryjnym i zaznacz opcję Input script manually. Następnie kliknij w "lupkę" po prawej stronie okna programu, a w okienku które Ci się otworzy wklej taki tekst:

Files to delete:

D:\WINDOWS\system32\mswtpaxp.dll
D:\WINDOWS\system32\verwttxp.dll
D:\WINDOWS\system32\dpwttaxp.dll
D:\WINDOWS\mswtpdxp.dll
D:\WINDOWS\prwttrxp.dll
D:\WINDOWS\system32\fhjjl.bak1
D:\WINDOWS\system32\ddggh.ini2
D:\WINDOWS\system32\ddggh.bak1
D:\WINDOWS\system32\ddggh.bak2

Kliknij klawisz Done, a następnie 'zielone światełko'. Na komunikat który się wyświetli odpowiadasz OK.

W Trybie Awaryjnym - Użyj VundoFix + FixVundo + VirtumundoBeGone.

Pokaż nowego loga z ComboFix + Raporty z tych 3 narzędzi.
  • 0

#165 AYANAMI

AYANAMI

    Początkujący

  • 16 postów

Napisano 13 08 2007 - 16:34

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:52, on 2007-08-13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wuauclt.exe
C:\Gadu-Gadu\gg.exe
D:\Angielski\ldsw.exe
D:\Documents and Settings\Łukasz\Pulpit\HiJackThis.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Gadu-Gadu\gg.exe" /tray
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D4F30CA-DB6F-420A-96F5-34B1E20DAF13}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe

--
End of file - 1264 bytes



z góry dziękuję :rolleyes:
  • 0

#166 Aman

Aman

    Windows 98/XP/Vista/Ubuntu

  • 955 postów

Napisano 14 08 2007 - 13:18

Straszenie krótki masz ten log, że nie ma co sprawdzać :rolleyes: Wszystko jest OK.
  • 0

#167 Maciej13

Maciej13

    SecurityMaster

  • 261 postów

Napisano 14 08 2007 - 23:30

Pokaż log z Silent Runners.
  • 0

#168 AYANAMI

AYANAMI

    Początkujący

  • 16 postów

Napisano 15 08 2007 - 19:19

Straszenie krótki masz ten log, że nie ma co sprawdzać :sciana: Wszystko jest OK.

krótki bo mój kolega po zrobieniu go zaznaczył wszystko i kliknął w fix checked



"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Gadu-Gadu" = ""C:\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"BearShare" = ""C:\Program Files\BearShare\BearShare.exe" /pause" ["Free Peers, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "D:\Program Files\Eset\nodshex.dll" [null data]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "D:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "D:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\Documents and Settings\Łukasz\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "D:\WINDOWS\System32\logon.scr" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
D:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 19
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "d:\program files\google\googletoolbar1.dll" [file not found]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! iAVS4 Control Service, aswUpdSv, ""D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
NOD32 Kernel Service, NOD32krn, ""D:\Program Files\Eset\nod32krn.exe"" ["Eset "]


---------- (launch time: 2007-08-15 19:17:40)
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 47 seconds.
---------- (total run time: 181 seconds)


  • 0

#169 yourqxxl

yourqxxl

    Nowy

  • 2 postów

Napisano 15 08 2007 - 22:31

Od jakiegoś czasu zauważyłem że komp mi strasznie muli, nie znam się i nic nie widzę patrząc w logi
Bardzo bym prosił żeby ktoś to przejrzał i może wskazał ewentualne przyczyny "mulenia"

Log z HiJack

Logfile of HijackThis v1.99.1
Scan saved at 22:06:34, on 2007-08-15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesDAEMON Toolsdaemon.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilescFosSpeedcFosSpeed.exe
C:Program FilesKaspersky LabKaspersky Internet Security 7.0avp.exe
C:Program FilesJavajre1.6.0_02binjusched.exe
C:Program FilesGadu-Gadugg.exe
C:Program FilesVoipDiscount.comVoipDiscountVoipDiscount.exe
C:Program FilesKaspersky LabKaspersky Internet Security 7.0avp.exe
C:PROGRA~1CACHEM~1CachemanXP.exe
C:Program FilescFosSpeedspd.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe
C:Program FilesNetLimiter 2 Pronlsvc.exe
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesRaxcoPerfectDiskPDAgent.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesRaxcoPerfectDiskPDEngine.exe
C:Program FilesKaspersky LabKaspersky Internet Security 7.0avp.exe
E:TEMPRar$EX00.671hijackthisHijackThis.exe
C:Program FilesMozilla Firefoxfirefox.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = I co się lipisz ?????
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O1 - Hosts: 89.149.200.219 l2authd.lineage2.com
O1 - Hosts: 89.149.200.219 l2testauthd.lineage2.com
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:Program FilesDAPdapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_02binssv.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [cFosSpeed] C:Program FilescFosSpeedcFosSpeed.exe
O4 - HKLM..Run: [AVP] "C:Program FilesKaspersky LabKaspersky Internet Security 7.0avp.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_02binjusched.exe"
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [AQQ] C:PROGRA~1WapSterAQQAQQ.exe
O4 - HKCU..Run: [VoipDiscount] "C:Program FilesVoipDiscount.comVoipDiscountVoipDiscount.exe" -nosplash -minimized
O4 - Startup: Cashfiesta.lnk = C:Program FilesCashfiestaFiestaBarCashfiesta.exe
O4 - Startup: Eurobarre.lnk = C:Program FilesEurobarreeb.exe
O8 - Extra context menu item: &Clean Traces - C:Program FilesDAPPrivacy Packagedapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:Program FilesDAPdapextie.htm
O8 - Extra context menu item: Dodaj do blokowanych banerów - C:Program FilesKaspersky LabKaspersky Internet Security 7.0ie_banner_deny.htm
O8 - Extra context menu item: Download &all with DAP - C:Program FilesDAPdapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:Program FilesKaspersky LabKaspersky Internet Security 7.0SCIEPlgn.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~1OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O20 - AppInit_DLLs: c:progra~1kasper~1kasper~2.0adialhk.dll, NVDESK32.DLL
O20 - Winlogon Notify: klogon - C:WINDOWSsystem32klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:Program FilesKaspersky LabKaspersky Internet Security 7.0avp.exe" -r (file missing)
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:PROGRA~1CACHEM~1CachemanXP.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:Program FilescFosSpeedspd.exe" -service (file missing)
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:Program FilesioloCommonLibioloDMVSvc.exe (file missing)
O23 - Service: MySql - Unknown owner - c:usr/MYSQL/bin/mysqld.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:Program FilesNetLimiter 2 Pronlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:Program FilesRaxcoPerfectDiskPDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:Program FilesRaxcoPerfectDiskPDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:Program FilesRaxcoPerfectDiskPDExchange.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: VCam_Serv - Unknown owner - C:Program FilesVideo Cam ServerVCamServer.exe

Log z Silent Runners

"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}
"Gadu-Gadu" = ""C:Program FilesGadu-Gadugg.exe" /tray" ["Gadu-Gadu S.A."]
"AQQ" = "C:PROGRA~1WapSterAQQAQQ.exe" [file not found]
"VoipDiscount" = ""C:Program FilesVoipDiscount.comVoipDiscountVoipDiscount.exe" -nosplash -minimized" ["VoipDiscount"]

HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}
"DAEMON Tools" = ""C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033" ["DT Soft Ltd."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"cFosSpeed" = "C:Program FilescFosSpeedcFosSpeed.exe" ["cFos Software GmbH"]
"AVP" = ""C:Program FilesKaspersky LabKaspersky Internet Security 7.0avp.exe"" ["Kaspersky Lab"]
"SunJavaUpdateSched" = ""C:Program FilesJavajre1.6.0_02binjusched.exe"" ["Sun Microsystems, Inc."]
"NvCplDaemon" = "RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit" [MS]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{0000CC75-ACF3-4cac-A0A9-DD3868E06852}(Default) = (no title provided)
-> {HKLM...CLSID} = "DAPHelper Class"
InProcServer32(Default) = "C:Program FilesDAPdapbho.dll" ["Speedbit Ltd."]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
InProcServer32(Default) = "C:Program FilesJavajre1.6.0_02binssv.dll" ["Sun Microsystems, Inc."]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
InProcServer32(Default) = "deskpan.dll" [file not found]
"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"
-> {HKLM...CLSID} = "IE Microsoft AutoComplete"
InProcServer32(Default) = "C:WINDOWSsystem32browseui.dll" [MS]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
InProcServer32(Default) = "C:WINDOWSsystem32shdocvw.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]
"{A4D78B20-6E05-1069-8758-4E73FD83DEAD}" = "QCopy"
-> {HKLM...CLSID} = "QCopy"
InProcServer32(Default) = "dropcpyr.dll" [null data]
"{0561EC90-CE54-4f0c-9C55-E226110A740C}" = "Haali Column Provider"
-> {HKLM...CLSID} = "Haali Column Provider"
InProcServer32(Default) = "C:Program FilesCombined Community Codec PackFiltersHaalimmfinfo.dll" [null data]
"{5574006C-28F5-4a65-A28C-74DE6BFBE0BB}" = "Haali Matroska Shell Property Page"
-> {HKLM...CLSID} = "Haali Matroska Shell Property Page"
InProcServer32(Default) = "C:Program FilesCombined Community Codec PackFiltersHaalimmfinfo.dll" [null data]
"{327669A0-59A7-4be9-B99E-1C9F3A57611A}" = "Haali Matroska Thumbnail Exctractor"
-> {HKLM...CLSID} = "Haali Matroska Thumbnail Extractor"
InProcServer32(Default) = "C:Program FilesCombined Community Codec PackFiltersHaalimmfinfo.dll" [null data]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
InProcServer32(Default) = "C:PROGRA~1MICROS~1OFFICE11MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
InProcServer32(Default) = "C:PROGRA~1MICROS~1OFFICE11OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:Program FilesMicrosoft OfficeOFFICE11msohev.dll" [MS]
"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "Uchwyt nakładania ikony podpisu cyfrowego"
-> {HKLM...CLSID} = "AcSignIcon"
InProcServer32(Default) = "C:WINDOWSsystem32AcSignIcon.dll" ["Autodesk"]
"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview"
-> {HKLM...CLSID} = "ACTHUMBNAIL"
InProcServer32(Default) = "C:Program FilesCommon FilesAutodesk SharedThumbnailAcThumbnail16.dll" ["Autodesk"]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
-> {HKLM...CLSID} = "UnlockerShellExtension"
InProcServer32(Default) = "C:Program FilesUnlockerUnlockerCOM.dll" [null data]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki dla ochrony WWW"
-> {HKLM...CLSID} = "Statystyki dla ochrony WWW"
InProcServer32(Default) = "C:Program FilesKaspersky LabKaspersky Internet Security 7.0SCIEPlgn.dll" ["Kaspersky Lab"]
"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"
-> {HKLM...CLSID} = "TuneUp Theme Extension"
InProcServer32(Default) = "C:WINDOWSsystem32uxtuneup.dll" ["TuneUp Software GmbH"]
"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
InProcServer32(Default) = "C:PROGRA~1TUNEUP~1SDShelEx-win32.dll" ["TuneUp Software GmbH"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
InProcServer32(Default) = "C:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
InProcServer32(Default) = "C:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]
"{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}" = "AQQ File Transfer Shell Extension"
-> {HKLM...CLSID} = "AQQ File Transfer Shell Extension"
InProcServer32(Default) = "C:PROGRA~1WapSterAQQSystemAQQSHE~1.DLL" [file not found]

HKLMSoftwareMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
InProcServer32(Default) = "C:WINDOWSsystem32WPDShServiceObj.dll" [MS]

HKLMSoftwareMicrosoftWindows NTCurrentVersionWindows
<<!>> "AppInit_DLLs" = "c:progra~1kasper~1kasper~2.0adialhk.dll, NVDESK32.DLL" [file not found]

HKLMSystemCurrentControlSetControlSession Manager
<<!>> "BootExecute" = "PDBoot.exe" ["Raxco Software, Inc."]|"autocheck autochk *"|"OODBS" [file not found]

HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify
<<!>> klogonDLLName = "C:WINDOWSsystem32klogon.dll" ["Kaspersky Lab"]

HKLMSoftwareClassesPROTOCOLSFilter
<<!>> text/xmlCLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:Program FilesCommon FilesMicrosoft SharedOFFICE11MSOXMLMF.DLL" [MS]

HKLMSoftwareClassesFoldershellexColumnHandlers
{0561EC90-CE54-4f0c-9C55-E226110A740C}(Default) = "Haali Column Provider"
-> {HKLM...CLSID} = "Haali Column Provider"
InProcServer32(Default) = "C:Program FilesCombined Community Codec PackFiltersHaalimmfinfo.dll" [null data]

HKLMSoftwareClasses*shellexContextMenuHandlers
AQQFileTransfer(Default) = "{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}"
-> {HKLM...CLSID} = "AQQ File Transfer Shell Extension"
InProcServer32(Default) = "C:PROGRA~1WapSterAQQSystemAQQSHE~1.DLL" [file not found]
DAP_ShredMenu(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"
-> {HKLM...CLSID} = "DAPMenuShellExt Class"
InProcServer32(Default) = "C:PROGRA~1DAPPRIVAC~1DAPCTX~1.DLL" ["Speedbit Ltd."]
Kaspersky Anti-Virus(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:Program FilesKaspersky LabKaspersky Internet Security 7.0ShellEx.dll" ["Kaspersky Lab"]
TuneUp Shredder Shell Extension(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
InProcServer32(Default) = "C:PROGRA~1TUNEUP~1SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]

HKLMSoftwareClassesDirectoryshellexContextMenuHandlers
DAP_ShredMenu(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"
-> {HKLM...CLSID} = "DAPMenuShellExt Class"
InProcServer32(Default) = "C:PROGRA~1DAPPRIVAC~1DAPCTX~1.DLL" ["Speedbit Ltd."]
TuneUp Shredder Shell Extension(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
InProcServer32(Default) = "C:PROGRA~1TUNEUP~1SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]

HKLMSoftwareClassesFoldershellexContextMenuHandlers
FineReader8(Default) = "{F7091C74-EBB1-49D7-94C7-FE4886CCC18D}"
-> {HKLM...CLSID} = "FineReader8ExplorerContextMenuHandler"
InProcServer32(Default) = "C:Program FilesABBYY FineReader 8.0 Professional EditionFECMenu.dll" ["ABBYY Software"]
Kaspersky Anti-Virus(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:Program FilesKaspersky LabKaspersky Internet Security 7.0ShellEx.dll" ["Kaspersky Lab"]
UnlockerShellExtension(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
InProcServer32(Default) = "C:Program FilesUnlockerUnlockerCOM.dll" [null data]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]

HKLMSoftwareClassesAllFilesystemObjectsshellexContextMenuHandlers
UnlockerShellExtension(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
InProcServer32(Default) = "C:Program FilesUnlockerUnlockerCOM.dll" [null data]


Default executables:
--------------------

HKCUSoftwareClasses.scr(Default) = "AutoCADScriptFile"
<<!>> HKCUSoftwareClassesAutoCADScriptFileshellopencommand(Default) = ""C:WINDOWSsystem32NOTEPAD.EXE" "%1"" [MS]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer

"NoSMHelp" = (REG_DWORD) hex:0x00000001
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove Help menu from Start Menu}

"NoSharedDocuments" = (REG_DWORD) hex:0x00000001
{User Configuration|Administrative Templates|Windows Components|Windows Explorer|
Remove Shared Documents from My Computer}

"ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoRecentDocsMenu" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoRecentDocsHistory" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoWindowsUpdate" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove links and access to Windows Update}

"NoResolveTrack" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"LinkResolveIgnoreLinkInfo " = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoInstrumentation" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoSMMyDocs" = (REG_DWORD) hex:0x00000001
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove Documents menu from Start Menu}

"NoSMConfigurePrograms" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoDesktopCleanupWizard" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer

"NoDesktopCleanupWizard" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"ForceClassicControlPanel" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

"DisableTaskMgr" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|Ctrl+Alt+Del Options|
Remove Task Manager}

HKCUSoftwarePoliciesMicrosoftInternet ExplorerInfodeliveryRestrictions

"NoSearchBox" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"DisableStatusMessages" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"VerboseStatus" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) hex:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral
"Wallpaper" = "C:WINDOWSsystem32configsystemprofileUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCUControl PanelDesktop
"Wallpaper" = "C:Documents and SettingsAdministratorUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCUControl PanelDesktop
"SCRNSAVE.EXE" = "C:WINDOWSsystem32logon.scr" [MS]


Startup items in "Administrator" & "All Users" startup folders:
---------------------------------------------------------------

C:Documents and SettingsAdministratorMenu StartProgramyAutostart
"Cashfiesta" -> shortcut to: "C:Program FilesCashfiestaFiestaBarCashfiesta.exe /autorun" ["Cashfiesta.com"]
"Eurobarre" -> shortcut to: "C:Program FilesEurobarreeb.exe" [null data]


Enabled Scheduled Tasks:
------------------------

"1-Click Maintenance" -> launches: "C:Program FilesTuneUp Utilities 2007SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Ca
alog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

Transport Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Cat
log_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 12
%SystemRoot%system32rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLMSoftwareMicrosoftInternet ExplorerExplorer Bars

HKLMSoftwareClassesCLSID{85E0B171-04FA-11D1-B7DA-00A0C90348D6}(Default) = "Statystyki dla ochrony WWW"
Implemented Categories{00021493-0000-0000-C000-000000000046} [vertical bar]
InProcServer32(Default) = "C:Program FilesKaspersky LabKaspersky Internet Security 7.0SCIEPlgn.dll" ["Kaspersky Lab"]

HKLMSoftwareClassesCLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = "&Badanie"
Implemented Categories{00021493-0000-0000-C000-000000000046} [vertical bar]
InProcServer32(Default) = "C:PROGRA~1MICROS~1OFFICE11REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLMSoftwareMicrosoftInternet ExplorerExtensions
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_02"
InProcServer32(Default) = "C:Program FilesJavajre1.6.0_02binssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_02"
InProcServer32(Default) = "C:Program FilesJavajre1.6.0_02binnpjpi160_02.dll" ["Sun Microsystems, Inc."]

{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}
"ButtonText" = "Statystyki dla ochrony WWW"

{92780B25-18CC-41C8-B9BE-3C9C571A8263}
"ButtonText" = "Badanie"

{E2E2DD38-D088-4134-82B7-F2BA38496583}
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%Network Diagnosticxpnetdiag.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

HKLMSoftwareMicrosoftInternet ExplorerAboutURLs
<<H>> "TuneUp" = "file://C|/Documents and Settings/All Users/Dane aplikacji/TuneUp Software/Common/base.css" [file not found]


HOSTS file
----------

C:WINDOWSSystem32driversetcHOSTS

maps: 2 domain names to IP addresses,
2 of the IP addresses are *not* localhost!


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

CachemanXP, CachemanXPService, "C:PROGRA~1CACHEM~1CachemanXP.exe" ["Outertech"]
cFosSpeed System Service, cFosSpeedS, ""C:Program FilescFosSpeedspd.exe" -service" ["cFos Software GmbH"]
Kaspersky Internet Security 7.0, AVP, ""C:Program FilesKaspersky LabKaspersky Internet Security 7.0avp.exe" -r" ["Kaspersky Lab"]
Machine Debug Manager, MDM, ""C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe"" [MS]
NetLimiter, nlsvc, ""C:Program FilesNetLimiter 2 Pronlsvc.exe"" ["Locktime Software"]
NVIDIA Display Driver Service, NVSvc, "C:WINDOWSsystem32nvsvc32.exe" ["NVIDIA Corporation"]
PDAgent, PDAgent, ""C:Program FilesRaxcoPerfectDiskPDAgent.exe"" ["Raxco Software, Inc."]
PDEngine, PDEngine, ""C:Program FilesRaxcoPerfectDiskPDEngine.exe"" ["Raxco Software, Inc."]
Pml Driver HPZ12, Pml Driver HPZ12, "C:WINDOWSsystem32HPZipm12.exe" ["HP"]
TuneUp Design Expansion, UxTuneUp, "C:WINDOWSSystem32svchost.exe -k netsvcs" {"C:WINDOWSSystem32uxtuneup.dll" ["TuneUp Software GmbH"]}


Print Monitors:
---------------

HKLMSystemCurrentControlSetControlPrintMonitors
BJ Language MonitorDriver = "cnbjmon.dll" [file not found]
LIDIL hpzll054Driver = "hpzll054.dll" ["Hewlett-Packard Company"]
Microsoft Document Imaging Writer MonitorDriver = "mdimon.dll" [MS]
PJL Language MonitorDriver = "pjlmon.dll" [file not found]


---------- (launch time: 2007-08-15 22:24:03)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 84 seconds.
---------- (total run time: 156 seconds)

Log z Combofix

ComboFix 07-08-14.4 - "Administrator" 2007-08-15 22:31:03.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.562 [GMT 2:00]


((((((((((((((((((((((((( Files Created from 2007-07-15 to 2007-08-15 )))))))))))))))))))))))))))))))


2007-08-15 22:28 51,200 --a------ C:WINDOWSnircmd.exe
2007-08-15 18:29 434,688 --a------ C:WINDOWSsystem32ss2uinst.exe
2007-08-15 18:29 <DIR> d-------- C:Program FilesVideo Cam Server
2007-08-14 19:25 <DIR> d-------- C:Program FilesWapSter
2007-08-14 19:25 <DIR> d-------- C:DOCUME~1ADMINI~1WapSter
2007-08-14 08:32 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1nView_Profiles
2007-08-14 08:29 <DIR> d-------- C:Program FilesGeForceTweakUtility
2007-08-14 08:22 851,968 --a------ C:WINDOWSsystem32nvdspsch.exe
2007-08-14 08:22 782,336 --a------ C:WINDOWSsystem32nwiz.exe
2007-08-14 08:22 454,656 --a------ C:WINDOWSsystem32nvshell.dll
2007-08-14 08:22 401,408 --a------ C:WINDOWSsystem32nvappbar.exe
2007-08-14 08:22 315,392 --a------ C:WINDOWSsystem32keystone.exe
2007-08-14 08:22 1,335,296 --a------ C:WINDOWSsystem32nview.dll
2007-08-14 08:22 1,019,904 --a------ C:WINDOWSsystem32nvwimg.dll
2007-08-14 08:22 <DIR> d-------- C:WINDOWSnview
2007-08-14 08:18 208,896 --a------ C:WINDOWSsystem32nvusmb.exe
2007-08-14 08:18 208,896 --a------ C:WINDOWSsystem32nvumctl.exe
2007-08-14 08:18 208,896 --a------ C:WINDOWSsystem32nvugart.exe
2007-08-14 08:17 35,840 --a------ C:WINDOWSsystem32NVCOI.DLL
2007-08-14 08:17 32,256 --a------ C:WINDOWSsystem32NVCOG.DLL
2007-08-14 08:17 21,760 --a------ C:WINDOWSsystem32driversnv_agp.SYS
2007-08-14 08:17 <DIR> d-------- C:Nvidia
2007-08-14 08:03 <DIR> d-------- C:Program FilesPlanet NVIDIA
2007-08-13 16:28 664 --a------ C:WINDOWSsystem32d3d9caps.dat
2007-08-13 16:17 <DIR> d-------- C:Program FilesNVTweak
2007-08-13 16:16 <DIR> d-------- C:Program FilesaTuner
2007-08-13 16:04 46,080 --a------ C:WINDOWSsystem32nvmctray.dll
2007-08-13 16:04 4,874,240 --a------ C:WINDOWSsystem32nvoglnt.dll
2007-08-13 16:04 4,820,992 --a------ C:WINDOWSsystem32nvcpl.dll
2007-08-13 16:04 4,274,560 --a------ C:WINDOWSsystem32nv4_disp.dll
2007-08-13 16:04 36,864 --a------ C:WINDOWSsystem32nvwddi.dll
2007-08-13 16:04 32,256 --a------ C:WINDOWSsystem32nvcodins.dll
2007-08-13 16:04 32,256 --a------ C:WINDOWSsystem32nvcod.dll
2007-08-13 16:04 241,664 --a------ C:WINDOWSsystem32nvnt4cpl.dll
2007-08-13 16:04 131,072 --a------ C:WINDOWSsystem32nvinstnt.dll
2007-08-13 16:04 110,659 --a------ C:WINDOWSsystem32nvsvc32.exe
2007-08-13 16:04 1,895,648 --a------ C:WINDOWSsystem32driversnv4_mini.sys
2007-08-13 16:04 1,617,920 --a------ C:WINDOWSsystem32nvwdmcpl.dll
2007-08-13 16:02 <DIR> d-------- C:Program FilesDriver Cleaner Pro
2007-08-12 15:31 2,323,200 --a------ C:WINDOWSsystem32TUKernel.exe
2007-08-12 15:17 24,072 --a------ C:WINDOWSsystem32uxtuneup.dll
2007-08-12 14:55 <DIR> d-------- C:Program FilesCell Phone Manager
2007-08-11 18:20 <DIR> d-------- C:Program FilesAntenna
2007-08-11 16:58 <DIR> d-------- C:DOCUME~1ADMINI~1DANEAP~1Cashfiesta
2007-08-11 16:57 <DIR> d-------- C:Program FilesCashfiesta
2007-08-11 07:27 <DIR> d-------- C:Program FilesNvu
2007-08-11 07:27 <DIR> d-------- C:DOCUME~1ADMINI~1DANEAP~1Nvu
2007-08-03 17:45 722,192 --a------ C:WINDOWSsystem32VB40032.DLL
2007-08-03 17:45 60,416 --a------ C:WINDOWSST4UNST.EXE
2007-08-02 22:27 82,258 --a------ C:WINDOWSsystem32driversklin.dat
2007-08-02 22:27 82,258 --a------ C:WINDOWSsystem32driversklick.dat
2007-08-02 22:27 292,128 --ahs---- C:WINDOWSsystem32driversfidbox.dat
2007-08-02 22:27 20,256 --ahs---- C:WINDOWSsystem32driversfidbox2.dat
2007-08-01 01:15 <DIR> d-------- C:Program FilesHero Editor
2007-07-31 07:45 43,520 --a------ C:WINDOWSsystem32CmdLineExt03.dll
2007-07-31 07:25 29,685 --a------ C:WINDOWSDIIUnin.dat
2007-07-31 07:25 2,829 --a------ C:WINDOWSDIIUnin.pif
2007-07-31 07:25 106,496 --a------ C:WINDOWSDIIUnin.exe
2007-07-30 09:21 307,200 --a------ C:WINDOWSIsUn0415.exe
2007-07-29 20:00 <DIR> d-------- C:Program FilesGene6 FTP Server
2007-07-29 18:47 13,824 --a------ C:WINDOWS_g6uninst.exe
2007-07-29 18:47 <DIR> d-------- C:Program FilesG6 FTP Server
2007-07-29 18:36 15,872 --a------ C:WINDOWSsystem32driversvd_filedisk.sys
2007-07-29 18:36 <DIR> d-------- C:DOCUME~1ADMINI~1DANEAP~1HEXelon
2007-07-29 18:34 <DIR> d-------- C:Program FilesTC UP
2007-07-29 18:15 <DIR> d-------- C:Program FilesBPFTP Server
2007-07-29 17:51 <DIR> d-------- C:usr
2007-07-29 17:07 <DIR> d-------- C:Program FilesCesarFTP
2007-07-27 16:55 81,768 --a------ C:WINDOWSsystem32xinput1_3.dll
2007-07-27 16:55 62,744 --a------ C:WINDOWSsystem32xinput1_2.dll
2007-07-27 16:55 443,752 --a------ C:WINDOWSsystem32d3dx10_34.dll
2007-07-27 16:55 443,752 --a------ C:WINDOWSsystem32d3dx10_33.dll
2007-07-27 16:55 3,497,832 --a------ C:WINDOWSsystem32d3dx9_34.dll
2007-07-27 16:55 3,495,784 --a------ C:WINDOWSsystem32d3dx9_33.dll
2007-07-27 16:55 3,426,072 --a------ C:WINDOWSsystem32d3dx9_32.dll
2007-07-27 16:55 266,088 --a------ C:WINDOWSsystem32xactengine2_8.dll
2007-07-27 16:55 261,480 --a------ C:WINDOWSsystem32xactengine2_7.dll
2007-07-27 16:55 255,848 --a------ C:WINDOWSsystem32xactengine2_6.dll
2007-07-27 16:55 251,672 --a------ C:WINDOWSsystem32xactengine2_5.dll
2007-07-27 16:55 237,848 --a------ C:WINDOWSsystem32xactengine2_4.dll
2007-07-27 16:55 236,824 --a------ C:WINDOWSsystem32xactengine2_3.dll
2007-07-27 16:55 2,414,360 --a------ C:WINDOWSsystem32d3dx9_31.dll
2007-07-27 16:55 2,297,552 --a------ C:WINDOWSsystem32d3dx9_26.dll
2007-07-27 16:55 18,280 --a------ C:WINDOWSsystem32x3daudio1_2.dll
2007-07-27 16:55 15,128 --a------ C:WINDOWSsystem32x3daudio1_1.dll
2007-07-27 16:55 1,124,720 --a------ C:WINDOWSsystem32D3DCompiler_34.dll
2007-07-27 16:55 1,123,696 --a------ C:WINDOWSsystem32D3DCompiler_33.dll
2007-07-27 13:56 <DIR> d-------- C:Program FilesTransDeu3
2007-07-26 21:56 <DIR> d-------- C:Program FilesCommon FilesAnimeVamp
2007-07-26 11:47 <DIR> d-------- C:Program FilesGoldBarre
2007-07-24 01:57 <DIR> d-------- C:Program FilesTlen.pl
2007-07-24 01:57 <DIR> d-------- C:DOCUME~1ADMINI~1DANEAP~1Tlen.pl
2007-07-23 21:47 <DIR> d-------- C:Program Filesivo
2007-07-21 09:08 0 --a------ C:WINDOWSsystem32dummy.dat
2007-07-21 09:08 <DIR> d-------- C:Program FilesAGLOCO Viewbar
2007-07-20 16:26 <DIR> d-------- C:Program FilesInternet Player
2007-07-18 10:43 256 --a------ C:WINDOWSsystem32CablexDSL.dat
2007-07-18 10:43 <DIR> d-------- C:Program FilesCable & ADSL Optimizer
2007-07-17 23:11 83,968 --a------ C:WINDOWSsystem32Skbase40.dll
2007-07-17 23:11 8,704 --a------ C:WINDOWSsystem32vidccleaner.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-15 21:57 4964 --ahs---- C:WINDOWSsystem32driversfidbox.idx
2007-08-15 21:57 2948 --ahs---- C:WINDOWSsystem32driversfidbox2.idx
2007-08-01 01:16 73216 --a------ C:WINDOWSST6UNST.EXE
2007-08-01 01:16 249856 --------- C:WINDOWSSetup1.exe
2007-07-30 08:58 359808 --a------ C:WINDOWSsystem32driverstcpip.sys
2007-07-30 08:58 359808 --a------ C:WINDOWSsystem32dllcachetcpip.sys
2007-07-27 13:55 163644 --a------ C:WINDOWSsystem32driverssecdrv.sys
2007-07-07 23:27 --------- d-------- C:Program FilesSubEdit-Player
2007-07-06 20:02 234 --a------ C:WINDOWSsystem32vorbisenc.dll
2007-07-06 20:02 234 --a------ C:WINDOWSsystem32vorbis.dll
2007-07-06 20:02 234 --a------ C:WINDOWSsystem32OggDS.dll
2007-07-06 20:02 234 --a------ C:WINDOWSsystem32ogg.dll
2007-07-06 02:05 --------- d-------- C:Program FilesAV Vcs 5.5 DIAMOND
2007-06-29 10:21 --------- d-------- C:Program FilescFosSpeed
2007-06-28 12:51 206088 --a------ C:WINDOWSsystem32klogon.dll
2007-06-28 12:50 22457 --a------ C:WINDOWSsystem32driversklop.dat
2007-06-27 16:56 --------- d-------- C:Program FilesVS Online
2007-06-24 02:12 --------- d-------- C:Program FilesSerials 2005
2007-06-22 23:32 --------- d-------- C:Program FilesSoftBusters
2007-05-31 11:35 6656 --a------ C:WINDOWSsystem32haspvdd.dll
2007-05-31 11:35 383 --a------ C:WINDOWSsystem32haspdos.sys
2007-05-29 12:43 967 --a------ C:WINDOWSScUnin.pif
2007-05-29 12:43 70656 --a------ C:WINDOWSScUnin.exe
2007-05-24 19:24 10298 --a------ C:WINDOWSservdll
2007-05-24 07:40 227856 --a------ C:WINDOWSsystem32PDBoot.exe
2007-05-22 21:14 720896 --a------ C:WINDOWSiun6002.exe
2007-05-16 17:19 85504 --------- C:WINDOWSsystem32dllcachewabimp.dll
2007-05-16 17:19 510976 --------- C:WINDOWSsystem32dllcachewab32.dll
2007-05-16 17:19 1314816 --------- C:WINDOWSsystem32dllcachemsoe.dll
2007-05-16 17:18 86528 --------- C:WINDOWSsystem32dllcachedirectdb.dll
2007-05-16 17:18 683520 --a------ C:WINDOWSsystem32inetcomm.dll
2007-05-16 17:18 683520 --------- C:WINDOWSsystem32dllcacheinetcomm.dll
2007-04-03 13:12 27819 --a------ C:Program FilesINSTALL.LOG
2004-09-28 03:00 26240 --a------ C:WINDOWSinfRAMDSK.SYS


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"DAEMON Tools"="C:Program FilesDAEMON Toolsdaemon.exe" [2007-04-04 00:29]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 C:WINDOWSsoundman.exe]
"cFosSpeed"="C:Program FilescFosSpeedcFosSpeed.exe" [2007-03-15 18:59]
"AVP"="C:Program FilesKaspersky LabKaspersky Internet Security 7.0avp.exe" [2007-06-28 12:51]
"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_02binjusched.exe" [2007-07-12 04:00]
"NvCplDaemon"="C:WINDOWSsystem32NvCpl.dll" [2004-04-04 13:30]
"nwiz"="nwiz.exe" [2004-03-24 10:04 C:WINDOWSsystem32nwiz.exe]
"NvMediaCenter"="C:WINDOWSsystem32NvMcTray.dll" [2004-03-24 10:04]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"Gadu-Gadu"="C:Program FilesGadu-Gadugg.exe" [2007-07-18 17:31]
"AQQ"="C:PROGRA~1WapSterAQQAQQ.exe" []
"VoipDiscount"="C:Program FilesVoipDiscount.comVoipDiscountVoipDiscount.exe" [2007-05-31 16:22]

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrunonce]
"nlsf"=cmd.exe /C move /Y "%SystemRoot%System32syssetub.dll" "%SystemRoot%System32syssetup.dll"

C:Documents and SettingsAdministratorMenu StartProgramyAutostart
Cashfiesta.lnk - C:Program FilesCashfiestaFiestaBarCashfiesta.exe [2007-06-01 22:07:56]
Eurobarre.lnk - C:Program FilesEurobarreeb.exe [2007-07-15 10:51:08]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"DisableStatusMessages"=0 (0x0)
"RunStartupScriptSync"=0 (0x0)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
"NoDesktopCleanupWizard"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
"NoSMHelp"=1 (0x1)
"NoSharedDocuments"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"NoInstrumentation"=1 (0x1)
"NoSMMyDocs"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer

"NoSMHelp"=1 (0x1)
"NoSharedDocuments"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoWindowsUpdate"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"NoInstrumentation"=1 (0x1)
"NoSMMyDocs"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
"appinit_dlls"=c:progra~1kasper~1kasper~2.0adialhk.dll, NVDESK32.DLL

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Kalendarz XP.lnk]
path=C:Documents and SettingsAll UsersMenu StartProgramyAutostartKalendarz XP.lnk
backup=C:WINDOWSpssKalendarz XP.lnkCommon Startup


[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]
"ctfmon.exe"=ctfmon.exe
"VoipDiscount"="C:Program FilesVoipDiscount.comVoipDiscountVoipDiscount.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
"NvMediaCenter"=RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
"HP Software Update"=C:Program FilesHPHP Software UpdateHPWuSchd2.exe
"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_01binjusched.exe"
"NvCplDaemon"=RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
"CablexDSL"=C:Program FilesCable & ADSL OptimizerCablexDSL.exe -C
"Viewbar"=C:Program FilesAGLOCO ViewbarViewbar.exe
"Resume copy"=copyfstq.exe /startup

R1 LUMDriver;LUMDriver;??C:WINDOWSsystem32driversLUMDriver.sys
R1 nltdi;nltdi;??C:WINDOWSsystem32driversnltdi.sys
R1 VD_FileDisk;VD_FileDisk;C:WINDOWSsystem32driversVD_FileDisk.sys
R2 CachemanXPService;CachemanXP;C:PROGRA~1CACHEM~1CachemanXP.exe
R2 UxTuneUp;TuneUp Design Expansion;C:WINDOWSSystem32svchost.exe -k netsvcs
R3 amdtools;AMD Special Tools Driver;C:WINDOWSsystem32DRIVERSAmdTools.sys
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:WINDOWSsystem32DRIVERSklim5.sys
S2 VCam_Serv;VCam_Serv;C:Program FilesVideo Cam ServerVCamServer.exe
S3 actser;actser;C:WINDOWSsystem32driversactser.sys
S3 AMDPCI;AMDPCI;??C:DOCUME~1ADMINI~1USTAWI~1TempAMDPCI.sys
S3 cglptnt;cglptnt;??C:Program FilesTC UPcglptnt.sys
S3 KS-959;MA-620 USB Infrared Adapter;C:WINDOWSsystem32DRIVERSKS-959.sys
S3 PDExchange;PDExchange;"C:Program FilesRaxcoPerfectDiskPDExchange.exe"
S3 RivaTuner32;RivaTuner32;??C:Program FilesRivaTuner v2.0 Final ReleaseRivaTuner32.sys
S3 siusbmod;siusbmod;C:WINDOWSsystem32DRIVERSsiusbmod.sys
S3 usbscan;Sterownik skanera USB;C:WINDOWSsystem32DRIVERSusbscan.sys
S3 USBSTOR;Sterownik magazynu masowego USB;C:WINDOWSsystem32DRIVERSUSBSTOR.SYS
S3 vsbus;Virtual Serial Bus Enumerator;C:WINDOWSsystem32DRIVERSvsb.sys
S3 vserial;ELTIMA Virtual Serial Ports Driver;C:WINDOWSsystem32DRIVERSvserial.sys

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
LocalService LmHosts SSDPSRV
DcomLaunch DcomLaunch

HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchost - NetSvcs
UxTuneUp

*Newly Created Service* - VCAM_SERV

Contents of the 'Scheduled Tasks' folder
2007-08-10 15:15:02 C:WINDOWSTasks1-Click Maintenance.job - C:Program FilesTuneUp Utilities 2007SystemOptimizer.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-15 22:32:55
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-15 22:34:11

--- E O F ---


Echhh 3 dni i 0 odpowiedzi :sciana:
Wielkie dzięki Dołączona grafika
  • 0

#170 Maciej13

Maciej13

    SecurityMaster

  • 261 postów

Napisano 18 08 2007 - 23:05

krótki bo mój kolega po zrobieniu go zaznaczył wszystko i kliknął w fix checked


Pogratuluj koledze pomysłowości...

Log jest czysty.

Pokaż log z ComboFix.
  • 0

#171 Maciej13

Maciej13

    SecurityMaster

  • 261 postów

Napisano 18 08 2007 - 23:20 

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = I co się lipisz ?????

Twoja robota?

O1 - Hosts: 89.149.200.219 l2authd.lineage2.com
O1 - Hosts: 89.149.200.219 l2testauthd.lineage2.com

Sam dodawałeś te adresy do pliku Hosts?

Czy znasz aplikacje Video Cam Server? 

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

Fix w Hjt.

O4 - Startup: Cashfiesta.lnk = C:Program Files\CashfiestaFiestaBar\Cashfiesta.exe
O4 - Startup: Eurobarre.lnk = C:Program Files\Eurobarreeb.exe


Folder oraz plik na czerwono usuń w Trybie Awaryjnym z wyłączonym przywracaniem systemu, a wpisy zafixuj w Hjt.

Po pracy pokaż nowe logi, lecz jeśli mógłbyś to wrzuć je na - http://wklej.org

  • 0

#172 AYANAMI

AYANAMI

    Początkujący

  • 16 postów

Napisano 19 08 2007 - 01:59

nie mam pojęcia jak on wpadł na taki pomysł...cóż...

padł mu jednak komp zupełnie i musiał postawić system na nowo :P

Maćku bardzo Ci dziękuje za sprawdzenie :sciana:

  • 0

#173 waglik

waglik

    Nowy

  • 1 postów

Napisano 19 08 2007 - 15:45

Prosze o zanalizowanie loga. System zacina sie przy wlaczeniu przegladarki internetowej.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:44:50, on 2007-08-19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {14D1A72D-8705-11D8-B120-000000000000} - (no file)
O2 - BHO: (no name) - {36645342-9475-2663-166A-466739207346} - C:\WINDOWS\system32\ipv6mops.dll (file missing)
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\system32\ipv6monr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Intense Registry Service] IntEdReg.exe /CHECK
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AB28F44-CFB3-4885-B77B-B678EC70C0A6}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  • 0

#174 Maciej13

Maciej13

    SecurityMaster

  • 261 postów

Napisano 23 08 2007 - 01:07

Użyj SmitFraudFix z opcji 2 w Trybie Awaryjnym.

Po pracy pokaż nowe logi z: Hijack This + Silent Runners + ComboFix.
  • 0

#175 puellanigra

puellanigra

    Nowy

  • 1 postów

Napisano 23 08 2007 - 15:49

Logfile of HijackThis v1.99.1
Scan saved at 15:06:44, on 2007-08-23
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:/WINDOWS/System32/smss.exe
C:/WINDOWS/system32/winlogon.exe
C:/WINDOWS/system32/services.exe
C:/WINDOWS/system32/lsass.exe
C:/WINDOWS/System32/Ati2evxx.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/Program Files/Alwil Software/Avast4/aswUpdSv.exe
C:/Program Files/Alwil Software/Avast4/ashServ.exe
C:/WINDOWS/system32/spoolsv.exe
C:/Program Files/Comodo/CBOClean/BOCORE.exe
C:/Program Files/Comodo/Firewall/cmdagent.exe
C:/WINDOWS/System32/svchost.exe
C:/Program Files/Alwil Software/Avast4/ashWebSv.exe
C:/WINDOWS/system32/Ati2evxx.exe
C:/WINDOWS/Explorer.EXE
C:/WINDOWS/htpatch.exe
C:/PROGRA~1/ALWILS~1/Avast4/ashDisp.exe
C:/WINDOWS/system32/qttask.exe
C:/Program Files/HP/HP Software Update/HPWuSchd2.exe
C:/Program Files/Comodo/Firewall/CPF.exe
C:/Program Files/Gadu-Gadu/gg.exe
C:/Program Files/Spybot - Search & Destroy/TeaTimer.exe
C:/Program Files/HP/Digital Imaging/bin/hpqtra08.exe
C:/Program Files/PLANET WL-8314/WLANMON.exe
C:/Program Files/HP/Digital Imaging/bin/hpqSTE08.exe
C:/Program Files/Mozilla Firefox/firefox.exe
C:/Documents and Settings/aneta/Pulpit/hijackthis/HijackThis.exe
C:/Program Files/HP/HP Software Update/HPWUCli.exe

R1 - HKCU/Software/Microsoft/Internet Connection Wizard,ShellNext = [clk.tradedoubler.com/click?p=49053&a=1124615&g=16374836&pools=127015]
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:/Program Files/Common Files/Adobe/Acrobat/ActiveX/AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:/PROGRA~1/SPYBOT~1/SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:/Program Files/Java/jre1.5.0_06/bin/ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINDOWS/System32/msdxm.ocx
O4 - HKLM/../Run: [HTpatch] C:/WINDOWS/htpatch.exe
O4 - HKLM/../Run: [SiSUSBRG] C:/WINDOWS/SiSUSBrg.exe
O4 - HKLM/../Run: [avast!] C:/PROGRA~1/ALWILS~1/Avast4/ashDisp.exe
O4 - HKLM/../Run: [QuickTime Task] "C:/WINDOWS/system32/qttask.exe" -atboottime
O4 - HKLM/../Run: [HP Software Update] C:/Program Files/HP/HP Software Update/HPWuSchd2.exe
O4 - HKLM/../Run: [BOC-425] C:/PROGRA~1/Comodo/CBOClean/BOC425.exe
O4 - HKLM/../Run: [COMODO Firewall Pro] "C:/Program Files/Comodo/Firewall/CPF.exe" /background
O4 - HKCU/../Run: [Gadu-Gadu] "C:/Program Files/Gadu-Gadu/gg.exe" /tray
O4 - HKCU/../Run: [SpybotSD TeaTimer] C:/Program Files/Spybot - Search & Destroy/TeaTimer.exe
O4 - Global Startup: WL-8314 Configuration Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:/PROGRA~1/MICROS~3/Office10/EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:/Program Files/Java/jre1.5.0_06/bin/ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:/Program Files/Java/jre1.5.0_06/bin/ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:/PROGRA~1/SPYBOT~1/SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:/PROGRA~1/SPYBOT~1/SDHelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:/PROGRA~1/COMMON~1/Skype/SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:/Program Files/Alwil Software/Avast4/aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:/WINDOWS/System32/Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:/WINDOWS/system32/ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:/Program Files/Alwil Software/Avast4/ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:/Program Files/Alwil Software/Avast4/ashWebSv.exe" /service (file missing)
O23 - Service: BOCore - COMODO - C:/Program Files/Comodo/CBOClean/BOCORE.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:/Program Files/Comodo/Firewall/cmdagent.exe
O23 - Service: Pml Driver HPZ12 - HP - C:/WINDOWS/System32/HPZipm12.exe


I jeszcze jedno, czy jest gdzieś w necie wytłumaczone jak samemu sprawdzić loga? Tak, żeby innym nie zawracać głowy :rolleyes:

Z góry dzięki :banana:
  • 0

#176 Maciej13

Maciej13

    SecurityMaster

  • 261 postów

Napisano 24 08 2007 - 23:46

I jeszcze jedno, czy jest gdzieś w necie wytłumaczone jak samemu sprawdzić loga? Tak, żeby innym nie zawracać głowy :rolleyes:


Nie.

Log jest czysty.

Pokaż log z Silent Runners.
  • 0

#177 @artecki@

@artecki@

    Nowy

  • 4 postów

Napisano 09 09 2007 - 13:02

Proszę o sprawdzenie loga


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:35, on 2007-09-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
D:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\drivers\hidr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\tata\Dane aplikacji\m\flec006.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Seekmo /fleok=1D8A83A5C7E3147899A56D2A1FBB39BFE4976E26CAEDA120180A196D6093 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] D:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [LClock] D:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [SpeedX] D:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hidr.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\tata\Dane aplikacji\m\flec006.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: secuload.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

--
End of file - 4925 bytes
  • 0

#178 Maciej13

Maciej13

    SecurityMaster

  • 261 postów

Napisano 09 09 2007 - 14:07

Użyj ComboFIx.

Później pokaż logi z: Hijack + ComboFix.
  • 0

#179 @artecki@

@artecki@

    Nowy

  • 4 postów

Napisano 09 09 2007 - 14:36

Po zapuszczeniu Combofixa


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:37:54, on 2007-09-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
D:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Seekmo /fleok=1D8A83A5C7E3147899A56D2A1FBB39BFE4976E26CAEDA120180A196D6093 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] D:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [LClock] D:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [SpeedX] D:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: secuload.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

--
End of file - 4326 bytes


ComboFix 07-09-09.4 - "tata" 2007-09-09 14:40:14.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.250 [GMT 2:00]
.

((((((((((((((((((((((((( Files Created from 2007-08-09 to 2007-09-09 )))))))))))))))))))))))))))))))
.

2007-09-09 14:29 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-09 14:16 <DIR> d--h----- C:\DOCUME~1\tata\DANEAP~1\m
2007-09-09 12:13 1,386,496 --a------ C:\WINDOWS\system32\MSVBVM60.DLL
2007-09-09 12:05 <DIR> d-------- C:\DOCUME~1\tata\DANEAP~1\Uniblue
2007-09-09 12:01 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-09 11:26 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-09-06 21:42 <DIR> d-------- C:\Program Files\ErrorKiller
2007-08-26 21:47 <DIR> d-------- C:\DOCUME~1\tata\DANEAP~1\ICQ Toolbar
2007-08-26 21:42 <DIR> d-------- C:\Program Files\ICQToolbar
2007-08-26 21:41 <DIR> d-------- C:\DOCUME~1\tata\DANEAP~1\ICQ
2007-08-26 21:40 <DIR> d-------- C:\DOCUME~1\tata\DANEAP~1\InstallShield
2007-08-26 20:26 392,320 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2007-08-26 20:26 32,768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2007-08-26 20:26 120,992 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2007-08-26 20:25 <DIR> d-------- C:\Program Files\Common Files\Maxtor
2007-08-16 22:38 <DIR> d-------- C:\DOCUME~1\tata\DANEAP~1\DeskSoft
2007-08-15 23:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Pulpit
2007-08-15 13:47 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-08-14 23:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-09 14:00 --------- d-------- C:\DOCUME~1\tata\DANEAP~1\uTorrent
2007-09-06 21:42 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-30 19:21 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-08-22 20:18 --------- dr------- C:\Program Files\foobar2000
2007-08-14 20:10 --------- d-------- C:\DOCUME~1\tata\DANEAP~1\Ahead
2007-08-13 20:11 --------- d-------- C:\DOCUME~1\tata\DANEAP~1\Tlen.pl
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-29 20:42 --------- d-------- C:\DOCUME~1\tata\DANEAP~1\Google
2007-07-29 18:29 --------- d-------- C:\Program Files\Common Files\Ahead
2007-07-29 18:23 --------- d-------- C:\Program Files\Nero
2007-07-29 12:08 --------- d-------- C:\Program Files\QuickTime
2007-07-29 12:08 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\QuickTime
2007-07-28 13:55 40 --a------ C:\Program Files\path3.ini
2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-07-27 19:18 11973 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-07-24 20:18 --------- dr------- C:\Program Files\Skype
2007-07-23 21:50 --------- d-------- C:\Program Files\Ofb1
2007-07-17 19:26 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Lavasoft
2007-07-16 23:26 --------- d-------- C:\DOCUME~1\tata\DANEAP~1\vlc
2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-21 21:08 6688 --a------ C:\WINDOWS\movexe.exe
2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 15:23 1034752 --a------ C:\WINDOWS\explorer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07AA283A-43D7-4CBE-A064-32A21112D94D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" []
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"WheelMouse"="D:\Program Files\A4Tech\Mouse\Amoumain.exe" [2007-02-10 22:07]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 02:08]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-10-25 10:01]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-06-14 17:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="D:\Program Files\LClock\lclock.exe" [2006-10-25 10:01]
"SpeedX"="D:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe" [2006-10-25 10:01]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 17:09]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=secuload.dll

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-09 14:40:46
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mule_st_key"="C:\\Documents and Settings\\tata\\Dane aplikacji\\m\\flec006.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet009\Services\srosa]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\srosa.sys"
.
Completion time: 2007-09-09 14:41:25
C:\ComboFix-quarantined-files.txt ... 2007-09-09 14:41
C:\ComboFix2.txt ... 2007-09-09 14:31
.
--- E O F ---
  • 0

#180 slake1

slake1

    Obserwator

  • 6 postów

Napisano 11 09 2007 - 19:01

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Seekmo /fleok=1D8A83A5C7E3147899A56D2A1FBB39BFE4976E26CAEDA120180A196D6093 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)


Fix w HJT.

O20 - AppInit_DLLs: secuload.dll


Plik przeskanuj na http://virustotal.com i podaj wynik skanowania.
  • 0
Wróć do Archiwum


Użytkownicy przeglądający ten temat: 1

0 użytkowników, 1 gości, 0 anonimowych

  1. Forum Komputerowe Tweaks.pl
  2. Społeczność Tweaks.pl
  3. Archiwum
  4. Polityka prywatności
  5. Szukaj
  6. Regulamin Forum ·