CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo problem z przeglądarką

problem z przeglądarką

Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 20:47:09, on 2007-09-20 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\DO_SPRAWDZANIA\HiJackThis_v2.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187812182031 O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys -- End of file - 5495 bytes Witam. Wkleiłem log. Może ktoś znajdzie w nim coś co jest podejrzane. Analiza na stronie hijackthis.de jest poprawna tzn nie ma nic na czerwono, a problem jest taki. IE otwiera stronę startową poprawnie, ale po wyszukaniu np. w Google jak klikam jakikolwiek wyszukany link to za pierwszym razem otwiera się dziwna strona do wyszukiwania filmów XXX. Nic nowego ostatnio nie instalowałem i nie chodzę po stronach typu XXX ale jednak coś się przyplątało. Nadmienię jeszcze, że jak wpiszę adres bezpośrednio do paska IE to jest wszystko dobrze, jesli otwieram stronę z "ulubionych" też nie ma problemu. Kłopot jest tylko z wyszukiwarek Google, Yahoo. Jak szukam przez Onet też jest dobrze. Poproszę o jakąś sugestię. Dziękuję i pozdrawiam.

Odpowiedzi: 4

Wielkie dzięki. Wszystko wróciło do normy. Jestem ogromnie wdzięczny. Pozdrawiam serdecznie. Alagors
ALAGORS
Dodano
22.09.2007 00:10:14
Poprawiło sie ?? Bo Combofix skasował dwa syfki. Do usunięcia jest klucz (pozostałość po skasowanym przez ComboFixa syfie) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\System
Żółty
Dodano
21.09.2007 23:20:47
Witam i dziękuje za pomoc. Troszkę to trwało, ale niestety zajęcia służbowe mają pierwszeństwo. Ale do rzeczy. To logi o które prosiłeś ComboFix 07-09-21.2 - "SťAWEK" 2007-09-21 20:44:41.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1103 [GMT 2:00] * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\_000011_.tmp.dll C:\WINDOWS\system32\kddgs.exe . ((((((((((((((((((((((((( Files Created from 2007-08-21 to 2007-09-21 ))))))))))))))))))))))))))))))) . 2007-09-21 20:43 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-20 20:17 1,156 --a------ C:\WINDOWS\mozver.dat 2007-09-20 20:16 0 --a------ C:\WINDOWS\nsreg.dat 2007-09-19 18:47 d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Spybot - Search & Destroy 2007-09-19 17:57 d-------- C:\Program Files\Lavasoft 2007-09-18 18:37 d-------- C:\Program Files\FAST.DV-Player 2007-09-15 19:39 54,784 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll 2007-09-15 19:39 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2007-09-15 19:39 51,328 --a--c--- C:\WINDOWS\system32\dllcache\msdv.sys 2007-09-15 19:39 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys 2007-09-15 19:39 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys 2007-09-15 19:39 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys 2007-09-15 19:39 38,912 --a--c--- C:\WINDOWS\system32\dllcache\avc.sys 2007-09-15 19:39 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys 2007-09-14 23:05 2,666,654 --a------ C:\WINDOWS\Setup_MagicISO.exe 2007-09-14 23:05 d-------- C:\Program Files\MagicISO 2007-09-14 17:30 d-------- C:\Program Files\DVDFab Gold 3 2007-09-10 19:55 d-------- C:\Program Files\URUSoft 2007-09-10 19:22 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-09-10 19:22 d-------- C:\Program Files\vso 2007-09-08 00:26 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-09-08 00:26 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-08 00:26 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-08 00:26 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-09-08 00:26 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-09-08 00:26 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-09-08 00:26 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-08 00:26 d-------- C:\Program Files\Alwil Software 2007-09-06 20:22 d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Acronis 2007-09-06 20:20 392,320 --a------ C:\WINDOWS\system32\drivers\timntr.sys 2007-09-06 20:20 32,768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys 2007-09-06 20:20 114,048 --a------ C:\WINDOWS\system32\drivers\snapman.sys 2007-09-02 23:49 d-------- C:\WINDOWS\system32\drivers\setup 2007-09-02 19:16 d-------- C:\Program Files\Xara 2007-09-02 19:16 d-------- C:\Program Files\Common Files\Xara 2007-08-29 22:56 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe 2007-08-29 22:34 65,536 --a------ C:\WINDOWS\system32\Gif89.dll 2007-08-29 22:34 d-------- C:\Program Files\SEC 2007-08-29 20:59 d-------- C:\Program Files\uTorrent 2007-08-28 23:15 984 --a------ C:\WINDOWS\unins000.dat 2007-08-27 21:35 d-------- C:\ATI 2007-08-26 21:27 d-------- C:\Program Files\HP 2007-08-26 21:24 14,916 --------- C:\WINDOWS\hphmdl12.dat 2007-08-26 21:24 126,801 --a------ C:\WINDOWS\HPHins12.dat 2007-08-25 01:13 d-------- C:\Program Files\MSXML 4.0 2007-08-25 00:29 d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\SRSLabs 2007-08-25 00:26 d-------- C:\Program Files\Windows Media Connect 2 2007-08-25 00:25 d-------- C:\WINDOWS\system32\LogFiles 2007-08-25 00:25 d-------- C:\WINDOWS\system32\drivers\UMDF 2007-08-25 00:13 d-------- C:\Program Files\Outerspace Software 2007-08-25 00:13 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-24 23:06 d-------- C:\Program Files\DivX 2007-08-24 22:13 d-------- C:\Program Files\Lavalys 2007-08-24 22:06 36,608 -ra------ C:\WINDOWS\system32\drivers\SISAGPX.SYS 2007-08-24 22:06 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-08-24 22:06 304,640 --a------ C:\WINDOWS\IsUn0415.exe 2007-08-24 22:06 d-------- C:\WINDOWS\OPTIONS 2007-08-24 22:06 d-------- C:\Program Files\Gigabyte 2007-08-24 22:02 d-------- C:\ETYKIETY 2007-08-24 21:55 d-------- C:\DO_SPRAWDZANIA 2007-08-24 21:54 265,797 --a------ C:\WINDOWS\system32\pdvcodec.dll 2007-08-24 21:54 d-------- C:\PANASONIS_DV_CODEC 2007-08-24 21:54 d-------- C:\LAME MP3 2007-08-24 21:54 d-------- C:\GSpot 2007-08-24 21:54 d-------- C:\FFMPGUI 2007-08-24 21:31 10,368 --a------ C:\WINDOWS\system32\drivers\pfc.sys 2007-08-24 21:31 d-------- C:\Program Files\MemoriesOnTV3 2007-08-23 23:50 d-------- C:\Program Files\Common Files\xing shared 2007-08-23 23:50 d-------- C:\Program Files\Common Files\Real 2007-08-23 23:49 d-------- C:\Program Files\Real 2007-08-23 23:43 d-------- C:\Program Files\QuickTime 2007-08-23 23:43 d-------- C:\Program Files\Apple Software Update 2007-08-23 23:43 d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Apple Computer 2007-08-23 23:42 d-------- C:\Program Files\InterVideo Information Service 2007-08-23 23:42 d-------- C:\Program Files\Common Files\Ulead 2007-08-23 23:42 d-------- C:\Program Files\Common Files\InterVideo 2007-08-23 23:42 d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\InstallShield 2007-08-23 23:41 d-------- C:\Program Files\InterVideo 2007-08-23 23:34 d--h----- C:\WINDOWS\msdownld.tmp 2007-08-23 23:27 d-------- C:\Program Files\GoldWave 2007-08-23 23:16 d-------- C:\Program Files\Common Files\Adobe Systems Shared 2007-08-23 23:16 d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Adobe Systems 2007-08-23 23:09 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-08-23 23:09 d-------- C:\Program Files\ffdshow 2007-08-23 22:56 d-------- C:\Program Files\proDAD 2007-08-23 22:38 d-------- C:\Program Files\AdorageI-SAL 2007-08-23 22:38 d-------- C:\Program Files\AdorageI-GfxDatas 2007-08-23 22:04 401,408 --a------ C:\WINDOWS\system32\pvmjpg30.dll 2007-08-23 22:04 233,472 --a------ C:\WINDOWS\system32\DiskIO.dll 2007-08-23 22:04 184,320 --a------ C:\WINDOWS\system32\RALMain.dll 2007-08-23 22:03 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll 2007-08-23 22:03 73,728 --a------ C:\WINDOWS\system32\MMAviAx.dll 2007-08-23 22:03 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll 2007-08-23 22:03 41,984 --a------ C:\WINDOWS\system32\cacheX.dll 2007-08-23 22:03 32,768 --a------ C:\WINDOWS\system32\MLPagAx.dll 2007-08-23 22:03 114,759 --a------ C:\WINDOWS\system32\Aviprax.dll 2007-08-23 22:03 1,712,128 --a------ C:\WINDOWS\system32\GDIPLUS.DLL 2007-08-23 21:59 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2007-08-23 21:59 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL 2007-08-23 21:59 57,856 --a------ C:\WINDOWS\system32\masd32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-08-22 23:41 219648 --a------ C:\WINDOWS\system32\uxtheme.dll 2007-08-22 21:37 499712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-08-22 21:37 348160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-08-22 21:24 --------- d-------- C:\Program Files\microsoft frontpage 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-28 05:30 269312 --a------ C:\WINDOWS\system32\ati2dvag(2).dll 2007-07-28 05:23 143360 --a------ C:\WINDOWS\system32\atipdlxx(3).dll 2007-07-28 05:23 143360 --a------ C:\WINDOWS\system32\atipdlxx(2).dll 2007-07-28 05:22 43520 --a------ C:\WINDOWS\system32\ati2edxx(2).dll 2007-07-28 05:22 118784 --a------ C:\WINDOWS\system32\ati2evxx(4).dll 2007-07-28 05:22 118784 --a------ C:\WINDOWS\system32\ati2evxx(3).dll 2007-07-28 05:22 118784 --a------ C:\WINDOWS\system32\ati2evxx(2).dll 2007-07-28 05:21 483328 --a------ C:\WINDOWS\system32\ati2evxx(2).exe 2007-07-28 05:12 3067712 --a------ C:\WINDOWS\system32\ati3duag(2).dll 2007-07-28 05:01 1550208 --a------ C:\WINDOWS\system32\ativvaxx(2).dll 2007-07-28 04:47 266240 --a------ C:\WINDOWS\system32\atikvmag(2).dll 2007-07-28 04:40 450560 --a------ C:\WINDOWS\system32\ati2cqag(2).dll 2007-07-27 01:06 524288 --a------ C:\WINDOWS\system32\DivXsm.exe 2007-07-27 01:06 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-07-27 01:06 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-07-27 01:06 144704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-07-27 01:06 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-07-27 01:03 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-07-27 01:03 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-07-27 01:03 81920 --a------ C:\WINDOWS\system32\dpl100.dll 2007-07-27 01:03 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-07-27 01:03 740442 --a------ C:\WINDOWS\system32\DivX.dll 2007-07-27 01:03 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll 2007-07-27 01:03 57344 --a------ C:\WINDOWS\system32\dpv11.dll 2007-07-27 01:03 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll 2007-07-27 01:03 344064 --a------ C:\WINDOWS\system32\dpus11.dll 2007-07-27 01:03 294912 --a------ C:\WINDOWS\system32\dpu11.dll 2007-07-27 01:03 294912 --a------ C:\WINDOWS\system32\dpu10.dll 2007-07-27 01:03 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-07-27 01:03 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2007-07-20 00:57 267112 --a------ C:\WINDOWS\system32\xactengine2_9.dll 2007-07-20 00:54 18280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll 2007-07-19 18:14 444776 --a------ C:\WINDOWS\system32\d3dx10_35.dll 2007-07-19 18:14 3727720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2007-07-19 18:14 1358192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2007-06-26 08:10 1104896 --------- C:\WINDOWS\system32\msxml3.dll --------- C:\Program Files\Usługi online . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04] . Contents of the 'Scheduled Tasks' folder "2007-08-23 21:43:40 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-09-21 18:31:17 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-21 20:49:33 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-21 20:50:54 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-09-21 20:50 . --- E O F --- "Silent Runners.vbs", revision 52, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS] "SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Windows Defender" = ""C:\Program Files\Windows Defender\MSASCui.exe" -hide" [MS] "ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"" [null data] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension" -> {HKLM...CLSID} = "SimpleShlExt Class" \InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{79BC0345-1015-11D2-A299-006008312725}" = "blue.shell" -> {HKLM...CLSID} = "Studio.Project" \InProcServer32\(Default) = "C:\Program Files\Pinnacle\Studio 11\programs\BlueShellExt.dll" [null data] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks<> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook" -> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook" \InProcServer32\(Default) = "C:\PROGRA~1\WINDOW~4\MpShHook.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon<> "System" = "kddgs.exe" [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify<> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\Software\Classes\PROTOCOLS\Filter<> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\*\shellex\ContextMenuHandlersavast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}" -> {HKLM...CLSID} = "MShellExtMenu Class" \InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlersMagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}" -> {HKLM...CLSID} = "MShellExtMenu Class" \InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlersavast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}" -> {HKLM...CLSID} = "MShellExtMenu Class" \InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop"Wallpaper" = "C:\Documents and Settings\SŁAWEK\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Startup items in "SŁAWEK" & "All Users" startup folders: -------------------------------------------------------- C:\Documents and Settings\SŁAWEK\Menu Start\Programy\Autostart "Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] Enabled Scheduled Tasks: ------------------------ "AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."] "MP Scheduled Scan" -> launches: "C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"] avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"] avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"] LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"] Windows Defender, WinDefend, ""C:\Program Files\Windows Defender\MsMpEng.exe"" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\MonitorsMicrosoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- (launch time: 2007-09-21 20:34:22) <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 52 seconds, including 18 seconds for message boxes) Dzięki.
ALAGORS
Dodano
21.09.2007 22:56:44
Po tym logu nic nie widać. Pokaz logi Silent Runners i Combofixa
Żółty
Dodano
21.09.2007 00:47:14
ALAGORS
Dodano:
20.09.2007 22:58:02
Komentarzy:
4
Strona 1 / 1