SpyWorm.Win32
Witam, mam takiego wirusa - robaka w kompie, przeszukałem siec w sparwie usunięcia tego kwasa, ale niestety nic.
Proszę o pomoc.
Mój Avast nie wykrył TEGO.
Odpowiedzi: 10
Pierwsze - nie pisz posta pod postem - uzywaj edycji.
Informacje o HijackThis znajdziesz w przykejonych tematach w tym dziale.
Jedyne co znalazłem to plik [quote]C:\WINDOWS\system32\57E2900693.sys[/quote]
PS Ten Power Manager to Ty sam instalowałeś ?? Zadanie w Harmonogramie - Low Battery Alarm Program.job - obejrzyj również.
Hijacka - a tego to gdzie znajde ??
comboFix
ComboFix 07-10-25.4 - dom 2007-10-26 0:25:27.1 - NTFSx86
Running from: C:\Documents and Settings\dom\Pulpit\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-09-25 to 2007-10-25 )))))))))))))))))))))))))))))))
.
2007-10-26 00:23 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-24 23:13 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-10-24 23:02 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-10-24 23:02 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-10-24 23:01 d-------- C:\Program Files\DivX
2007-10-23 23:34 d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2007-10-22 22:40 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-22 21:48 d-------- C:\Program Files\MarBit
2007-10-22 20:11 d-------- C:\Documents and Settings\dom\Dane aplikacji\Leadertech
2007-10-20 20:22 d-------- C:\Documents and Settings\dom\Dane aplikacji\AdobeAUM
2007-10-06 11:28 450,560 --a------ C:\WINDOWS\system32\mcs_cor1.dll
2007-10-06 11:28 172,032 --a------ C:\WINDOWS\system32\mcs_cor2.dll
2007-10-06 09:39 d-------- C:\Program Files\DevGuru
2007-10-06 09:39 319,456 --a------ C:\WINDOWS\system32\drivers\DIFxAPI.dll
2007-10-06 09:22 d-------- C:\Documents and Settings\dom\Dane aplikacji\Media Player Classic
2007-10-06 09:17 19,968 --a------ C:\WINDOWS\system32\cpuinf32.dll
2007-10-06 00:51 157,696 --a------ C:\WINDOWS\system32\unrar.dll
2007-09-28 18:08 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-28 18:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-09-28 18:07 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-09-28 18:07 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-09-28 18:07 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-25 21:59 --------- d-----w C:\Documents and Settings\dom\Dane aplikacji\Skype
2007-10-23 20:56 --------- d-----w C:\Program Files\Gadu-Gadu
2007-10-23 20:55 --------- d-----w C:\Program Files\Power Manager
2007-10-23 20:55 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-10-23 20:55 --------- d-----w C:\Program Files\Office Mouse Driver
2007-10-23 20:55 --------- d-----w C:\Program Files\Apoint2K
2007-10-21 11:03 35,376 ----a-w C:\Documents and Settings\dom\Dane aplikacji\GDIPFONTCACHEV1.DAT
2007-10-18 21:25 --------- d-----w C:\Program Files\Java
2007-10-17 21:11 --------- d-----w C:\Documents and Settings\dom\Dane aplikacji\PC Suite
2007-10-12 20:58 --------- d-----w C:\Program Files\Picasa2
2007-09-28 16:07 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-28 16:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-09-28 16:05 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-28 16:05 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-28 16:05 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-09-28 16:05 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-09-28 16:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-09-28 16:05 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-09-28 16:05 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-09-28 16:05 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-09-23 20:00 --------- d-----w C:\Program Files\MidiMeow
2007-09-23 19:52 --------- d-----w C:\Program Files\CDex_151
2007-09-23 19:40 --------- d-----w C:\Documents and Settings\dom\Dane aplikacji\Nokia Multimedia Player
2007-09-11 13:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-11 13:24 --------- d-----w C:\Program Files\e-Kiosk Reader
2007-09-11 13:24 --------- d-----w C:\Program Files\BearShare
2007-09-08 06:55 --------- d-----w C:\Program Files\Fakturka
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-01-06 07:50 628 ----a-w C:\Documents and Settings\dom\Dane aplikacji\wklnhst.dat
2007-02-21 08:05:23 56 --sh--r C:\WINDOWS\system32\57E2900693.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerManager"="C:\Program Files\Power Manager\PM.exe" [2005-08-19 10:11]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-08-06 09:45]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 14:00 C:\WINDOWS\system32\bthprops.cpl]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-12-05 14:22]
"SMSERIAL"="sm56hlpr.exe" [2005-07-06 04:47 C:\WINDOWS\sm56hlpr.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 C:\WINDOWS\soundman.exe]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
"WireLessMouse"="C:\Program Files\Office Mouse Driver\StartAutorun.exe" [2005-11-30 12:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 18:20]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Documents and Settings\All Users\Menu Start\Programy\AutostartAdobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-07-14 20:20:34]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 08:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]
R0 SiSRaid2;SiSRaid2;C:\WINDOWS\system32\drivers\SiSRaid2.sys
R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys
R2 IOSLINK;IOSLINK;\??\C:\WINDOWS\system32\drivers\IosLink.sys
R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys
R3 WINIO;WINIO;\??\C:\Program Files\Power Manager\winio.sys
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
*Newly Created Service* - CATCHME
*Newly Created Service* - WINIO
.
Contents of the 'Scheduled Tasks' folder
"2007-01-24 21:38:41 C:\WINDOWS\Tasks\Low Battery Alarm Program.job"
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-26 00:28:09
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-10-26 0:29:29
.
--- E O F ---
Po tym logu nic nie widać.
Pokaż tego Combofixa i Hijacka też wrzuć.
Pokazuje się na parę sekund,a mój angielski ....](*,)
Spróbuję ten drugi link.
A info to jaką ma treść ?? Bo od tego zależy co dalej z nim.
Loga Combofixa też możesz zrobić i pokazać - [url]http://cybertrash.pl/images/tata/ComboFix.html[/url]
Update:
Widzę, że znalzałeś co trzeba ;)
Puściełm tego Silent ale nie wiem o co chodzi, po minucie pokazuje krótko info po angielsku i znika. Na pulpicie pokazało się to:
Żółty proszę o pomoc.
"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"PowerManager" = "C:\Program Files\Power Manager\PM.exe" [empty string]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"BluetoothAuthenticationAgent" = "rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" [MS]
"Apoint" = "C:\Program Files\Apoint2K\Apoint.exe" ["Alps Electric Co., Ltd."]
"SMSERIAL" = "sm56hlpr.exe" ["Motorola Inc."]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"PCSuiteTrayApplication" = "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup" ["Nokia"]
"WireLessMouse" = "C:\Program Files\Office Mouse Driver\StartAutorun.exe MouseDrv.exe" [empty string]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Active Setup\Installed Components>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify<> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlersavast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlersWinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlersavast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {policy setting}:
--------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Idylla.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Idylla.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop"SCRNSAVE.EXE" = "C:\PROGRA~1\Picasa2\Picasa2.scr" ["Google Inc."]
Startup items in "dom" & "All Users" startup folders:
-----------------------------------------------------
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
Enabled Scheduled Tasks:
------------------------
"Low Battery Alarm Program" -> WARNING -- The file "Low Battery Alarm Program.job" is corrupt! (no executable)
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 34
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS\System32\bthserv.dll" [MS]}
ServiceLayer, ServiceLayer, ""C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"" ["Nokia."]
Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]}
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\MonitorsHP Master Monitor\Driver = "HPBMMON.DLL" ["Hewlett-Packard"]
HPLJ1020LM\Driver = "ZLhp1020.DLL" ["Zenographics, Inc."]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
Monitor języka PJL\Driver = "PJLMON.DLL" [MS]
---------- (launch time: 2007-10-25 23:25:19)
<>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 45 seconds, including 6 seconds for message boxes)
Loga Hijacka sprawdź sobie - w przyklejonym temacie znajdziesz informacje na jego temat.
Jak będziesz miał wątpliwosci to pytaj.
Jak czegoś nie będziesz w stanie usunąc to pokaż logi - Hijacka i Silent Runners - [url]http://www.silentrunners.org/Silent%20Runners.vbs[/url]
Jak odpalam IE to pokazuje mi się informacja, że mam taki cosik. Zniknęła strona startowa w IE, najpierw z automatu pokazywała sie stronka z informacją o moim IP, systemie operacyjnym i że mam to "coś"
Po tym wnoszę, że coś mam
Ciągle chciały mi się pobierać jakieś płatne antywirusy, które ponoć mi to "coś" usuną. Jak zrobiłem troszkę porządku to teraz się otwiera czysta strona startowa w IE, ale nie mogę ustawić, aby startówką była, jakakolwiek strona. Po kliknięciu ZASTOSUJ, PC się nie stosuje do moim życzeń.
Myślisz, że to coś innego ??
Skąd wiesz że masz ??
Strona 1 / 1