Gość utworzono 17 maja 2009 utworzono 17 maja 2009 Log do sprawdzenia HijackThis Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:28:17, on 2009-05-17Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\OpenOffice.org 3\program\soffice.exeC:\Program Files\OpenOffice.org 3\program\soffice.binC:\WINDOWS\System32\svchost.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exeC:\WINDOWS\System32\alg.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsSvc.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\Program Files\Spyware Doctor\pctsGui.exed:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dllO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htmO9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dllO23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe--End of file - 4164 bytes Silent Runners "Silent Runners.vbs", revision 59, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"" ["Kaspersky Lab"]"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]"ISTray" = ""C:\Program Files\Spyware Doctor\pctsTray.exe"" ["PC Tools"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub" -> {HKLM...CLSID} = "Adobe PDF Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\(Default) = "IEVkbdBHO" -> {HKLM...CLSID} = "IEVkbdBHO Class" \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll" ["Kaspersky Lab"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki ochrony WWW" -> {HKLM...CLSID} = "Statystyki ochrony WWW" \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll" ["Kaspersky Lab"]"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll" ["Kaspersky Lab"]SDContextExt\(Default) = "{70F8E90E-353A-47AB-B297-C576345EE693}" -> {HKLM...CLSID} = "PC Tools Context Menu Extension" \InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\SDCONT~1.DLL" ["PC Tools"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll" ["Kaspersky Lab"]SDContextExt\(Default) = "{70F8E90E-353A-47AB-B297-C576345EE693}" -> {HKLM...CLSID} = "PC Tools Context Menu Extension" \InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\SDCONT~1.DLL" ["PC Tools"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\"HonorAutoRunSetting" = (REG_DWORD) dword:0x00000001{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"Enabled Screen Saver:---------------------HKCU\Control Panel\Desktop\"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]Startup items in "Szymek" & "All Users" startup folders:--------------------------------------------------------C:\Documents and Settings\Szymek\Menu Start\Programy\Autostart"OpenOffice.org 3.0" -> shortcut to: "C:\Program Files\OpenOffice.org 3\program\quickstart.exe" [null data]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]Enabled Scheduled Tasks:------------------------"WGASetup" -> launches: "C:\WINDOWS\system32\KB905474\wgasetup.exe /autoauto" [MS]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------Explorer BarsHKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\HKLM\SOFTWARE\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statystyki ochrony WWW"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll" ["Kaspersky Lab"]Extensions (Tools menu items, main toolbar menu buttons)HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\"ButtonText" = "Statystyki ochrony WWW"{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Kaspersky Internet Security, AVP, ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r" ["Kaspersky Lab"]PC Tools Auxiliary Service, sdAuxService, "C:\Program Files\Spyware Doctor\pctsAuxs.exe" ["PC Tools"]PC Tools Security Service, sdCoreService, "C:\Program Files\Spyware Doctor\pctsSvc.exe" ["PC Tools"]Print Monitors:---------------HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\PCL Language Monitor\Driver = "hpz3l3xu.dll" ["Hewlett-Packard Company"]---------- (launch time: 2009-05-17 16:31:43)<<!>>: Suspicious data at a malware launch point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter.+ The search for DESKTOP.INI DLL launch points on all local fixed drives took 148 seconds.---------- (total run time: 283 seconds) Thx za pomoc
Mateusz J. komentarz 17 maja 2009 komentarz 17 maja 2009 (edytowane) Witam. Jaki jest powód sprawdzania logów? Oba logi wyglądają na czyste, ale jeśli coś się dzieje z komputerem, został wykryte jakieś wirusy to proszę o loga z ComboFix + użyć programu FixWareOut + podać więcej informacji na temat zaistniałego problemu.. Pozdrawiam jesiona
Gość komentarz 18 maja 2009 komentarz 18 maja 2009 Witam, powodem wrzucenia logów jest niemożność zainstalowania GG - pojawia się oto taki komunikat. Kasperski nie odnalazł żadnych wirusów. Ale patrze że teraz po gruntownym przeskanowaniu wszystko działa Thx za pomoc.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.