Spawn utworzono 14 czerwca 2007 utworzono 14 czerwca 2007 Mam problem a mnianowicie kilka razy dziennie (przewaznie jak lacze sie z netemi odpalam IE ) avast wyskakuje mi z komunikatem ze znalazl konia trojanskiego a potem kiedy wlacze kwarantanne albo go usune wyskakuje mi reklamiarz i otwiera mi sie strona z error safe lub Drive cleaner. Nie jestem az takobeznany w kompie i nie rozumiem tego co napisaliscie powyzej tak wiec prosze was o wytlumaczenie mi co mam zrobic w bardziej przyziemny i zrozumialy dla mnie sposob z gory dziekuje za pomoc aha i mozecie mi powiedziec z kad mam wziac te logi bo ja jestem zielony w tym temacie
CatchMe komentarz 14 czerwca 2007 komentarz 14 czerwca 2007 Potrzebne są logi: HijackThis + Silent Runners + ComboFix
Spawn komentarz 14 czerwca 2007 Autor komentarz 14 czerwca 2007 Logi hijack Logfile of HijackThis v1.99.1 Scan saved at 23:47:59, on 2007-06-14 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe C:Program FilesAlwil SoftwareAvast4ashServ.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32j4261637.exe C:WINDOWSsystem32svchost.exe C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe C:Program FilesAlwil SoftwareAvast4ashWebSv.exe C:Program FilesATI TechnologiesATI.ACEcli.exe C:PROGRA~1ALWILS~1Avast4ashDisp.exe C:Program FilesHPHP Software UpdateHPWuSchd2.exe C:WINDOWSsystem32ctfmon.exe C:Program FilesHPDigital Imagingbinhpqtra08.exe C:Program FilesHPDigital ImagingbinhpqSTE08.exe C:Program FilesHPDigital ImagingProduct Assistantbinhprblog.exe C:Program FilesInternet Exploreriexplore.exe D:Program FilesProgram FilesBearShare.exe C:Program FilesInternet Exploreriexplore.exe D:Program FilesDAPDAP.EXE C:DOCUME~1AdminUSTAWI~1TempKatalog tymczasowy 1 dla hijackthis.zipHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLL (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe O4 - HKLM..Run: [GPLv3] rundll32.exe "C:WINDOWSsystem32fcrcpmgq.dll",realset O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe O8 - Extra context menu item: &Clean Traces - D:Program FilesDAPPrivacy Packagedapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - D:Program FilesDAPdapextie.htm O8 - Extra context menu item: Download &all with DAP - D:Program FilesDAPdapextie2.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O17 - HKLMSystemCCSServicesTcpip..{B5380CB0-507E-45FD-96F6-B9BBFD8D26EA}: NameServer = 194.204.152.34 217.98.63.164 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing) O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - C:WINDOWSsystem32j4261637.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe a z silent runner cos mi nie wychodzi i nie moge znalezc loga [ Dodano: 2007-06-15, 10:45 ] to log z combofix ComboFix 07-06-13.3 - C:Documents and SettingsAdminMoje dokumentyMy Completed DownloadsComboFix.exe "Admin" - 2007-06-15 10:38:41 - Dodatek Service Pack 2 NTFS (((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:WINDOWSsystem32blqcvxmv.dll C:WINDOWSsystem32eaudgjem.dll C:WINDOWSsystem32eudlckgu.dll C:WINDOWSsystem32fdicqcef.dll C:WINDOWSsystem32mubpqvma.dll C:WINDOWSsystem32rquodfee.dll C:WINDOWSsystem32snojpelp.dll C:WINDOWSsystem32vfdwbcpe.dll C:WINDOWSsystem32winbjv32.dll C:WINDOWSsystem32vmxvcqlb.ini C:WINDOWSsystem32mejgduae.ini C:WINDOWSsystem32ugkcldue.ini C:WINDOWSsystem32amvqpbum.ini C:WINDOWSsystem32eefdouqr.ini C:WINDOWSsystem32epcbwdfv.ini C:WINDOWSsystem32ttstv.bak1 C:WINDOWSsystem32ttstv.bak2 C:WINDOWSsystem32ttstv.ini C:WINDOWSsystem32ttstv.ini2 C:WINDOWSsystem32ttstv.tmp C:WINDOWSsystem32ttstv.bak1 C:WINDOWSsystem32ttstv.bak2 C:WINDOWSsystem32ttstv.ini C:WINDOWSsystem32ttstv.ini2 C:WINDOWSsystem32ttstv.tmp C:WINDOWSsystem32ttstv.bak1 C:WINDOWSsystem32ttstv.bak2 C:WINDOWSsystem32ttstv.ini C:WINDOWSsystem32ttstv.ini2 C:WINDOWSsystem32ttstv.tmp C:WINDOWSsystem32vtstt.dll C:WINDOWSsystem32hgggdaa.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:DOCUME~1AdminDANEAP~1.macromediaFlash Player#SharedObjectsYX4PKCKMwww.broadcaster.com C:DOCUME~1AdminDANEAP~1.macromediaFlash Player#SharedObjectsYX4PKCKMwww.broadcaster.complayed_list.sol C:DOCUME~1AdminDANEAP~1.macromediaFlash Player#SharedObjectsYX4PKCKMwww.broadcaster.comvideo_queue.sol C:DOCUME~1AdminDANEAP~1.macromediaFlash Playermacromedia.comsupportflashplayersys#www.broadcaster.com C:DOCUME~1AdminDANEAP~1.macromediaFlash Playermacromedia.comsupportflashplayersys#www.broadcaster.comsettings.sol C:Program FilesCommon FilesYazzle1162OinUninstaller.exe C:Program FilesMyGlobalSearch C:Program FilesMyGlobalSearchbar1.binM9FFXTBR.JAR C:Program FilesMyGlobalSearchbar1.binM9FFXTBR.MANIFEST C:Program FilesMyGlobalSearchbar1.binM9NTSTBR.JAR C:Program FilesMyGlobalSearchbar1.binM9NTSTBR.MANIFEST C:Program FilesMyGlobalSearchbar1.binM9PLUGIN.DLL C:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL C:Program FilesMyGlobalSearchbar1.binNPMYGLSH.DLL C:Program FilesMyGlobalSearchbarCache00201D02 C:Program FilesMyGlobalSearchbarCache0020205D C:Program FilesMyGlobalSearchbarCache002021D4.bin C:Program FilesMyGlobalSearchbarCache002024C2.bin C:Program FilesMyGlobalSearchbarCache002026D5.bin C:Program FilesMyGlobalSearchbarCachefiles.ini C:Program FilesMyGlobalSearchbarHistorysearch C:Program FilesMyGlobalSearchbarSettingsprevcfg.htm ((((((((((((((((((((((((( Files Created from 2007-05-15 to 2007-06-15 ))))))))))))))))))))))))))))))) 2007-06-15 10:38 49,152 --a------ C:WINDOWSnircmd.exe 2007-06-14 23:03 <DIR> d-------- C:VideoOutput 2007-06-14 22:53 28,672 --a------ C:WINDOWSsystem32AVEQT.dll 2007-06-14 17:50 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1Spybot - Search & Destroy 2007-06-14 16:10 <DIR> d-------- C:Program FilesWindows Media Connect 2 2007-06-14 16:08 <DIR> d-------- C:WINDOWSsystem32LogFiles 2007-06-14 16:08 <DIR> d-------- C:WINDOWSsystem32driversUMDF 2007-06-14 00:33 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Lavasoft 2007-06-14 00:32 <DIR> d-------- C:Program FilesCommon FilesWise Installation Wizard 2007-06-14 00:05 62,516 --a------ C:WINDOWSsystem32nxgymqpr.dll 2007-06-12 20:21 <DIR> d-------- C:DOCUME~1AdminDANEAP~1AdobeUM 2007-06-11 16:25 8,192 --a------ C:WINDOWSsystem32j4261637.exe 2007-06-11 16:25 2,580 --a------ C:WINDOWSsystem32blxdtlut.exe 2007-06-11 16:25 13,844 --a------ C:WINDOWSsystem32twmpjdhw.exe 2007-06-11 14:06 <DIR> d-------- C:WINDOWSShellNew 2007-06-11 14:04 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Microsoft Web Folders 2007-06-11 13:12 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Image Zone Express 2007-06-09 15:51 <DIR> d-------- C:Program Files3DO 2007-06-09 15:50 327,168 --a------ C:WINDOWSIsUn0415.exe 2007-06-08 10:09 <DIR> d-------- C:DOCUME~1AdminDANEAP~1CyberLink 2007-06-08 10:02 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1CyberLink 2007-06-07 13:36 62,744 --a------ C:WINDOWSsystem32xinput1_2.dll 2007-06-07 13:36 236,824 --a------ C:WINDOWSsystem32xactengine2_3.dll 2007-06-07 13:36 2,297,552 --a------ C:WINDOWSsystem32d3dx9_26.dll 2007-06-06 17:28 9,600 --a------ C:WINDOWSsystem32drivershidusb.sys 2007-06-04 14:28 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Media Player Classic 2007-06-04 14:27 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1Real 2007-06-04 14:27 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Real 2007-06-03 12:56 <DIR> d-------- C:DOCUME~1Admin.jpi_cache 2007-06-02 01:58 <DIR> d-------- C:Program FilesMSXML 4.0 2007-06-01 17:37 <DIR> d-------- C:Program Filesdirectx 2007-06-01 10:45 98,304 --a------ C:WINDOWSsystem32CmdLineExt.dll 2007-05-31 16:55 <DIR> d-------- C:Program FilesCommon FilesHP 2007-05-31 16:55 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1HP 2007-05-31 16:53 <DIR> d-------- C:Program FilesHewlett-Packard 2007-05-31 16:52 51,120 -ra------ C:WINDOWSsystem32driversHPZid412.sys 2007-05-31 16:52 21,744 -ra------ C:WINDOWSsystem32driversHPZius12.sys 2007-05-31 16:52 16,496 -ra------ C:WINDOWSsystem32driversHPZipr12.sys 2007-05-31 16:52 <DIR> d-------- C:Program FilesCommon FilesHewlett-Packard 2007-05-31 16:51 15,104 --a------ C:WINDOWSsystem32driversusbscan.sys 2007-05-31 16:48 94,208 --a------ C:WINDOWSsystem32HPZipt12.dll 2007-05-31 16:48 69,632 --a------ C:WINDOWSsystem32HPZipm12.exe 2007-05-31 16:48 61,440 --a------ C:WINDOWSsystem32HPZinw12.exe 2007-05-31 16:48 57,344 --a------ C:WINDOWSsystem32HPZisn12.dll 2007-05-31 16:48 306,688 --a------ C:WINDOWSIsUninst.exe 2007-05-31 16:48 278,584 --a------ C:WINDOWSsystem32HPZidr12.dll 2007-05-31 16:48 204,800 --a------ C:WINDOWSsystem32HPZipr12.dll 2007-05-31 16:47 25,856 --a------ C:WINDOWSsystem32driversusbprint.sys 2007-05-31 16:47 <DIR> d-------- C:Program FilesHP 2007-05-31 16:46 31,616 --a------ C:WINDOWSsystem32driversusbccgp.sys 2007-05-31 16:45 21,124 --------- C:WINDOWShpomdl07.dat 2007-05-31 16:45 113,548 --a------ C:WINDOWShpoins07.dat 2007-05-31 16:44 <DIR> d-------- C:DOCUME~1AdminDANEAP~1HP 2007-05-31 11:19 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Gadu-Gadu 2007-05-31 11:16 <DIR> d-------- C:DOCUME~1AdminGadu-Gadu 2007-05-30 19:47 50,688 --a------ C:WINDOWSsystem32wbhelp2.dll 2007-05-30 19:47 <DIR> d-a------ C:DOCUME~1ALLUSE~1.WINDANEAP~1TEMP 2007-05-30 19:47 <DIR> d-------- C:Program FilesGoogle 2007-05-30 19:47 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1Google 2007-05-30 19:47 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Google 2007-05-30 19:46 60,416 --a------ C:WINDOWSALCFDRTM.EXE 2007-05-30 19:46 <DIR> d-------- C:WINDOWSsystem32Lang 2007-05-30 19:44 <DIR> d-------- C:Program FilesRegCleaner 2007-05-30 19:40 9,464 --------- C:WINDOWSsystem32driverscdralw2k.sys 2007-05-30 19:40 9,336 --------- C:WINDOWSsystem32driverscdr4_xp.sys 2007-05-30 19:40 43,528 --------- C:WINDOWSsystem32driversPxHelp20.sys 2007-05-30 19:40 129,784 --------- C:WINDOWSsystem32pxafs.dll 2007-05-30 19:24 577,536 --a------ C:WINDOWSsoundman.exe 2007-05-30 19:24 49,152 --a------ C:WINDOWSsystem32ChCfg.exe 2007-05-30 19:24 4,027,840 -ra------ C:WINDOWSsystem32driversalcxwdm.sys 2007-05-30 19:24 315,392 --a------ C:WINDOWSalcupd.exe 2007-05-30 19:24 217,088 --a------ C:WINDOWSAlcrmv.exe 2007-05-30 19:24 147,456 --a------ C:WINDOWSsystem32RtlCPAPI.dll 2007-05-30 19:24 10,528,768 --a------ C:WINDOWSsystem32RTLCPL.exe 2007-05-30 19:24 <DIR> d-------- C:Program FilesRealtek AC97 2007-05-30 18:50 <DIR> d-------- C:WINDOWSsystem32pl-pl 2007-05-30 18:49 <DIR> d-------- C:WINDOWSnetwork diagnostic 2007-05-30 18:08 82,944 --a------ C:WINDOWSsystem32driverswdmaud.sys 2007-05-30 18:08 7,552 --a------ C:WINDOWSsystem32driversMSKSSRV.sys 2007-05-30 18:08 60,800 --a------ C:WINDOWSsystem32driverssysaudio.sys 2007-05-30 18:08 6,400 --a------ C:WINDOWSsystem32driverssplitter.sys 2007-05-30 18:08 54,272 --a------ C:WINDOWSsystem32driversswmidi.sys 2007-05-30 18:08 52,864 --a------ C:WINDOWSsystem32driversDMusic.sys 2007-05-30 18:08 5,376 --a------ C:WINDOWSsystem32driversMSPCLOCK.sys 2007-05-30 18:08 4,992 --a------ C:WINDOWSsystem32driversMSPQM.sys 2007-05-30 18:08 3,072 --a------ C:WINDOWSsystem32driversaudstub.sys 2007-05-30 18:08 2,944 --a------ C:WINDOWSsystem32driversdrmkaud.sys 2007-05-30 18:08 172,416 --a------ C:WINDOWSsystem32driverskmixer.sys 2007-05-30 18:08 142,464 --a------ C:WINDOWSsystem32driversaec.sys 2007-05-30 18:07 60,288 --a------ C:WINDOWSsystem32driversdrmk.sys 2007-05-30 18:07 58,624 --a------ C:WINDOWSsystem32driversredbook.sys 2007-05-30 18:07 4,096 --a------ C:WINDOWSsystem32ksuser.dll 2007-05-30 18:07 2,944 --a------ C:WINDOWSsystem32driversmsmpu401.sys 2007-05-30 18:07 145,792 --a------ C:WINDOWSsystem32driversportcls.sys 2007-05-30 18:07 10,624 --a------ C:WINDOWSsystem32driversgameenum.sys 2007-05-30 18:06 77,312 --a------ C:WINDOWSsystem32usbui.dll 2007-05-30 18:05 9,936 --a------ C:WINDOWSsystemLZEXPAND.DLL 2007-05-30 18:05 9,168 --a------ C:WINDOWSsystemVER.DLL 2007-05-30 18:05 85,532 --a------ C:WINDOWSsystem32dgsetup.dll 2007-05-30 18:05 83,456 --a------ C:WINDOWSsystemOLECLI.DLL (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-01 15:37:18 163,644 ----a-w C:WINDOWSsystem32driverssecdrv.sys 2007-05-30 16:14:16 67,078 ----a-w C:WINDOWSsystem32perfc015.dat 2007-05-30 16:14:16 435,978 ----a-w C:WINDOWSsystem32perfh015.dat 2007-05-22 16:43:44 -------- d-----w C:Program FilesUsługi online 2007-04-25 14:23:30 144,896 ----a-w C:WINDOWSsystem32schannel.dll 2007-04-18 16:14:32 2,854,400 ----a-w C:WINDOWSsystem32msi.dll 2007-04-16 20:45:28 92,504 ----a-w C:WINDOWSsystem32cdm.dll 2007-04-16 20:45:20 43,352 ----a-w C:WINDOWSsystem32wups2.dll 2007-03-17 13:45:36 293,376 ----a-w C:WINDOWSsystem32winsrv.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=D:Program FilesanimActiveXAcroIEHelper.dll [2005-09-24 06:12] {53707962-6F74-2D53-2644-206D7942484F}=C:Program FilesSpybot - Search & DestroySDHelper.dll [2005-05-31 01:04] {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}=C:WINDOWSsystem32nxgymqpr.dll [2007-06-14 00:06] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:program filesgooglegoogletoolbar1.dll [2007-05-30 19:47] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "ATIPTA"="C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe" [2005-05-03 21:05] "ATICCC"="C:Program FilesATI TechnologiesATI.ACEcli.exe" [2005-05-04 00:33] "avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2007-04-30 17:42] "HP Software Update"="C:Program FilesHPHP Software UpdateHPWuSchd2.exe" [2005-05-11 23:12] [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 14:00] ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-15 10:42:11 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-15 10:43:09 - machine was rebooted C:ComboFix-quarantined-files.txt ... 2007-06-15 10:42 --- E O F --- [ Dodano: 2007-06-15, 10:51 ] a to log z silent runners "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++} "ctfmon.exe" = "C:WINDOWSsystem32ctfmon.exe" [MS] HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++} "ATIPTA" = "C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe" ["ATI Technologies, Inc."] "ATICCC" = ""C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime" [null data] "avast!" = "C:PROGRA~1ALWILS~1Avast4ashDisp.exe" ["ALWIL Software"] "HP Software Update" = "C:Program FilesHPHP Software UpdateHPWuSchd2.exe" ["Hewlett-Packard Co."] HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" InProcServer32(Default) = "D:Program FilesanimActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "C:Program FilesSpybot - Search & DestroySDHelper.dll" ["Safer Networking Limited"] {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "C:WINDOWSsystem32nxgymqpr.dll" [null data] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" InProcServer32(Default) = "c:program filesgooglegoogletoolbar1.dll" ["Google Inc."] HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" InProcServer32(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."] "{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension" -> {HKLM...CLSID} = "SimpleShlExt Class" InProcServer32(Default) = "C:Program FilesATI TechnologiesATI.ACEatiacmxx.dll" [empty string] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" InProcServer32(Default) = "C:PROGRA~1MICROS~2OfficeOLKFSTUB.DLL" [MS] HKLMSoftwareMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" InProcServer32(Default) = "C:WINDOWSsystem32WPDShServiceObj.dll" [MS] HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify <<!>> AtiExtEventDLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLMSoftwareClassesFoldershellexColumnHandlers {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" InProcServer32(Default) = "D:Program FilesanimActiveXPDFShell.dll" ["Adobe Systems, Inc."] HKLMSoftwareClasses*shellexContextMenuHandlers avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] DAP_Menu(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}" -> {HKLM...CLSID} = "DAPMenuShellExt Class" InProcServer32(Default) = "D:PROGRA~1DAPPRIVAC~1DAPCTX~1.DLL" ["Speedbit Ltd."] HKLMSoftwareClassesDirectoryshellexContextMenuHandlers DAP_ShredMenu(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}" -> {HKLM...CLSID} = "DAPMenuShellExt Class" InProcServer32(Default) = "D:PROGRA~1DAPPRIVAC~1DAPCTX~1.DLL" ["Speedbit Ltd."] HKLMSoftwareClassesFoldershellexContextMenuHandlers avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral "Wallpaper" = "C:WINDOWSwebwallpaperIdylla.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCUControl PanelDesktop "Wallpaper" = "C:WINDOWSwebwallpaperIdylla.bmp" Startup items in "Admin" & "All Users" startup folders: ------------------------------------------------------- C:Documents and SettingsAll Users.WINDOWSMenu StartProgramyAutostart "HP Digital Imaging Monitor" -> shortcut to: "C:Program FilesHPDigital Imagingbinhpqtra08.exe" ["Hewlett-Packard Co."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_E tries {++} 000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] 000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS] 000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] Transport Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_En ries {++} 0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%system32rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" InProcServer32(Default) = "c:program filesgooglegoogletoolbar1.dll" ["Google Inc."] "{F2CF5485-4E02-4F68-819C-B92DE9277049}" -> {HKLM...CLSID} = "&Links" InProcServer32(Default) = "C:WINDOWSsystem32ieframe.dll" [MS] HKLMSoftwareMicrosoftInternet ExplorerToolbar "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" InProcServer32(Default) = "c:program filesgooglegoogletoolbar1.dll" ["Google Inc."] Extensions (Tools menu items, main toolbar menu buttons) HKLMSoftwareMicrosoftInternet ExplorerExtensions {E2E2DD38-D088-4134-82B7-F2BA38496583} "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%Network Diagnosticxpnetdiag.exe" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683} "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:Program FilesMessengermsmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks <<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided) -> {HKLM...CLSID} = "Search Class" InProcServer32(Default) = "C:PROGRA~1NEOSTR~1SEARCH~1.DLL" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:WINDOWSsystem32Ati2evxx.exe" ["ATI Technologies Inc."] avast! Antivirus, avast! Antivirus, ""C:Program FilesAlwil SoftwareAvast4ashServ.exe"" ["ALWIL Software"] avast! iAVS4 Control Service, aswUpdSv, ""C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe"" ["ALWIL Software"] avast! Mail Scanner, avast! Mail Scanner, ""C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service" ["ALWIL Software"] dns cache reader, DNSCacheReader, "C:WINDOWSsystem32j4261637.exe" [null data]
CatchMe komentarz 15 czerwca 2007 komentarz 15 czerwca 2007 1. Ściągnij: WWDC - Zmień wszystkie opcje z disable na enable i uruchom ponownie komputer. - Prawidłowy układ portów przedstawia zdjęcie: http://www.firewallleaktester.com/images_site/wwdc.jpg * NetBIOS może być żółty. Zastosuj i wklej raporty: VundoFix + Trojan.Vundo Removal Tool + VirtumundoBeGone - Następnie wklej nowe logi.
Spawn komentarz 15 czerwca 2007 Autor komentarz 15 czerwca 2007 virtumundoBeGone sciagnelem a reszty nie moge a w WWDC wyswietla mi sie na zolto RPC locator a reszta jest zielona
Spawn komentarz 15 czerwca 2007 Autor komentarz 15 czerwca 2007 [06/15/2007, 21:48:55] - VirtumundoBeGone v1.5 ( "C:Documents and SettingsAdminMoje dokumentyMy Completed DownloadsVirtumundoBeGone.exe" ) [06/15/2007, 21:49:03] - Detected System Information: [06/15/2007, 21:49:03] - Windows Version: 5.1.2600, Dodatek Service Pack 2 [06/15/2007, 21:49:03] - Current Username: Admin (Admin) [06/15/2007, 21:49:03] - Windows is in NORMAL mode. [06/15/2007, 21:49:03] - Searching for Browser Helper Objects: [06/15/2007, 21:49:03] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [06/15/2007, 21:49:03] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} () [06/15/2007, 21:49:03] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/15/2007, 21:49:03] - Checking for HKLM...WinlogonNotifySDHelper [06/15/2007, 21:49:03] - Key not found: HKLM...WinlogonNotifySDHelper, continuing. [06/15/2007, 21:49:03] - BHO 3: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} () [06/15/2007, 21:49:03] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/15/2007, 21:49:03] - Checking for HKLM...WinlogonNotifynxgymqpr [06/15/2007, 21:49:03] - Key not found: HKLM...WinlogonNotifynxgymqpr, continuing. [06/15/2007, 21:49:03] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [06/15/2007, 21:49:03] - BHO 5: {C650DA86-98CB-40A7-9291-525C882A1B45} () [06/15/2007, 21:49:03] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/15/2007, 21:49:03] - No filename found. Continuing. [06/15/2007, 21:49:03] - Finished Searching Browser Helper Objects [06/15/2007, 21:49:03] - Finishing up... [06/15/2007, 21:49:03] - Nothing found! Exiting... Tylko takie mam z VirtumundoBeGone reszta nie chce sie sciagnac
Spawn komentarz 16 czerwca 2007 Autor komentarz 16 czerwca 2007 Juz jest dobrze nie wykrywa mi zadnych wirusuw i nie otwieraja mi sie same zadne stronki. Dziekuje za pomoc
CatchMe komentarz 16 czerwca 2007 komentarz 16 czerwca 2007 OK, ale w logach mogą zostać resztówki. Prosiłbym jeszcze kontrolnie...
Spawn komentarz 16 czerwca 2007 Autor komentarz 16 czerwca 2007 Logi z Hijack Logfile of HijackThis v1.99.1 Scan saved at 23:08:59, on 2007-06-16 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe C:Program FilesAlwil SoftwareAvast4ashServ.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSsystem32j4261637.exe C:WINDOWSsystem32svchost.exe C:Program FilesATI TechnologiesATI.ACEcli.exe C:PROGRA~1ALWILS~1Avast4ashDisp.exe C:Program FilesHPHP Software UpdateHPWuSchd2.exe C:WINDOWSSOUNDMAN.EXE C:WINDOWSsystem32ctfmon.exe C:Program FilesHPDigital Imagingbinhpqtra08.exe C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe C:Program FilesAlwil SoftwareAvast4ashWebSv.exe C:Program FilesHPDigital ImagingbinhpqSTE08.exe C:Program FilesHPDigital ImagingProduct Assistantbinhprblog.exe D:Program FilesDAPDAP.EXE C:WINDOWSexplorer.exe C:DOCUME~1AdminUSTAWI~1TempKatalog tymczasowy 1 dla hijackthis.zipHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLL (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:Program FilesanimActiveXAcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:WINDOWSsystem32nxgymqpr.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar1.dll O2 - BHO: (no name) - {C650DA86-98CB-40A7-9291-525C882A1B45} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe O4 - HKLM..Run: [soundMan] SOUNDMAN.EXE O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe O8 - Extra context menu item: &Clean Traces - D:Program FilesDAPPrivacy Packagedapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - D:Program FilesDAPdapextie.htm O8 - Extra context menu item: Download &all with DAP - D:Program FilesDAPdapextie2.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O17 - HKLMSystemCCSServicesTcpip..{B5380CB0-507E-45FD-96F6-B9BBFD8D26EA}: NameServer = 194.204.152.34 217.98.63.164 O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing) O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - C:WINDOWSsystem32j4261637.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe Logi z silentrunner "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++} "ctfmon.exe" = "C:WINDOWSsystem32ctfmon.exe" [MS] HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++} "ATIPTA" = "C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe" ["ATI Technologies, Inc."] "ATICCC" = ""C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime" [null data] "avast!" = "C:PROGRA~1ALWILS~1Avast4ashDisp.exe" ["ALWIL Software"] "HP Software Update" = "C:Program FilesHPHP Software UpdateHPWuSchd2.exe" ["Hewlett-Packard Co."] "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" InProcServer32(Default) = "D:Program FilesanimActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "C:Program FilesSpybot - Search & DestroySDHelper.dll" ["Safer Networking Limited"] {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "C:WINDOWSsystem32nxgymqpr.dll" [null data] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" InProcServer32(Default) = "c:program filesgooglegoogletoolbar1.dll" ["Google Inc."] HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" InProcServer32(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."] "{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension" -> {HKLM...CLSID} = "SimpleShlExt Class" InProcServer32(Default) = "C:Program FilesATI TechnologiesATI.ACEatiacmxx.dll" [empty string] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" InProcServer32(Default) = "C:PROGRA~1MICROS~2OfficeOLKFSTUB.DLL" [MS] HKLMSoftwareMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" InProcServer32(Default) = "C:WINDOWSsystem32WPDShServiceObj.dll" [MS] HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify <<!>> AtiExtEventDLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLMSoftwareClassesFoldershellexColumnHandlers {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" InProcServer32(Default) = "D:Program FilesanimActiveXPDFShell.dll" ["Adobe Systems, Inc."] HKLMSoftwareClasses*shellexContextMenuHandlers avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] DAP_Menu(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}" -> {HKLM...CLSID} = "DAPMenuShellExt Class" InProcServer32(Default) = "D:PROGRA~1DAPPRIVAC~1DAPCTX~1.DLL" ["Speedbit Ltd."] HKLMSoftwareClassesDirectoryshellexContextMenuHandlers DAP_ShredMenu(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}" -> {HKLM...CLSID} = "DAPMenuShellExt Class" InProcServer32(Default) = "D:PROGRA~1DAPPRIVAC~1DAPCTX~1.DLL" ["Speedbit Ltd."] HKLMSoftwareClassesFoldershellexContextMenuHandlers avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral "Wallpaper" = "C:WINDOWSwebwallpaperIdylla.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCUControl PanelDesktop "Wallpaper" = "C:WINDOWSwebwallpaperIdylla.bmp" Startup items in "Admin" & "All Users" startup folders: ------------------------------------------------------- C:Documents and SettingsAll Users.WINDOWSMenu StartProgramyAutostart "HP Digital Imaging Monitor" -> shortcut to: "C:Program FilesHPDigital Imagingbinhpqtra08.exe" ["Hewlett-Packard Co."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_E tries {++} 000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] 000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS] 000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] Transport Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_En ries {++} 0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%system32rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" InProcServer32(Default) = "c:program filesgooglegoogletoolbar1.dll" ["Google Inc."] "{F2CF5485-4E02-4F68-819C-B92DE9277049}" -> {HKLM...CLSID} = "&Links" InProcServer32(Default) = "C:WINDOWSsystem32ieframe.dll" [MS] HKLMSoftwareMicrosoftInternet ExplorerToolbar "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" InProcServer32(Default) = "c:program filesgooglegoogletoolbar1.dll" ["Google Inc."] Extensions (Tools menu items, main toolbar menu buttons) HKLMSoftwareMicrosoftInternet ExplorerExtensions {E2E2DD38-D088-4134-82B7-F2BA38496583} "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%Network Diagnosticxpnetdiag.exe" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683} "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:Program FilesMessengermsmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks <<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided) -> {HKLM...CLSID} = "Search Class" InProcServer32(Default) = "C:PROGRA~1NEOSTR~1SEARCH~1.DLL" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:WINDOWSsystem32Ati2evxx.exe" ["ATI Technologies Inc."] avast! Antivirus, avast! Antivirus, ""C:Program FilesAlwil SoftwareAvast4ashServ.exe"" ["ALWIL Software"] avast! iAVS4 Control Service, aswUpdSv, ""C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe"" ["ALWIL Software"] avast! Mail Scanner, avast! Mail Scanner, ""C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service" ["ALWIL Software"] dns cache reader, DNSCacheReader, "C:WINDOWSsystem32j4261637.exe" [null data] Print Monitors: --------------- HKLMSystemCurrentControlSetControlPrintMonitors HP Standard TCP/IP PortDriver = "HpTcpMon.dll" ["Hewlett Packard"] hpzlnt12Driver = "hpzlnt12.dll" ["HP"] ---------- <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 15 seconds. ---------- (total run time: 44 seconds) Logi z combofix ComboFix 07-06-13.3 - D:programyNowy folderComboFix.exe "Admin" - 2007-06-16 23:05:35 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-05-16 to 2007-06-16 ))))))))))))))))))))))))))))))) 2007-06-15 12:13 577,536 --a------ C:WINDOWSsoundman.exe 2007-06-15 12:13 49,152 --a------ C:WINDOWSsystem32ChCfg.exe 2007-06-15 12:13 4,027,840 -ra------ C:WINDOWSsystem32driversalcxwdm.sys 2007-06-15 12:13 315,392 --a------ C:WINDOWSalcupd.exe 2007-06-15 12:13 217,088 --a------ C:WINDOWSAlcrmv.exe 2007-06-15 12:13 147,456 --a------ C:WINDOWSsystem32RtlCPAPI.dll 2007-06-15 12:13 10,528,768 --a------ C:WINDOWSsystem32RTLCPL.exe 2007-06-15 12:13 <DIR> d-------- C:Program FilesRealtek AC97 2007-06-15 10:38 49,152 --a------ C:WINDOWSnircmd.exe 2007-06-14 22:53 28,672 --a------ C:WINDOWSsystem32AVEQT.dll 2007-06-14 17:50 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1Spybot - Search & Destroy 2007-06-14 16:10 <DIR> d-------- C:Program FilesWindows Media Connect 2 2007-06-14 16:08 <DIR> d-------- C:WINDOWSsystem32LogFiles 2007-06-14 16:08 <DIR> d-------- C:WINDOWSsystem32driversUMDF 2007-06-14 00:33 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Lavasoft 2007-06-14 00:32 <DIR> d-------- C:Program FilesCommon FilesWise Installation Wizard 2007-06-14 00:05 62,516 --a------ C:WINDOWSsystem32nxgymqpr.dll 2007-06-12 20:21 <DIR> d-------- C:DOCUME~1AdminDANEAP~1AdobeUM 2007-06-11 16:25 8,192 --a------ C:WINDOWSsystem32j4261637.exe 2007-06-11 16:25 13,844 --a------ C:WINDOWSsystem32twmpjdhw.exe 2007-06-11 14:06 <DIR> d-------- C:WINDOWSShellNew 2007-06-11 14:04 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Microsoft Web Folders 2007-06-11 13:12 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Image Zone Express 2007-06-09 15:51 <DIR> d-------- C:Program Files3DO 2007-06-09 15:50 327,168 --a------ C:WINDOWSIsUn0415.exe 2007-06-08 10:09 <DIR> d-------- C:DOCUME~1AdminDANEAP~1CyberLink 2007-06-08 10:02 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1CyberLink 2007-06-07 13:36 62,744 --a------ C:WINDOWSsystem32xinput1_2.dll 2007-06-07 13:36 236,824 --a------ C:WINDOWSsystem32xactengine2_3.dll 2007-06-07 13:36 2,297,552 --a------ C:WINDOWSsystem32d3dx9_26.dll 2007-06-06 17:28 9,600 --a------ C:WINDOWSsystem32drivershidusb.sys 2007-06-04 14:28 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Media Player Classic 2007-06-04 14:27 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1Real 2007-06-04 14:27 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Real 2007-06-03 12:56 <DIR> d-------- C:DOCUME~1Admin.jpi_cache 2007-06-02 01:58 <DIR> d-------- C:Program FilesMSXML 4.0 2007-06-01 17:37 <DIR> d-------- C:Program Filesdirectx 2007-06-01 10:45 98,304 --a------ C:WINDOWSsystem32CmdLineExt.dll 2007-05-31 16:55 <DIR> d-------- C:Program FilesCommon FilesHP 2007-05-31 16:55 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1HP 2007-05-31 16:53 <DIR> d-------- C:Program FilesHewlett-Packard 2007-05-31 16:52 51,120 -ra------ C:WINDOWSsystem32driversHPZid412.sys 2007-05-31 16:52 21,744 -ra------ C:WINDOWSsystem32driversHPZius12.sys 2007-05-31 16:52 16,496 -ra------ C:WINDOWSsystem32driversHPZipr12.sys 2007-05-31 16:52 <DIR> d-------- C:Program FilesCommon FilesHewlett-Packard 2007-05-31 16:51 15,104 --a------ C:WINDOWSsystem32driversusbscan.sys 2007-05-31 16:48 94,208 --a------ C:WINDOWSsystem32HPZipt12.dll 2007-05-31 16:48 69,632 --a------ C:WINDOWSsystem32HPZipm12.exe 2007-05-31 16:48 61,440 --a------ C:WINDOWSsystem32HPZinw12.exe 2007-05-31 16:48 57,344 --a------ C:WINDOWSsystem32HPZisn12.dll 2007-05-31 16:48 306,688 --a------ C:WINDOWSIsUninst.exe 2007-05-31 16:48 278,584 --a------ C:WINDOWSsystem32HPZidr12.dll 2007-05-31 16:48 204,800 --a------ C:WINDOWSsystem32HPZipr12.dll 2007-05-31 16:47 25,856 --a------ C:WINDOWSsystem32driversusbprint.sys 2007-05-31 16:47 <DIR> d-------- C:Program FilesHP 2007-05-31 16:46 31,616 --a------ C:WINDOWSsystem32driversusbccgp.sys 2007-05-31 16:45 21,124 --------- C:WINDOWShpomdl07.dat 2007-05-31 16:45 113,548 --a------ C:WINDOWShpoins07.dat 2007-05-31 16:44 <DIR> d-------- C:DOCUME~1AdminDANEAP~1HP 2007-05-31 11:19 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Gadu-Gadu 2007-05-31 11:16 <DIR> d-------- C:DOCUME~1AdminGadu-Gadu 2007-05-30 19:47 50,688 --a------ C:WINDOWSsystem32wbhelp2.dll 2007-05-30 19:47 <DIR> d-a------ C:DOCUME~1ALLUSE~1.WINDANEAP~1TEMP 2007-05-30 19:47 <DIR> d-------- C:Program FilesGoogle 2007-05-30 19:47 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1Google 2007-05-30 19:47 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Google 2007-05-30 19:46 60,416 --a------ C:WINDOWSALCFDRTM.EXE 2007-05-30 19:46 <DIR> d-------- C:WINDOWSsystem32Lang 2007-05-30 19:44 <DIR> d-------- C:Program FilesRegCleaner 2007-05-30 19:40 9,464 --------- C:WINDOWSsystem32driverscdralw2k.sys 2007-05-30 19:40 9,336 --------- C:WINDOWSsystem32driverscdr4_xp.sys 2007-05-30 19:40 43,528 --------- C:WINDOWSsystem32driversPxHelp20.sys 2007-05-30 19:40 129,784 --------- C:WINDOWSsystem32pxafs.dll 2007-05-30 18:50 <DIR> d-------- C:WINDOWSsystem32pl-pl 2007-05-30 18:49 <DIR> d-------- C:WINDOWSnetwork diagnostic 2007-05-30 18:08 82,944 --a------ C:WINDOWSsystem32driverswdmaud.sys 2007-05-30 18:08 7,552 --a------ C:WINDOWSsystem32driversMSKSSRV.sys 2007-05-30 18:08 60,800 --a------ C:WINDOWSsystem32driverssysaudio.sys 2007-05-30 18:08 6,400 --a------ C:WINDOWSsystem32driverssplitter.sys 2007-05-30 18:08 54,272 --a------ C:WINDOWSsystem32driversswmidi.sys 2007-05-30 18:08 52,864 --a------ C:WINDOWSsystem32driversDMusic.sys 2007-05-30 18:08 5,376 --a------ C:WINDOWSsystem32driversMSPCLOCK.sys 2007-05-30 18:08 4,992 --a------ C:WINDOWSsystem32driversMSPQM.sys 2007-05-30 18:08 3,072 --a------ C:WINDOWSsystem32driversaudstub.sys 2007-05-30 18:08 2,944 --a------ C:WINDOWSsystem32driversdrmkaud.sys 2007-05-30 18:08 172,416 --a------ C:WINDOWSsystem32driverskmixer.sys 2007-05-30 18:08 142,464 --a------ C:WINDOWSsystem32driversaec.sys 2007-05-30 18:07 60,288 --a------ C:WINDOWSsystem32driversdrmk.sys 2007-05-30 18:07 58,624 --a------ C:WINDOWSsystem32driversredbook.sys 2007-05-30 18:07 4,096 --a------ C:WINDOWSsystem32ksuser.dll 2007-05-30 18:07 2,944 --a------ C:WINDOWSsystem32driversmsmpu401.sys 2007-05-30 18:07 145,792 --a------ C:WINDOWSsystem32driversportcls.sys 2007-05-30 18:07 10,624 --a------ C:WINDOWSsystem32driversgameenum.sys 2007-05-30 18:06 77,312 --a------ C:WINDOWSsystem32usbui.dll 2007-05-30 18:05 9,936 --a------ C:WINDOWSsystemLZEXPAND.DLL 2007-05-30 18:05 9,168 --a------ C:WINDOWSsystemVER.DLL 2007-05-30 18:05 85,532 --a------ C:WINDOWSsystem32dgsetup.dll 2007-05-30 18:05 83,456 --a------ C:WINDOWSsystemOLECLI.DLL 2007-05-30 18:05 8,704 --a------ C:WINDOWSsystem32batt.dll 2007-05-30 18:05 8,192 -ra------ C:WINDOWSsystem32kbdhept.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-01 15:37:18 163,644 ----a-w C:WINDOWSsystem32driverssecdrv.sys 2007-05-30 16:14:16 67,078 ----a-w C:WINDOWSsystem32perfc015.dat 2007-05-30 16:14:16 435,978 ----a-w C:WINDOWSsystem32perfh015.dat 2007-05-22 16:43:44 -------- d-----w C:Program FilesUsługi online 2007-04-25 14:23:30 144,896 ----a-w C:WINDOWSsystem32schannel.dll 2007-04-18 16:14:32 2,854,400 ----a-w C:WINDOWSsystem32msi.dll 2007-04-16 20:45:28 92,504 ----a-w C:WINDOWSsystem32cdm.dll 2007-04-16 20:45:20 43,352 ----a-w C:WINDOWSsystem32wups2.dll 2007-03-17 13:45:36 293,376 ----a-w C:WINDOWSsystem32winsrv.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=D:Program FilesanimActiveXAcroIEHelper.dll [2005-09-24 06:12] {53707962-6F74-2D53-2644-206D7942484F}=C:Program FilesSpybot - Search & DestroySDHelper.dll [2005-05-31 01:04] {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}=C:WINDOWSsystem32nxgymqpr.dll [2007-06-14 00:06] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:program filesgooglegoogletoolbar1.dll [2007-05-30 19:47] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "ATIPTA"="C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe" [2005-05-03 21:05] "ATICCC"="C:Program FilesATI TechnologiesATI.ACEcli.exe" [2005-05-04 00:33] "avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2007-04-30 17:42] "HP Software Update"="C:Program FilesHPHP Software UpdateHPWuSchd2.exe" [2005-05-11 23:12] "SoundMan"="SOUNDMAN.EXE" [2007-05-30 19:23 C:WINDOWSsoundman.exe] [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 14:00] ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-16 23:06:34 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... cmd.exe [1104] scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-16 23:07:05 C:ComboFix-quarantined-files.txt ... 2007-06-16 23:06 --- E O F --- Mam nadzieje ze wszystko jest dobrze
CatchMe komentarz 17 czerwca 2007 komentarz 17 czerwca 2007 Tak jak mówiłem - vundo rozprzestrzenia się na boki Wyłącz przywracanie systemu i wejdź w tryb awaryjny: W HijackThis kasujesz wpisy: C:WINDOWSsystem32j4261637.exe O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:WINDOWSsystem32nxgymqpr.dll O2 - BHO: (no name) - {C650DA86-98CB-40A7-9291-525C882A1B45} - (no file) O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - C:WINDOWSsystem32j4261637.exe Pogrubione usuwasz ręcznie z dysku: 2007-06-14 00:05 62,516 --a------ C:WINDOWSsystem32nxgymqpr.dll 2007-06-11 16:25 8,192 --a------ C:WINDOWSsystem32j4261637.exe 2007-06-11 16:25 13,844 --a------ C:WINDOWSsystem32twmpjdhw.exe Start --> uruchom --> services.msc --> zatrzymaj i wyłącz usługe: dns cache reader Otwórz hijackthis --> open misc tools section --> delete a NT service --> wpisz: DNSCacheReader --> ok - nowe logi.
Spawn komentarz 17 czerwca 2007 Autor komentarz 17 czerwca 2007 Przepraszam ze o tym pisze ale jak juz mowilem jestem zielony jesli chodzi o komputer... Tak wiec mozesz mi powiedziec jak wlaczyc ten tryb awaryjny?
CatchMe komentarz 17 czerwca 2007 komentarz 17 czerwca 2007 http://cybertrash.pl/Tata/Wiedza/trybawary...20awaryjny.html
Spawn komentarz 21 czerwca 2007 Autor komentarz 21 czerwca 2007 Logi z Hijack Logfile of HijackThis v1.99.1 Scan saved at 17:57:32, on 2007-06-21 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe C:Program FilesAlwil SoftwareAvast4ashServ.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32spoolsv.exe C:WINDOWSsystem32svchost.exe C:Program FilesATI TechnologiesATI.ACEcli.exe C:PROGRA~1ALWILS~1Avast4ashDisp.exe C:Program FilesHPHP Software UpdateHPWuSchd2.exe C:WINDOWSSOUNDMAN.EXE C:WINDOWSsystem32ctfmon.exe C:Program FilesHPDigital Imagingbinhpqtra08.exe C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe C:Program FilesAlwil SoftwareAvast4ashWebSv.exe C:Program FilesHPDigital ImagingbinhpqSTE08.exe C:Program FilesHPDigital ImagingProduct Assistantbinhprblog.exe C:Program Filesinternet exploreriexplore.exe C:Program Filesinternet exploreriexplore.exe D:Program FilesDAPDAP.EXE D:NIE TYKACHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLL (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:Program FilesanimActiveXAcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe O4 - HKLM..Run: [soundMan] SOUNDMAN.EXE O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe O8 - Extra context menu item: &Clean Traces - D:Program FilesDAPPrivacy Packagedapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - D:Program FilesDAPdapextie.htm O8 - Extra context menu item: Download &all with DAP - D:Program FilesDAPdapextie2.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O17 - HKLMSystemCCSServicesTcpip..{B5380CB0-507E-45FD-96F6-B9BBFD8D26EA}: NameServer = 194.204.152.34 217.98.63.164 O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing) O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - C:WINDOWSsystem32j2291332.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe Logi z silentrunner "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++} "ctfmon.exe" = "C:WINDOWSsystem32ctfmon.exe" [MS] HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++} "ATIPTA" = "C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe" ["ATI Technologies, Inc."] "ATICCC" = ""C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime" [null data] "avast!" = "C:PROGRA~1ALWILS~1Avast4ashDisp.exe" ["ALWIL Software"] "HP Software Update" = "C:Program FilesHPHP Software UpdateHPWuSchd2.exe" ["Hewlett-Packard Co."] "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" InProcServer32(Default) = "D:Program FilesanimActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "C:Program FilesSpybot - Search & DestroySDHelper.dll" ["Safer Networking Limited"] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" InProcServer32(Default) = "c:program filesgooglegoogletoolbar1.dll" ["Google Inc."] HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" InProcServer32(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."] "{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension" -> {HKLM...CLSID} = "SimpleShlExt Class" InProcServer32(Default) = "C:Program FilesATI TechnologiesATI.ACEatiacmxx.dll" [empty string] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" InProcServer32(Default) = "C:PROGRA~1MICROS~2OfficeOLKFSTUB.DLL" [MS] HKLMSoftwareMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" InProcServer32(Default) = "C:WINDOWSsystem32WPDShServiceObj.dll" [MS] HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify <<!>> AtiExtEventDLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLMSoftwareClassesFoldershellexColumnHandlers {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" InProcServer32(Default) = "D:Program FilesanimActiveXPDFShell.dll" ["Adobe Systems, Inc."] HKLMSoftwareClasses*shellexContextMenuHandlers avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] DAP_Menu(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}" -> {HKLM...CLSID} = "DAPMenuShellExt Class" InProcServer32(Default) = "D:PROGRA~1DAPPRIVAC~1DAPCTX~1.DLL" ["Speedbit Ltd."] HKLMSoftwareClassesDirectoryshellexContextMenuHandlers DAP_ShredMenu(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}" -> {HKLM...CLSID} = "DAPMenuShellExt Class" InProcServer32(Default) = "D:PROGRA~1DAPPRIVAC~1DAPCTX~1.DLL" ["Speedbit Ltd."] HKLMSoftwareClassesFoldershellexContextMenuHandlers avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral "Wallpaper" = "C:WINDOWSsystem32configsystemprofileUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCUControl PanelDesktop "Wallpaper" = "C:Documents and SettingsAdminUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp" Startup items in "Admin" & "All Users" startup folders: ------------------------------------------------------- C:Documents and SettingsAll Users.WINDOWSMenu StartProgramyAutostart "HP Digital Imaging Monitor" -> shortcut to: "C:Program FilesHPDigital Imagingbinhpqtra08.exe" ["Hewlett-Packard Co."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_E tries {++} 000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] 000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS] 000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] Transport Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_En ries {++} 0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%system32rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" InProcServer32(Default) = "c:program filesgooglegoogletoolbar1.dll" ["Google Inc."] "{F2CF5485-4E02-4F68-819C-B92DE9277049}" -> {HKLM...CLSID} = "&Links" InProcServer32(Default) = "C:WINDOWSsystem32ieframe.dll" [MS] HKLMSoftwareMicrosoftInternet ExplorerToolbar "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" InProcServer32(Default) = "c:program filesgooglegoogletoolbar1.dll" ["Google Inc."] Extensions (Tools menu items, main toolbar menu buttons) HKLMSoftwareMicrosoftInternet ExplorerExtensions {E2E2DD38-D088-4134-82B7-F2BA38496583} "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%Network Diagnosticxpnetdiag.exe" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683} "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:Program FilesMessengermsmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks <<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided) -> {HKLM...CLSID} = "Search Class" InProcServer32(Default) = "C:PROGRA~1NEOSTR~1SEARCH~1.DLL" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:WINDOWSsystem32Ati2evxx.exe" ["ATI Technologies Inc."] avast! Antivirus, avast! Antivirus, ""C:Program FilesAlwil SoftwareAvast4ashServ.exe"" ["ALWIL Software"] avast! iAVS4 Control Service, aswUpdSv, ""C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe"" ["ALWIL Software"] avast! Mail Scanner, avast! Mail Scanner, ""C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service" ["ALWIL Software"] Print Monitors: --------------- HKLMSystemCurrentControlSetControlPrintMonitors HP Standard TCP/IP PortDriver = "HpTcpMon.dll" ["Hewlett Packard"] hpzlnt12Driver = "hpzlnt12.dll" ["HP"] ---------- <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 53 seconds. ---------- (total run time: 85 seconds) Logi z combofix ComboFix 07-06-21.3 - C:Documents and SettingsAdminMoje dokumentyMy Completed DownloadsComboFix.exe "Admin" - 2007-06-21 18:02:36 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-05-21 to 2007-06-21 ))))))))))))))))))))))))))))))) 2007-06-17 18:40 8,192 --a------ C:WINDOWSsystem32j2291332.exe 2007-06-17 18:33 524,288 --ah----- C:DOCUME~1ADMINI~1NTUSER.DAT 2007-06-17 18:33 <DIR> dr-h----- C:DOCUME~1ADMINI~1Dane aplikacji 2007-06-17 18:33 <DIR> dr------- C:DOCUME~1ADMINI~1Menu Start 2007-06-17 18:33 <DIR> d--h----- C:DOCUME~1ADMINI~1Ustawienia lokalne 2007-06-17 18:33 <DIR> d--h----- C:DOCUME~1ADMINI~1Szablony 2007-06-17 18:33 <DIR> d-------- C:DOCUME~1ADMINI~1Ulubione 2007-06-17 18:33 <DIR> d-------- C:DOCUME~1ADMINI~1Pulpit 2007-06-17 18:33 <DIR> d-------- C:DOCUME~1ADMINI~1Moje dokumenty 2007-06-17 10:53 47,104 --a------ C:WINDOWSsystem32KMVIDC32.DLL 2007-06-15 12:13 577,536 --a------ C:WINDOWSsoundman.exe 2007-06-15 12:13 49,152 --a------ C:WINDOWSsystem32ChCfg.exe 2007-06-15 12:13 4,027,840 -ra------ C:WINDOWSsystem32driversalcxwdm.sys 2007-06-15 12:13 315,392 --a------ C:WINDOWSalcupd.exe 2007-06-15 12:13 217,088 --a------ C:WINDOWSAlcrmv.exe 2007-06-15 12:13 147,456 --a------ C:WINDOWSsystem32RtlCPAPI.dll 2007-06-15 12:13 10,528,768 --a------ C:WINDOWSsystem32RTLCPL.exe 2007-06-15 12:13 <DIR> d-------- C:Program FilesRealtek AC97 2007-06-15 10:38 49,152 --a------ C:WINDOWSnircmd.exe 2007-06-14 22:53 28,672 --a------ C:WINDOWSsystem32AVEQT.dll 2007-06-14 17:50 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1Spybot - Search & Destroy 2007-06-14 16:10 <DIR> d-------- C:Program FilesWindows Media Connect 2 2007-06-14 16:08 <DIR> d-------- C:WINDOWSsystem32LogFiles 2007-06-14 16:08 <DIR> d-------- C:WINDOWSsystem32driversUMDF 2007-06-14 00:33 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Lavasoft 2007-06-14 00:32 <DIR> d-------- C:Program FilesCommon FilesWise Installation Wizard 2007-06-12 20:21 <DIR> d-------- C:DOCUME~1AdminDANEAP~1AdobeUM 2007-06-11 16:25 8,192 --a------ C:WINDOWSsystem32j4261637.exe 2007-06-11 14:06 <DIR> d-------- C:WINDOWSShellNew 2007-06-11 14:04 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Microsoft Web Folders 2007-06-11 13:12 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Image Zone Express 2007-06-09 15:51 <DIR> d-------- C:Program Files3DO 2007-06-09 15:50 327,168 --a------ C:WINDOWSIsUn0415.exe 2007-06-08 10:09 <DIR> d-------- C:DOCUME~1AdminDANEAP~1CyberLink 2007-06-08 10:02 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1CyberLink 2007-06-07 13:36 62,744 --a------ C:WINDOWSsystem32xinput1_2.dll 2007-06-07 13:36 236,824 --a------ C:WINDOWSsystem32xactengine2_3.dll 2007-06-07 13:36 2,297,552 --a------ C:WINDOWSsystem32d3dx9_26.dll 2007-06-06 17:28 9,600 --a------ C:WINDOWSsystem32drivershidusb.sys 2007-06-04 14:28 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Media Player Classic 2007-06-04 14:27 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1Real 2007-06-04 14:27 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Real 2007-06-03 12:56 <DIR> d-------- C:DOCUME~1Admin.jpi_cache 2007-06-02 01:58 <DIR> d-------- C:Program FilesMSXML 4.0 2007-06-01 17:37 <DIR> d-------- C:Program Filesdirectx 2007-06-01 10:45 98,304 --a------ C:WINDOWSsystem32CmdLineExt.dll 2007-05-31 16:55 <DIR> d-------- C:Program FilesCommon FilesHP 2007-05-31 16:55 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1HP 2007-05-31 16:53 <DIR> d-------- C:Program FilesHewlett-Packard 2007-05-31 16:52 51,120 -ra------ C:WINDOWSsystem32driversHPZid412.sys 2007-05-31 16:52 21,744 -ra------ C:WINDOWSsystem32driversHPZius12.sys 2007-05-31 16:52 16,496 -ra------ C:WINDOWSsystem32driversHPZipr12.sys 2007-05-31 16:52 <DIR> d-------- C:Program FilesCommon FilesHewlett-Packard 2007-05-31 16:51 15,104 --a------ C:WINDOWSsystem32driversusbscan.sys 2007-05-31 16:48 94,208 --a------ C:WINDOWSsystem32HPZipt12.dll 2007-05-31 16:48 69,632 --a------ C:WINDOWSsystem32HPZipm12.exe 2007-05-31 16:48 61,440 --a------ C:WINDOWSsystem32HPZinw12.exe 2007-05-31 16:48 57,344 --a------ C:WINDOWSsystem32HPZisn12.dll 2007-05-31 16:48 306,688 --a------ C:WINDOWSIsUninst.exe 2007-05-31 16:48 278,584 --a------ C:WINDOWSsystem32HPZidr12.dll 2007-05-31 16:48 204,800 --a------ C:WINDOWSsystem32HPZipr12.dll 2007-05-31 16:47 25,856 --a------ C:WINDOWSsystem32driversusbprint.sys 2007-05-31 16:47 <DIR> d-------- C:Program FilesHP 2007-05-31 16:46 31,616 --a------ C:WINDOWSsystem32driversusbccgp.sys 2007-05-31 16:45 21,124 --------- C:WINDOWShpomdl07.dat 2007-05-31 16:45 113,548 --a------ C:WINDOWShpoins07.dat 2007-05-31 16:44 <DIR> d-------- C:DOCUME~1AdminDANEAP~1HP 2007-05-31 11:19 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Gadu-Gadu 2007-05-31 11:16 <DIR> d-------- C:DOCUME~1AdminGadu-Gadu 2007-05-30 19:47 50,688 --a------ C:WINDOWSsystem32wbhelp2.dll 2007-05-30 19:47 <DIR> d-a------ C:DOCUME~1ALLUSE~1.WINDANEAP~1TEMP 2007-05-30 19:47 <DIR> d-------- C:Program FilesGoogle 2007-05-30 19:47 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1Google 2007-05-30 19:47 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Google 2007-05-30 19:46 60,416 --a------ C:WINDOWSALCFDRTM.EXE 2007-05-30 19:46 <DIR> d-------- C:WINDOWSsystem32Lang 2007-05-30 19:44 <DIR> d-------- C:Program FilesRegCleaner 2007-05-30 19:40 9,464 --------- C:WINDOWSsystem32driverscdralw2k.sys 2007-05-30 19:40 9,336 --------- C:WINDOWSsystem32driverscdr4_xp.sys 2007-05-30 19:40 43,528 --------- C:WINDOWSsystem32driversPxHelp20.sys 2007-05-30 19:40 129,784 --------- C:WINDOWSsystem32pxafs.dll 2007-05-30 18:50 <DIR> d-------- C:WINDOWSsystem32pl-pl 2007-05-30 18:49 <DIR> d-------- C:WINDOWSnetwork diagnostic 2007-05-30 18:08 82,944 --a------ C:WINDOWSsystem32driverswdmaud.sys 2007-05-30 18:08 7,552 --a------ C:WINDOWSsystem32driversMSKSSRV.sys 2007-05-30 18:08 60,800 --a------ C:WINDOWSsystem32driverssysaudio.sys 2007-05-30 18:08 6,400 --a------ C:WINDOWSsystem32driverssplitter.sys 2007-05-30 18:08 54,272 --a------ C:WINDOWSsystem32driversswmidi.sys 2007-05-30 18:08 52,864 --a------ C:WINDOWSsystem32driversDMusic.sys 2007-05-30 18:08 5,376 --a------ C:WINDOWSsystem32driversMSPCLOCK.sys 2007-05-30 18:08 4,992 --a------ C:WINDOWSsystem32driversMSPQM.sys 2007-05-30 18:08 3,072 --a------ C:WINDOWSsystem32driversaudstub.sys 2007-05-30 18:08 2,944 --a------ C:WINDOWSsystem32driversdrmkaud.sys 2007-05-30 18:08 172,416 --a------ C:WINDOWSsystem32driverskmixer.sys 2007-05-30 18:08 142,464 --a------ C:WINDOWSsystem32driversaec.sys 2007-05-30 18:07 60,288 --a------ C:WINDOWSsystem32driversdrmk.sys 2007-05-30 18:07 58,624 --a------ C:WINDOWSsystem32driversredbook.sys 2007-05-30 18:07 4,096 --a------ C:WINDOWSsystem32ksuser.dll 2007-05-30 18:07 2,944 --a------ C:WINDOWSsystem32driversmsmpu401.sys 2007-05-30 18:07 145,792 --a------ C:WINDOWSsystem32driversportcls.sys (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-01 15:37:18 163,644 ----a-w C:WINDOWSsystem32driverssecdrv.sys 2007-05-30 16:14:16 67,078 ----a-w C:WINDOWSsystem32perfc015.dat 2007-05-30 16:14:16 435,978 ----a-w C:WINDOWSsystem32perfh015.dat 2007-05-22 16:43:44 -------- d-----w C:Program FilesUsługi online 2007-04-25 14:23:30 144,896 ----a-w C:WINDOWSsystem32schannel.dll 2007-04-18 16:14:32 2,854,400 ----a-w C:WINDOWSsystem32msi.dll 2007-04-16 20:45:28 92,504 ----a-w C:WINDOWSsystem32cdm.dll 2007-04-16 20:45:20 43,352 ----a-w C:WINDOWSsystem32wups2.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=D:Program FilesanimActiveXAcroIEHelper.dll [2005-09-24 06:12] {53707962-6F74-2D53-2644-206D7942484F}=C:Program FilesSpybot - Search & DestroySDHelper.dll [2005-05-31 01:04] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:program filesgooglegoogletoolbar1.dll [2007-05-30 19:47] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "ATIPTA"="C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe" [2005-05-03 21:05] "ATICCC"="C:Program FilesATI TechnologiesATI.ACEcli.exe" [2005-05-04 00:33] "avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2007-04-30 17:42] "HP Software Update"="C:Program FilesHPHP Software UpdateHPWuSchd2.exe" [2005-05-11 23:12] "SoundMan"="SOUNDMAN.EXE" [2007-05-30 19:23 C:WINDOWSsoundman.exe] [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 14:00] ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-21 18:03:21 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-21 18:03:57 C:ComboFix-quarantined-files.txt ... 2007-06-21 18:03 --- E O F --- Teraz wystepuje inny problem a mianowicie nie moge wlaczyc kompa kiedy go uruchamiam wylacza sie i tak kilka razy wiec znowu prosze o pomoc
CatchMe komentarz 22 czerwca 2007 komentarz 22 czerwca 2007 1. Ściągnij: WWDC - Zmień wszystkie opcje z disable na enable i uruchom ponownie komputer. - Prawidłowy układ portów przedstawia zdjęcie: http://www.firewallleaktester.com/images_site/wwdc.jpg * NetBIOS może być żółty. Pobierz i uruchom narzędzie : The Avenger Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz: Drivers to unload: dns cache reader Files to delete: C:WINDOWSsystem32j2291332.exe C:WINDOWSsystem32j4261637.exe Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK. Po restarcie w HijackThis usuwasz wpis/wpisy: O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - C:WINDOWSsystem32j2291332.exe Kasujesz ręcznie z dysku plik: C:Avengerbackup.zip i wklejasz na forum raport: C:avenger.txt + log z HijackThis + log z Silent Runners + log z ComboFix
Spawn komentarz 23 czerwca 2007 Autor komentarz 23 czerwca 2007 Avanger Logfile of The Avenger version 1, by Swandog46 Running from registry key: RegistryMachineSystemCurrentControlSetServicesmrspykaf ******************* Script file located at: ??C:Documents and Settingsvyplgscs.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:Avenger ******************* Beginning to process script file: Registry key RegistryMachineSystemCurrentControlSetServicesdns cache reader not found! Unload of driver dns cache reader failed! Could not process line: dns cache reader Status: 0xc0000034 File C:WINDOWSsystem32j2291332.exe deleted successfully. File C:WINDOWSsystem32j4261637.exe deleted successfully. Completed script processing. ******************* Finished! Terminate. Hijackthis Logfile of HijackThis v1.99.1 Scan saved at 17:01:03, on 2007-06-23 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe C:Program FilesAlwil SoftwareAvast4ashServ.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32spoolsv.exe C:WINDOWSsystem32svchost.exe C:Program FilesATI TechnologiesATI.ACEcli.exe C:PROGRA~1ALWILS~1Avast4ashDisp.exe C:Program FilesHPHP Software UpdateHPWuSchd2.exe C:WINDOWSSOUNDMAN.EXE C:WINDOWSsystem32ctfmon.exe C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe C:Program FilesAlwil SoftwareAvast4ashWebSv.exe C:Program FilesHPDigital Imagingbinhpqtra08.exe C:Program FilesHPDigital ImagingbinhpqSTE08.exe C:Program FilesHPDigital ImagingProduct Assistantbinhprblog.exe C:Program Filesinternet exploreriexplore.exe D:NIE TYKACHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLL (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:Program FilesanimActiveXAcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe O4 - HKLM..Run: [soundMan] SOUNDMAN.EXE O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe O8 - Extra context menu item: &Clean Traces - D:Program FilesDAPPrivacy Packagedapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - D:Program FilesDAPdapextie.htm O8 - Extra context menu item: Download &all with DAP - D:Program FilesDAPdapextie2.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O17 - HKLMSystemCCSServicesTcpip..{B5380CB0-507E-45FD-96F6-B9BBFD8D26EA}: NameServer = 194.204.152.34 217.98.63.164 O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing) O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - C:WINDOWSsystem32j2291332.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe Silent runners "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++} "ctfmon.exe" = "C:WINDOWSsystem32ctfmon.exe" [MS] HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++} "ATIPTA" = "C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe" ["ATI Technologies, Inc."] "ATICCC" = ""C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime" [null data] "avast!" = "C:PROGRA~1ALWILS~1Avast4ashDisp.exe" ["ALWIL Software"] "HP Software Update" = "C:Program FilesHPHP Software UpdateHPWuSchd2.exe" ["Hewlett-Packard Co."] "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" InProcServer32(Default) = "D:Program FilesanimActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "C:Program FilesSpybot - Search & DestroySDHelper.dll" ["Safer Networking Limited"] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" InProcServer32(Default) = "c:program filesgooglegoogletoolbar1.dll" ["Google Inc."] HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" InProcServer32(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."] "{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension" -> {HKLM...CLSID} = "SimpleShlExt Class" InProcServer32(Default) = "C:Program FilesATI TechnologiesATI.ACEatiacmxx.dll" [empty string] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" InProcServer32(Default) = "C:PROGRA~1MICROS~2OfficeOLKFSTUB.DLL" [MS] HKLMSoftwareMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" InProcServer32(Default) = "C:WINDOWSsystem32WPDShServiceObj.dll" [MS] HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify <<!>> AtiExtEventDLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLMSoftwareClassesFoldershellexColumnHandlers {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" InProcServer32(Default) = "D:Program FilesanimActiveXPDFShell.dll" ["Adobe Systems, Inc."] HKLMSoftwareClasses*shellexContextMenuHandlers avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] DAP_Menu(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}" -> {HKLM...CLSID} = "DAPMenuShellExt Class" InProcServer32(Default) = "D:PROGRA~1DAPPRIVAC~1DAPCTX~1.DLL" ["Speedbit Ltd."] HKLMSoftwareClassesDirectoryshellexContextMenuHandlers DAP_ShredMenu(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}" -> {HKLM...CLSID} = "DAPMenuShellExt Class" InProcServer32(Default) = "D:PROGRA~1DAPPRIVAC~1DAPCTX~1.DLL" ["Speedbit Ltd."] HKLMSoftwareClassesFoldershellexContextMenuHandlers avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral "Wallpaper" = "C:WINDOWSsystem32configsystemprofileUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCUControl PanelDesktop "Wallpaper" = "C:Documents and SettingsAdminUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp" Startup items in "Admin" & "All Users" startup folders: ------------------------------------------------------- C:Documents and SettingsAll Users.WINDOWSMenu StartProgramyAutostart "HP Digital Imaging Monitor" -> shortcut to: "C:Program FilesHPDigital Imagingbinhpqtra08.exe" ["Hewlett-Packard Co."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_E tries {++} 000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] 000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS] 000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] Transport Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_En ries {++} 0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%system32rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" InProcServer32(Default) = "c:program filesgooglegoogletoolbar1.dll" ["Google Inc."] "{F2CF5485-4E02-4F68-819C-B92DE9277049}" -> {HKLM...CLSID} = "&Links" InProcServer32(Default) = "C:WINDOWSsystem32ieframe.dll" [MS] HKLMSoftwareMicrosoftInternet ExplorerToolbar "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" InProcServer32(Default) = "c:program filesgooglegoogletoolbar1.dll" ["Google Inc."] Extensions (Tools menu items, main toolbar menu buttons) HKLMSoftwareMicrosoftInternet ExplorerExtensions {E2E2DD38-D088-4134-82B7-F2BA38496583} "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%Network Diagnosticxpnetdiag.exe" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683} "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:Program FilesMessengermsmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks <<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided) -> {HKLM...CLSID} = "Search Class" InProcServer32(Default) = "C:PROGRA~1NEOSTR~1SEARCH~1.DLL" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:WINDOWSsystem32Ati2evxx.exe" ["ATI Technologies Inc."] avast! Antivirus, avast! Antivirus, ""C:Program FilesAlwil SoftwareAvast4ashServ.exe"" ["ALWIL Software"] avast! iAVS4 Control Service, aswUpdSv, ""C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe"" ["ALWIL Software"] avast! Mail Scanner, avast! Mail Scanner, ""C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service" ["ALWIL Software"] Print Monitors: --------------- HKLMSystemCurrentControlSetControlPrintMonitors HP Standard TCP/IP PortDriver = "HpTcpMon.dll" ["Hewlett Packard"] hpzlnt12Driver = "hpzlnt12.dll" ["HP"] ---------- <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 32 seconds. ---------- (total run time: 59 seconds) [ Dodano: 2007-06-23, 17:07 ] ComboFix 07-06-21.3 - D:NIE TYKACComboFix.exe "Admin" - 2007-06-23 17:05:20 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-05-23 to 2007-06-23 ))))))))))))))))))))))))))))))) 2007-06-17 18:33 524,288 --ah----- C:DOCUME~1ADMINI~1NTUSER.DAT 2007-06-17 18:33 <DIR> dr-h----- C:DOCUME~1ADMINI~1Dane aplikacji 2007-06-17 18:33 <DIR> dr------- C:DOCUME~1ADMINI~1Menu Start 2007-06-17 18:33 <DIR> d--h----- C:DOCUME~1ADMINI~1Ustawienia lokalne 2007-06-17 18:33 <DIR> d--h----- C:DOCUME~1ADMINI~1Szablony 2007-06-17 18:33 <DIR> d-------- C:DOCUME~1ADMINI~1Ulubione 2007-06-17 18:33 <DIR> d-------- C:DOCUME~1ADMINI~1Pulpit 2007-06-17 18:33 <DIR> d-------- C:DOCUME~1ADMINI~1Moje dokumenty 2007-06-17 10:53 47,104 --a------ C:WINDOWSsystem32KMVIDC32.DLL 2007-06-15 12:13 577,536 --a------ C:WINDOWSsoundman.exe 2007-06-15 12:13 49,152 --a------ C:WINDOWSsystem32ChCfg.exe 2007-06-15 12:13 4,027,840 -ra------ C:WINDOWSsystem32driversalcxwdm.sys 2007-06-15 12:13 315,392 --a------ C:WINDOWSalcupd.exe 2007-06-15 12:13 217,088 --a------ C:WINDOWSAlcrmv.exe 2007-06-15 12:13 147,456 --a------ C:WINDOWSsystem32RtlCPAPI.dll 2007-06-15 12:13 10,528,768 --a------ C:WINDOWSsystem32RTLCPL.exe 2007-06-15 12:13 <DIR> d-------- C:Program FilesRealtek AC97 2007-06-15 10:38 49,152 --a------ C:WINDOWSnircmd.exe 2007-06-14 22:53 28,672 --a------ C:WINDOWSsystem32AVEQT.dll 2007-06-14 17:50 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1Spybot - Search & Destroy 2007-06-14 16:10 <DIR> d-------- C:Program FilesWindows Media Connect 2 2007-06-14 16:08 <DIR> d-------- C:WINDOWSsystem32LogFiles 2007-06-14 16:08 <DIR> d-------- C:WINDOWSsystem32driversUMDF 2007-06-14 00:33 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Lavasoft 2007-06-14 00:32 <DIR> d-------- C:Program FilesCommon FilesWise Installation Wizard 2007-06-12 20:21 <DIR> d-------- C:DOCUME~1AdminDANEAP~1AdobeUM 2007-06-11 14:06 <DIR> d-------- C:WINDOWSShellNew 2007-06-11 14:04 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Microsoft Web Folders 2007-06-11 13:12 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Image Zone Express 2007-06-09 15:51 <DIR> d-------- C:Program Files3DO 2007-06-09 15:50 327,168 --a------ C:WINDOWSIsUn0415.exe 2007-06-08 10:09 <DIR> d-------- C:DOCUME~1AdminDANEAP~1CyberLink 2007-06-08 10:02 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1CyberLink 2007-06-07 13:36 62,744 --a------ C:WINDOWSsystem32xinput1_2.dll 2007-06-07 13:36 236,824 --a------ C:WINDOWSsystem32xactengine2_3.dll 2007-06-07 13:36 2,297,552 --a------ C:WINDOWSsystem32d3dx9_26.dll 2007-06-06 17:28 9,600 --a------ C:WINDOWSsystem32drivershidusb.sys 2007-06-04 14:28 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Media Player Classic 2007-06-04 14:27 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1Real 2007-06-04 14:27 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Real 2007-06-03 12:56 <DIR> d-------- C:DOCUME~1Admin.jpi_cache 2007-06-02 01:58 <DIR> d-------- C:Program FilesMSXML 4.0 2007-06-01 17:37 <DIR> d-------- C:Program Filesdirectx 2007-06-01 10:45 98,304 --a------ C:WINDOWSsystem32CmdLineExt.dll 2007-05-31 16:55 <DIR> d-------- C:Program FilesCommon FilesHP 2007-05-31 16:55 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1HP 2007-05-31 16:53 <DIR> d-------- C:Program FilesHewlett-Packard 2007-05-31 16:52 51,120 -ra------ C:WINDOWSsystem32driversHPZid412.sys 2007-05-31 16:52 21,744 -ra------ C:WINDOWSsystem32driversHPZius12.sys 2007-05-31 16:52 16,496 -ra------ C:WINDOWSsystem32driversHPZipr12.sys 2007-05-31 16:52 <DIR> d-------- C:Program FilesCommon FilesHewlett-Packard 2007-05-31 16:51 15,104 --a------ C:WINDOWSsystem32driversusbscan.sys 2007-05-31 16:48 94,208 --a------ C:WINDOWSsystem32HPZipt12.dll 2007-05-31 16:48 69,632 --a------ C:WINDOWSsystem32HPZipm12.exe 2007-05-31 16:48 61,440 --a------ C:WINDOWSsystem32HPZinw12.exe 2007-05-31 16:48 57,344 --a------ C:WINDOWSsystem32HPZisn12.dll 2007-05-31 16:48 306,688 --a------ C:WINDOWSIsUninst.exe 2007-05-31 16:48 278,584 --a------ C:WINDOWSsystem32HPZidr12.dll 2007-05-31 16:48 204,800 --a------ C:WINDOWSsystem32HPZipr12.dll 2007-05-31 16:47 25,856 --a------ C:WINDOWSsystem32driversusbprint.sys 2007-05-31 16:47 <DIR> d-------- C:Program FilesHP 2007-05-31 16:46 31,616 --a------ C:WINDOWSsystem32driversusbccgp.sys 2007-05-31 16:45 21,124 --------- C:WINDOWShpomdl07.dat 2007-05-31 16:45 113,548 --a------ C:WINDOWShpoins07.dat 2007-05-31 16:44 <DIR> d-------- C:DOCUME~1AdminDANEAP~1HP 2007-05-31 11:19 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Gadu-Gadu 2007-05-31 11:16 <DIR> d-------- C:DOCUME~1AdminGadu-Gadu 2007-05-30 19:47 50,688 --a------ C:WINDOWSsystem32wbhelp2.dll 2007-05-30 19:47 <DIR> d-a------ C:DOCUME~1ALLUSE~1.WINDANEAP~1TEMP 2007-05-30 19:47 <DIR> d-------- C:Program FilesGoogle 2007-05-30 19:47 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1Google 2007-05-30 19:47 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Google 2007-05-30 19:46 60,416 --a------ C:WINDOWSALCFDRTM.EXE 2007-05-30 19:46 <DIR> d-------- C:WINDOWSsystem32Lang 2007-05-30 19:44 <DIR> d-------- C:Program FilesRegCleaner 2007-05-30 19:40 9,464 --------- C:WINDOWSsystem32driverscdralw2k.sys 2007-05-30 19:40 9,336 --------- C:WINDOWSsystem32driverscdr4_xp.sys 2007-05-30 19:40 43,528 --------- C:WINDOWSsystem32driversPxHelp20.sys 2007-05-30 19:40 129,784 --------- C:WINDOWSsystem32pxafs.dll 2007-05-30 18:50 <DIR> d-------- C:WINDOWSsystem32pl-pl 2007-05-30 18:49 <DIR> d-------- C:WINDOWSnetwork diagnostic 2007-05-30 18:08 82,944 --a------ C:WINDOWSsystem32driverswdmaud.sys 2007-05-30 18:08 7,552 --a------ C:WINDOWSsystem32driversMSKSSRV.sys 2007-05-30 18:08 60,800 --a------ C:WINDOWSsystem32driverssysaudio.sys 2007-05-30 18:08 6,400 --a------ C:WINDOWSsystem32driverssplitter.sys 2007-05-30 18:08 54,272 --a------ C:WINDOWSsystem32driversswmidi.sys 2007-05-30 18:08 52,864 --a------ C:WINDOWSsystem32driversDMusic.sys 2007-05-30 18:08 5,376 --a------ C:WINDOWSsystem32driversMSPCLOCK.sys 2007-05-30 18:08 4,992 --a------ C:WINDOWSsystem32driversMSPQM.sys 2007-05-30 18:08 3,072 --a------ C:WINDOWSsystem32driversaudstub.sys 2007-05-30 18:08 2,944 --a------ C:WINDOWSsystem32driversdrmkaud.sys 2007-05-30 18:08 172,416 --a------ C:WINDOWSsystem32driverskmixer.sys 2007-05-30 18:08 142,464 --a------ C:WINDOWSsystem32driversaec.sys 2007-05-30 18:07 60,288 --a------ C:WINDOWSsystem32driversdrmk.sys 2007-05-30 18:07 58,624 --a------ C:WINDOWSsystem32driversredbook.sys 2007-05-30 18:07 4,096 --a------ C:WINDOWSsystem32ksuser.dll 2007-05-30 18:07 2,944 --a------ C:WINDOWSsystem32driversmsmpu401.sys 2007-05-30 18:07 145,792 --a------ C:WINDOWSsystem32driversportcls.sys 2007-05-30 18:07 10,624 --a------ C:WINDOWSsystem32driversgameenum.sys 2007-05-30 18:06 77,312 --a------ C:WINDOWSsystem32usbui.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-15 10:13:09 -------- d--h--w C:Program FilesInstallShield Installation Information 2007-06-11 12:04:36 -------- d-----w C:Program Filesmicrosoft frontpage 2007-06-01 15:37:18 163,644 ----a-w C:WINDOWSsystem32driverssecdrv.sys 2007-05-30 17:23:47 -------- d-----w C:Program FilesCommon FilesInstallShield 2007-05-30 16:14:16 67,078 ----a-w C:WINDOWSsystem32perfc015.dat 2007-05-30 16:14:16 435,978 ----a-w C:WINDOWSsystem32perfh015.dat 2007-05-30 15:57:52 -------- d-----w C:Program FilesMessenger 2007-05-22 18:35:34 -------- d-----w C:Program FilesCommon FilesODBC 2007-05-22 18:35:31 -------- d-----w C:Program FilesCommon FilesSpeechEngines 2007-05-22 18:00:40 -------- d-----w C:Program FilesAhead 2007-05-22 18:00:38 -------- d-----w C:Program FilesCommon FilesAhead 2007-05-22 17:54:02 -------- d-----w C:Program FilesReal Alternative 2007-05-22 17:53:59 -------- d-----w C:Program FilesMedia Player Classic 2007-05-22 17:39:00 -------- d-----w C:Program FilesDAP 2007-05-22 17:36:13 -------- d-----w C:Program FilesCCleaner 2007-05-22 17:29:39 -------- d-----w C:Program FilesWinamp 2007-05-22 17:29:12 -------- d-----w C:Program FilesDVDFab HD Decrypter 3 2007-05-22 17:24:28 -------- d-----w C:Program FilesGadu-Gadu 2007-05-22 17:16:42 -------- d-----w C:Program FilesLavasoft 2007-05-22 17:16:13 -------- d-----w C:Program FilesK-Lite Codec Pack 2007-05-22 17:15:48 -------- d-----w C:Program FilesSubEdit-Player 2007-05-22 17:09:47 -------- d-----w C:Program FilesCyberLink 2007-05-22 16:53:02 -------- d-----w C:Program FilesAlwil Software 2007-05-22 16:44:57 0 --sha-r C:MSDOS.SYS 2007-05-22 16:44:57 0 --sha-r C:IO.SYS 2007-05-22 16:44:57 0 ----a-w C:CONFIG.SYS 2007-05-22 16:44:57 0 ----a-w C:AUTOEXEC.BAT 2007-05-22 16:43:46 -------- d--h--w C:Program FilesWindowsUpdate 2007-05-22 16:43:44 -------- d-----w C:Program FilesUsługi online 2007-05-22 16:42:54 -------- d-----w C:Program FilesCommon FilesMSSoap 2007-05-22 16:42:46 -------- d-----w C:Program FilesMovie Maker 2007-05-22 16:41:26 -------- d-----w C:Program FilesMSN Gaming Zone 2007-05-22 16:41:17 -------- d-----w C:Program FilesWindows NT 2007-04-25 14:23:30 144,896 ----a-w C:WINDOWSsystem32schannel.dll 2007-04-18 16:14:32 2,854,400 ----a-w C:WINDOWSsystem32msi.dll 2007-04-16 20:45:28 92,504 ----a-w C:WINDOWSsystem32cdm.dll 2007-04-16 20:45:20 43,352 ----a-w C:WINDOWSsystem32wups2.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=D:Program FilesanimActiveXAcroIEHelper.dll [2005-09-24 06:12] {53707962-6F74-2D53-2644-206D7942484F}=C:Program FilesSpybot - Search & DestroySDHelper.dll [2005-05-31 01:04] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:program filesgooglegoogletoolbar1.dll [2007-05-30 19:47] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "ATIPTA"="C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe" [2005-05-03 21:05] "ATICCC"="C:Program FilesATI TechnologiesATI.ACEcli.exe" [2005-05-04 00:33] "avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2007-04-30 17:42] "HP Software Update"="C:Program FilesHPHP Software UpdateHPWuSchd2.exe" [2005-05-11 23:12] "SoundMan"="SOUNDMAN.EXE" [2007-05-30 19:23 C:WINDOWSsoundman.exe] [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 14:00] ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-23 17:06:01 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** Completion time: 2007-06-23 17:06:58 C:ComboFix-quarantined-files.txt ... 2007-06-23 17:06 C:ComboFix2.txt ... 2007-06-21 18:03 --- E O F --- [ Dodano: 2007-06-23, 17:07 ] ComboFix 07-06-21.3 - D:NIE TYKACComboFix.exe "Admin" - 2007-06-23 17:05:20 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-05-23 to 2007-06-23 ))))))))))))))))))))))))))))))) 2007-06-17 18:33 524,288 --ah----- C:DOCUME~1ADMINI~1NTUSER.DAT 2007-06-17 18:33 <DIR> dr-h----- C:DOCUME~1ADMINI~1Dane aplikacji 2007-06-17 18:33 <DIR> dr------- C:DOCUME~1ADMINI~1Menu Start 2007-06-17 18:33 <DIR> d--h----- C:DOCUME~1ADMINI~1Ustawienia lokalne 2007-06-17 18:33 <DIR> d--h----- C:DOCUME~1ADMINI~1Szablony 2007-06-17 18:33 <DIR> d-------- C:DOCUME~1ADMINI~1Ulubione 2007-06-17 18:33 <DIR> d-------- C:DOCUME~1ADMINI~1Pulpit 2007-06-17 18:33 <DIR> d-------- C:DOCUME~1ADMINI~1Moje dokumenty 2007-06-17 10:53 47,104 --a------ C:WINDOWSsystem32KMVIDC32.DLL 2007-06-15 12:13 577,536 --a------ C:WINDOWSsoundman.exe 2007-06-15 12:13 49,152 --a------ C:WINDOWSsystem32ChCfg.exe 2007-06-15 12:13 4,027,840 -ra------ C:WINDOWSsystem32driversalcxwdm.sys 2007-06-15 12:13 315,392 --a------ C:WINDOWSalcupd.exe 2007-06-15 12:13 217,088 --a------ C:WINDOWSAlcrmv.exe 2007-06-15 12:13 147,456 --a------ C:WINDOWSsystem32RtlCPAPI.dll 2007-06-15 12:13 10,528,768 --a------ C:WINDOWSsystem32RTLCPL.exe 2007-06-15 12:13 <DIR> d-------- C:Program FilesRealtek AC97 2007-06-15 10:38 49,152 --a------ C:WINDOWSnircmd.exe 2007-06-14 22:53 28,672 --a------ C:WINDOWSsystem32AVEQT.dll 2007-06-14 17:50 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1Spybot - Search & Destroy 2007-06-14 16:10 <DIR> d-------- C:Program FilesWindows Media Connect 2 2007-06-14 16:08 <DIR> d-------- C:WINDOWSsystem32LogFiles 2007-06-14 16:08 <DIR> d-------- C:WINDOWSsystem32driversUMDF 2007-06-14 00:33 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Lavasoft 2007-06-14 00:32 <DIR> d-------- C:Program FilesCommon FilesWise Installation Wizard 2007-06-12 20:21 <DIR> d-------- C:DOCUME~1AdminDANEAP~1AdobeUM 2007-06-11 14:06 <DIR> d-------- C:WINDOWSShellNew 2007-06-11 14:04 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Microsoft Web Folders 2007-06-11 13:12 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Image Zone Express 2007-06-09 15:51 <DIR> d-------- C:Program Files3DO 2007-06-09 15:50 327,168 --a------ C:WINDOWSIsUn0415.exe 2007-06-08 10:09 <DIR> d-------- C:DOCUME~1AdminDANEAP~1CyberLink 2007-06-08 10:02 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1CyberLink 2007-06-07 13:36 62,744 --a------ C:WINDOWSsystem32xinput1_2.dll 2007-06-07 13:36 236,824 --a------ C:WINDOWSsystem32xactengine2_3.dll 2007-06-07 13:36 2,297,552 --a------ C:WINDOWSsystem32d3dx9_26.dll 2007-06-06 17:28 9,600 --a------ C:WINDOWSsystem32drivershidusb.sys 2007-06-04 14:28 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Media Player Classic 2007-06-04 14:27 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1Real 2007-06-04 14:27 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Real 2007-06-03 12:56 <DIR> d-------- C:DOCUME~1Admin.jpi_cache 2007-06-02 01:58 <DIR> d-------- C:Program FilesMSXML 4.0 2007-06-01 17:37 <DIR> d-------- C:Program Filesdirectx 2007-06-01 10:45 98,304 --a------ C:WINDOWSsystem32CmdLineExt.dll 2007-05-31 16:55 <DIR> d-------- C:Program FilesCommon FilesHP 2007-05-31 16:55 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1HP 2007-05-31 16:53 <DIR> d-------- C:Program FilesHewlett-Packard 2007-05-31 16:52 51,120 -ra------ C:WINDOWSsystem32driversHPZid412.sys 2007-05-31 16:52 21,744 -ra------ C:WINDOWSsystem32driversHPZius12.sys 2007-05-31 16:52 16,496 -ra------ C:WINDOWSsystem32driversHPZipr12.sys 2007-05-31 16:52 <DIR> d-------- C:Program FilesCommon FilesHewlett-Packard 2007-05-31 16:51 15,104 --a------ C:WINDOWSsystem32driversusbscan.sys 2007-05-31 16:48 94,208 --a------ C:WINDOWSsystem32HPZipt12.dll 2007-05-31 16:48 69,632 --a------ C:WINDOWSsystem32HPZipm12.exe 2007-05-31 16:48 61,440 --a------ C:WINDOWSsystem32HPZinw12.exe 2007-05-31 16:48 57,344 --a------ C:WINDOWSsystem32HPZisn12.dll 2007-05-31 16:48 306,688 --a------ C:WINDOWSIsUninst.exe 2007-05-31 16:48 278,584 --a------ C:WINDOWSsystem32HPZidr12.dll 2007-05-31 16:48 204,800 --a------ C:WINDOWSsystem32HPZipr12.dll 2007-05-31 16:47 25,856 --a------ C:WINDOWSsystem32driversusbprint.sys 2007-05-31 16:47 <DIR> d-------- C:Program FilesHP 2007-05-31 16:46 31,616 --a------ C:WINDOWSsystem32driversusbccgp.sys 2007-05-31 16:45 21,124 --------- C:WINDOWShpomdl07.dat 2007-05-31 16:45 113,548 --a------ C:WINDOWShpoins07.dat 2007-05-31 16:44 <DIR> d-------- C:DOCUME~1AdminDANEAP~1HP 2007-05-31 11:19 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Gadu-Gadu 2007-05-31 11:16 <DIR> d-------- C:DOCUME~1AdminGadu-Gadu 2007-05-30 19:47 50,688 --a------ C:WINDOWSsystem32wbhelp2.dll 2007-05-30 19:47 <DIR> d-a------ C:DOCUME~1ALLUSE~1.WINDANEAP~1TEMP 2007-05-30 19:47 <DIR> d-------- C:Program FilesGoogle 2007-05-30 19:47 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1Google 2007-05-30 19:47 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Google 2007-05-30 19:46 60,416 --a------ C:WINDOWSALCFDRTM.EXE 2007-05-30 19:46 <DIR> d-------- C:WINDOWSsystem32Lang 2007-05-30 19:44 <DIR> d-------- C:Program FilesRegCleaner 2007-05-30 19:40 9,464 --------- C:WINDOWSsystem32driverscdralw2k.sys 2007-05-30 19:40 9,336 --------- C:WINDOWSsystem32driverscdr4_xp.sys 2007-05-30 19:40 43,528 --------- C:WINDOWSsystem32driversPxHelp20.sys 2007-05-30 19:40 129,784 --------- C:WINDOWSsystem32pxafs.dll 2007-05-30 18:50 <DIR> d-------- C:WINDOWSsystem32pl-pl 2007-05-30 18:49 <DIR> d-------- C:WINDOWSnetwork diagnostic 2007-05-30 18:08 82,944 --a------ C:WINDOWSsystem32driverswdmaud.sys 2007-05-30 18:08 7,552 --a------ C:WINDOWSsystem32driversMSKSSRV.sys 2007-05-30 18:08 60,800 --a------ C:WINDOWSsystem32driverssysaudio.sys 2007-05-30 18:08 6,400 --a------ C:WINDOWSsystem32driverssplitter.sys 2007-05-30 18:08 54,272 --a------ C:WINDOWSsystem32driversswmidi.sys 2007-05-30 18:08 52,864 --a------ C:WINDOWSsystem32driversDMusic.sys 2007-05-30 18:08 5,376 --a------ C:WINDOWSsystem32driversMSPCLOCK.sys 2007-05-30 18:08 4,992 --a------ C:WINDOWSsystem32driversMSPQM.sys 2007-05-30 18:08 3,072 --a------ C:WINDOWSsystem32driversaudstub.sys 2007-05-30 18:08 2,944 --a------ C:WINDOWSsystem32driversdrmkaud.sys 2007-05-30 18:08 172,416 --a------ C:WINDOWSsystem32driverskmixer.sys 2007-05-30 18:08 142,464 --a------ C:WINDOWSsystem32driversaec.sys 2007-05-30 18:07 60,288 --a------ C:WINDOWSsystem32driversdrmk.sys 2007-05-30 18:07 58,624 --a------ C:WINDOWSsystem32driversredbook.sys 2007-05-30 18:07 4,096 --a------ C:WINDOWSsystem32ksuser.dll 2007-05-30 18:07 2,944 --a------ C:WINDOWSsystem32driversmsmpu401.sys 2007-05-30 18:07 145,792 --a------ C:WINDOWSsystem32driversportcls.sys 2007-05-30 18:07 10,624 --a------ C:WINDOWSsystem32driversgameenum.sys 2007-05-30 18:06 77,312 --a------ C:WINDOWSsystem32usbui.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-15 10:13:09 -------- d--h--w C:Program FilesInstallShield Installation Information 2007-06-11 12:04:36 -------- d-----w C:Program Filesmicrosoft frontpage 2007-06-01 15:37:18 163,644 ----a-w C:WINDOWSsystem32driverssecdrv.sys 2007-05-30 17:23:47 -------- d-----w C:Program FilesCommon FilesInstallShield 2007-05-30 16:14:16 67,078 ----a-w C:WINDOWSsystem32perfc015.dat 2007-05-30 16:14:16 435,978 ----a-w C:WINDOWSsystem32perfh015.dat 2007-05-30 15:57:52 -------- d-----w C:Program FilesMessenger 2007-05-22 18:35:34 -------- d-----w C:Program FilesCommon FilesODBC 2007-05-22 18:35:31 -------- d-----w C:Program FilesCommon FilesSpeechEngines 2007-05-22 18:00:40 -------- d-----w C:Program FilesAhead 2007-05-22 18:00:38 -------- d-----w C:Program FilesCommon FilesAhead 2007-05-22 17:54:02 -------- d-----w C:Program FilesReal Alternative 2007-05-22 17:53:59 -------- d-----w C:Program FilesMedia Player Classic 2007-05-22 17:39:00 -------- d-----w C:Program FilesDAP 2007-05-22 17:36:13 -------- d-----w C:Program FilesCCleaner 2007-05-22 17:29:39 -------- d-----w C:Program FilesWinamp 2007-05-22 17:29:12 -------- d-----w C:Program FilesDVDFab HD Decrypter 3 2007-05-22 17:24:28 -------- d-----w C:Program FilesGadu-Gadu 2007-05-22 17:16:42 -------- d-----w C:Program FilesLavasoft 2007-05-22 17:16:13 -------- d-----w C:Program FilesK-Lite Codec Pack 2007-05-22 17:15:48 -------- d-----w C:Program FilesSubEdit-Player 2007-05-22 17:09:47 -------- d-----w C:Program FilesCyberLink 2007-05-22 16:53:02 -------- d-----w C:Program FilesAlwil Software 2007-05-22 16:44:57 0 --sha-r C:MSDOS.SYS 2007-05-22 16:44:57 0 --sha-r C:IO.SYS 2007-05-22 16:44:57 0 ----a-w C:CONFIG.SYS 2007-05-22 16:44:57 0 ----a-w C:AUTOEXEC.BAT 2007-05-22 16:43:46 -------- d--h--w C:Program FilesWindowsUpdate 2007-05-22 16:43:44 -------- d-----w C:Program FilesUsługi online 2007-05-22 16:42:54 -------- d-----w C:Program FilesCommon FilesMSSoap 2007-05-22 16:42:46 -------- d-----w C:Program FilesMovie Maker 2007-05-22 16:41:26 -------- d-----w C:Program FilesMSN Gaming Zone 2007-05-22 16:41:17 -------- d-----w C:Program FilesWindows NT 2007-04-25 14:23:30 144,896 ----a-w C:WINDOWSsystem32schannel.dll 2007-04-18 16:14:32 2,854,400 ----a-w C:WINDOWSsystem32msi.dll 2007-04-16 20:45:28 92,504 ----a-w C:WINDOWSsystem32cdm.dll 2007-04-16 20:45:20 43,352 ----a-w C:WINDOWSsystem32wups2.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=D:Program FilesanimActiveXAcroIEHelper.dll [2005-09-24 06:12] {53707962-6F74-2D53-2644-206D7942484F}=C:Program FilesSpybot - Search & DestroySDHelper.dll [2005-05-31 01:04] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:program filesgooglegoogletoolbar1.dll [2007-05-30 19:47] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "ATIPTA"="C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe" [2005-05-03 21:05] "ATICCC"="C:Program FilesATI TechnologiesATI.ACEcli.exe" [2005-05-04 00:33] "avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2007-04-30 17:42] "HP Software Update"="C:Program FilesHPHP Software UpdateHPWuSchd2.exe" [2005-05-11 23:12] "SoundMan"="SOUNDMAN.EXE" [2007-05-30 19:23 C:WINDOWSsoundman.exe] [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 14:00] ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-23 17:06:01 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** Completion time: 2007-06-23 17:06:58 C:ComboFix-quarantined-files.txt ... 2007-06-23 17:06 C:ComboFix2.txt ... 2007-06-21 18:03 --- E O F --- [ Dodano: 2007-06-23, 17:07 ] ComboFix 07-06-21.3 - D:NIE TYKACComboFix.exe "Admin" - 2007-06-23 17:05:20 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-05-23 to 2007-06-23 ))))))))))))))))))))))))))))))) 2007-06-17 18:33 524,288 --ah----- C:DOCUME~1ADMINI~1NTUSER.DAT 2007-06-17 18:33 <DIR> dr-h----- C:DOCUME~1ADMINI~1Dane aplikacji 2007-06-17 18:33 <DIR> dr------- C:DOCUME~1ADMINI~1Menu Start 2007-06-17 18:33 <DIR> d--h----- C:DOCUME~1ADMINI~1Ustawienia lokalne 2007-06-17 18:33 <DIR> d--h----- C:DOCUME~1ADMINI~1Szablony 2007-06-17 18:33 <DIR> d-------- C:DOCUME~1ADMINI~1Ulubione 2007-06-17 18:33 <DIR> d-------- C:DOCUME~1ADMINI~1Pulpit 2007-06-17 18:33 <DIR> d-------- C:DOCUME~1ADMINI~1Moje dokumenty 2007-06-17 10:53 47,104 --a------ C:WINDOWSsystem32KMVIDC32.DLL 2007-06-15 12:13 577,536 --a------ C:WINDOWSsoundman.exe 2007-06-15 12:13 49,152 --a------ C:WINDOWSsystem32ChCfg.exe 2007-06-15 12:13 4,027,840 -ra------ C:WINDOWSsystem32driversalcxwdm.sys 2007-06-15 12:13 315,392 --a------ C:WINDOWSalcupd.exe 2007-06-15 12:13 217,088 --a------ C:WINDOWSAlcrmv.exe 2007-06-15 12:13 147,456 --a------ C:WINDOWSsystem32RtlCPAPI.dll 2007-06-15 12:13 10,528,768 --a------ C:WINDOWSsystem32RTLCPL.exe 2007-06-15 12:13 <DIR> d-------- C:Program FilesRealtek AC97 2007-06-15 10:38 49,152 --a------ C:WINDOWSnircmd.exe 2007-06-14 22:53 28,672 --a------ C:WINDOWSsystem32AVEQT.dll 2007-06-14 17:50 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1Spybot - Search & Destroy 2007-06-14 16:10 <DIR> d-------- C:Program FilesWindows Media Connect 2 2007-06-14 16:08 <DIR> d-------- C:WINDOWSsystem32LogFiles 2007-06-14 16:08 <DIR> d-------- C:WINDOWSsystem32driversUMDF 2007-06-14 00:33 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Lavasoft 2007-06-14 00:32 <DIR> d-------- C:Program FilesCommon FilesWise Installation Wizard 2007-06-12 20:21 <DIR> d-------- C:DOCUME~1AdminDANEAP~1AdobeUM 2007-06-11 14:06 <DIR> d-------- C:WINDOWSShellNew 2007-06-11 14:04 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Microsoft Web Folders 2007-06-11 13:12 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Image Zone Express 2007-06-09 15:51 <DIR> d-------- C:Program Files3DO 2007-06-09 15:50 327,168 --a------ C:WINDOWSIsUn0415.exe 2007-06-08 10:09 <DIR> d-------- C:DOCUME~1AdminDANEAP~1CyberLink 2007-06-08 10:02 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1CyberLink 2007-06-07 13:36 62,744 --a------ C:WINDOWSsystem32xinput1_2.dll 2007-06-07 13:36 236,824 --a------ C:WINDOWSsystem32xactengine2_3.dll 2007-06-07 13:36 2,297,552 --a------ C:WINDOWSsystem32d3dx9_26.dll 2007-06-06 17:28 9,600 --a------ C:WINDOWSsystem32drivershidusb.sys 2007-06-04 14:28 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Media Player Classic 2007-06-04 14:27 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1Real 2007-06-04 14:27 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Real 2007-06-03 12:56 <DIR> d-------- C:DOCUME~1Admin.jpi_cache 2007-06-02 01:58 <DIR> d-------- C:Program FilesMSXML 4.0 2007-06-01 17:37 <DIR> d-------- C:Program Filesdirectx 2007-06-01 10:45 98,304 --a------ C:WINDOWSsystem32CmdLineExt.dll 2007-05-31 16:55 <DIR> d-------- C:Program FilesCommon FilesHP 2007-05-31 16:55 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1HP 2007-05-31 16:53 <DIR> d-------- C:Program FilesHewlett-Packard 2007-05-31 16:52 51,120 -ra------ C:WINDOWSsystem32driversHPZid412.sys 2007-05-31 16:52 21,744 -ra------ C:WINDOWSsystem32driversHPZius12.sys 2007-05-31 16:52 16,496 -ra------ C:WINDOWSsystem32driversHPZipr12.sys 2007-05-31 16:52 <DIR> d-------- C:Program FilesCommon FilesHewlett-Packard 2007-05-31 16:51 15,104 --a------ C:WINDOWSsystem32driversusbscan.sys 2007-05-31 16:48 94,208 --a------ C:WINDOWSsystem32HPZipt12.dll 2007-05-31 16:48 69,632 --a------ C:WINDOWSsystem32HPZipm12.exe 2007-05-31 16:48 61,440 --a------ C:WINDOWSsystem32HPZinw12.exe 2007-05-31 16:48 57,344 --a------ C:WINDOWSsystem32HPZisn12.dll 2007-05-31 16:48 306,688 --a------ C:WINDOWSIsUninst.exe 2007-05-31 16:48 278,584 --a------ C:WINDOWSsystem32HPZidr12.dll 2007-05-31 16:48 204,800 --a------ C:WINDOWSsystem32HPZipr12.dll 2007-05-31 16:47 25,856 --a------ C:WINDOWSsystem32driversusbprint.sys 2007-05-31 16:47 <DIR> d-------- C:Program FilesHP 2007-05-31 16:46 31,616 --a------ C:WINDOWSsystem32driversusbccgp.sys 2007-05-31 16:45 21,124 --------- C:WINDOWShpomdl07.dat 2007-05-31 16:45 113,548 --a------ C:WINDOWShpoins07.dat 2007-05-31 16:44 <DIR> d-------- C:DOCUME~1AdminDANEAP~1HP 2007-05-31 11:19 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Gadu-Gadu 2007-05-31 11:16 <DIR> d-------- C:DOCUME~1AdminGadu-Gadu 2007-05-30 19:47 50,688 --a------ C:WINDOWSsystem32wbhelp2.dll 2007-05-30 19:47 <DIR> d-a------ C:DOCUME~1ALLUSE~1.WINDANEAP~1TEMP 2007-05-30 19:47 <DIR> d-------- C:Program FilesGoogle 2007-05-30 19:47 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1Google 2007-05-30 19:47 <DIR> d-------- C:DOCUME~1AdminDANEAP~1Google 2007-05-30 19:46 60,416 --a------ C:WINDOWSALCFDRTM.EXE 2007-05-30 19:46 <DIR> d-------- C:WINDOWSsystem32Lang 2007-05-30 19:44 <DIR> d-------- C:Program FilesRegCleaner 2007-05-30 19:40 9,464 --------- C:WINDOWSsystem32driverscdralw2k.sys 2007-05-30 19:40 9,336 --------- C:WINDOWSsystem32driverscdr4_xp.sys 2007-05-30 19:40 43,528 --------- C:WINDOWSsystem32driversPxHelp20.sys 2007-05-30 19:40 129,784 --------- C:WINDOWSsystem32pxafs.dll 2007-05-30 18:50 <DIR> d-------- C:WINDOWSsystem32pl-pl 2007-05-30 18:49 <DIR> d-------- C:WINDOWSnetwork diagnostic 2007-05-30 18:08 82,944 --a------ C:WINDOWSsystem32driverswdmaud.sys 2007-05-30 18:08 7,552 --a------ C:WINDOWSsystem32driversMSKSSRV.sys 2007-05-30 18:08 60,800 --a------ C:WINDOWSsystem32driverssysaudio.sys 2007-05-30 18:08 6,400 --a------ C:WINDOWSsystem32driverssplitter.sys 2007-05-30 18:08 54,272 --a------ C:WINDOWSsystem32driversswmidi.sys 2007-05-30 18:08 52,864 --a------ C:WINDOWSsystem32driversDMusic.sys 2007-05-30 18:08 5,376 --a------ C:WINDOWSsystem32driversMSPCLOCK.sys 2007-05-30 18:08 4,992 --a------ C:WINDOWSsystem32driversMSPQM.sys 2007-05-30 18:08 3,072 --a------ C:WINDOWSsystem32driversaudstub.sys 2007-05-30 18:08 2,944 --a------ C:WINDOWSsystem32driversdrmkaud.sys 2007-05-30 18:08 172,416 --a------ C:WINDOWSsystem32driverskmixer.sys 2007-05-30 18:08 142,464 --a------ C:WINDOWSsystem32driversaec.sys 2007-05-30 18:07 60,288 --a------ C:WINDOWSsystem32driversdrmk.sys 2007-05-30 18:07 58,624 --a------ C:WINDOWSsystem32driversredbook.sys 2007-05-30 18:07 4,096 --a------ C:WINDOWSsystem32ksuser.dll 2007-05-30 18:07 2,944 --a------ C:WINDOWSsystem32driversmsmpu401.sys 2007-05-30 18:07 145,792 --a------ C:WINDOWSsystem32driversportcls.sys 2007-05-30 18:07 10,624 --a------ C:WINDOWSsystem32driversgameenum.sys 2007-05-30 18:06 77,312 --a------ C:WINDOWSsystem32usbui.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-15 10:13:09 -------- d--h--w C:Program FilesInstallShield Installation Information 2007-06-11 12:04:36 -------- d-----w C:Program Filesmicrosoft frontpage 2007-06-01 15:37:18 163,644 ----a-w C:WINDOWSsystem32driverssecdrv.sys 2007-05-30 17:23:47 -------- d-----w C:Program FilesCommon FilesInstallShield 2007-05-30 16:14:16 67,078 ----a-w C:WINDOWSsystem32perfc015.dat 2007-05-30 16:14:16 435,978 ----a-w C:WINDOWSsystem32perfh015.dat 2007-05-30 15:57:52 -------- d-----w C:Program FilesMessenger 2007-05-22 18:35:34 -------- d-----w C:Program FilesCommon FilesODBC 2007-05-22 18:35:31 -------- d-----w C:Program FilesCommon FilesSpeechEngines 2007-05-22 18:00:40 -------- d-----w C:Program FilesAhead 2007-05-22 18:00:38 -------- d-----w C:Program FilesCommon FilesAhead 2007-05-22 17:54:02 -------- d-----w C:Program FilesReal Alternative 2007-05-22 17:53:59 -------- d-----w C:Program FilesMedia Player Classic 2007-05-22 17:39:00 -------- d-----w C:Program FilesDAP 2007-05-22 17:36:13 -------- d-----w C:Program FilesCCleaner 2007-05-22 17:29:39 -------- d-----w C:Program FilesWinamp 2007-05-22 17:29:12 -------- d-----w C:Program FilesDVDFab HD Decrypter 3 2007-05-22 17:24:28 -------- d-----w C:Program FilesGadu-Gadu 2007-05-22 17:16:42 -------- d-----w C:Program FilesLavasoft 2007-05-22 17:16:13 -------- d-----w C:Program FilesK-Lite Codec Pack 2007-05-22 17:15:48 -------- d-----w C:Program FilesSubEdit-Player 2007-05-22 17:09:47 -------- d-----w C:Program FilesCyberLink 2007-05-22 16:53:02 -------- d-----w C:Program FilesAlwil Software 2007-05-22 16:44:57 0 --sha-r C:MSDOS.SYS 2007-05-22 16:44:57 0 --sha-r C:IO.SYS 2007-05-22 16:44:57 0 ----a-w C:CONFIG.SYS 2007-05-22 16:44:57 0 ----a-w C:AUTOEXEC.BAT 2007-05-22 16:43:46 -------- d--h--w C:Program FilesWindowsUpdate 2007-05-22 16:43:44 -------- d-----w C:Program FilesUsługi online 2007-05-22 16:42:54 -------- d-----w C:Program FilesCommon FilesMSSoap 2007-05-22 16:42:46 -------- d-----w C:Program FilesMovie Maker 2007-05-22 16:41:26 -------- d-----w C:Program FilesMSN Gaming Zone 2007-05-22 16:41:17 -------- d-----w C:Program FilesWindows NT 2007-04-25 14:23:30 144,896 ----a-w C:WINDOWSsystem32schannel.dll 2007-04-18 16:14:32 2,854,400 ----a-w C:WINDOWSsystem32msi.dll 2007-04-16 20:45:28 92,504 ----a-w C:WINDOWSsystem32cdm.dll 2007-04-16 20:45:20 43,352 ----a-w C:WINDOWSsystem32wups2.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=D:Program FilesanimActiveXAcroIEHelper.dll [2005-09-24 06:12] {53707962-6F74-2D53-2644-206D7942484F}=C:Program FilesSpybot - Search & DestroySDHelper.dll [2005-05-31 01:04] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:program filesgooglegoogletoolbar1.dll [2007-05-30 19:47] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "ATIPTA"="C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe" [2005-05-03 21:05] "ATICCC"="C:Program FilesATI TechnologiesATI.ACEcli.exe" [2005-05-04 00:33] "avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2007-04-30 17:42] "HP Software Update"="C:Program FilesHPHP Software UpdateHPWuSchd2.exe" [2005-05-11 23:12] "SoundMan"="SOUNDMAN.EXE" [2007-05-30 19:23 C:WINDOWSsoundman.exe] [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 14:00] ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-23 17:06:01 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** Completion time: 2007-06-23 17:06:58 C:ComboFix-quarantined-files.txt ... 2007-06-23 17:06 C:ComboFix2.txt ... 2007-06-21 18:03 --- E O F ---
CatchMe komentarz 23 czerwca 2007 komentarz 23 czerwca 2007 Start >>> uruchom >>> wpisz cmd i kliknij Ok => w konsoli, która się otworzy wpisz: sc stop DNSCacheReader sc delete DNSCacheReader exit Wpis skasuj w HijackThis: O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - C:WINDOWSsystem32j2291332.exe (file missing) Uruchom ponownie komputer i daj log z HijackThis.
Spawn komentarz 26 czerwca 2007 Autor komentarz 26 czerwca 2007 Logfile of HijackThis v1.99.1 Scan saved at 19:42:36, on 2007-06-26 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe C:Program FilesAlwil SoftwareAvast4ashServ.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32spoolsv.exe C:WINDOWSsystem32svchost.exe C:Program FilesATI TechnologiesATI.ACEcli.exe C:PROGRA~1ALWILS~1Avast4ashDisp.exe C:Program FilesHPHP Software UpdateHPWuSchd2.exe C:WINDOWSSOUNDMAN.EXE C:WINDOWSsystem32ctfmon.exe C:Program FilesHPDigital Imagingbinhpqtra08.exe C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe C:Program FilesAlwil SoftwareAvast4ashWebSv.exe C:Program FilesHPDigital ImagingbinhpqSTE08.exe C:Program FilesHPDigital ImagingProduct Assistantbinhprblog.exe D:NIE TYKACHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLL (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:Program FilesanimActiveXAcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe O4 - HKLM..Run: [soundMan] SOUNDMAN.EXE O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe O8 - Extra context menu item: &Clean Traces - D:Program FilesDAPPrivacy Packagedapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - D:Program FilesDAPdapextie.htm O8 - Extra context menu item: Download &all with DAP - D:Program FilesDAPdapextie2.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O17 - HKLMSystemCCSServicesTcpip..{B5380CB0-507E-45FD-96F6-B9BBFD8D26EA}: NameServer = 194.204.152.34 217.98.63.164 O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe W hijack nie bylo tego wpisu co mialem go usunac
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.