Forum PC Town

Strona Główna     FAQFAQ  SzukajSzukaj  UżytkownicyUżytkownicy  GrupyGrupy


Forum komputerowe PC Town Strona Główna » Kompiradło » Bezpieczeństwo w sieci » Analiza logów » prosze o sprawdzenie loga HijackThis i ComboFix Poprzedni temat :: Następny temat
prosze o sprawdzenie loga HijackThis i ComboFix
Autor Wiadomość
4tery 

Wysłany: 2008-07-09, 19:14   prosze o sprawdzenie loga HijackThis i ComboFix
Cytat:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:56:59, on 2008-07-09
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\FixCamera.exe
C:\Windows\tsnp2std.exe
C:\Windows\vsnp2std.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Paweł\Desktop\New Folder (2)\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com...ilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com...ilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: (no name) - {80123684-A222-4009-8220-A867294D6DE8} - (no file)
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\fccbAQjj.dll,#1
O4 - HKLM\..\Run: [DelayLoad] C:\Users\PAWE~1\AppData\Local\Temp\atmadm2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\PAWE~1\AppData\Local\Temp\lJaWPgfg.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\PAWE~1\AppData\Local\Temp\jkkHBQhe.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec....bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec....n/bin/cabsa.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: axrfgvek - {AD14D33D-80DF-4CFA-9932-1292F988137F} - C:\Windows\axrfgvek.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10331 bytes



Cytat:
ComboFix 08-07-08.9 - Paweł 2008-07-09 18:58:42.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1033.18.1038 [GMT 1:00]
Running from: C:\Users\Paweł\Desktop\programy\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\axrfgvek.dll
C:\Windows\esrp.exe
C:\Windows\mrvtdpqe.exe
C:\Windows\system32\KBL.LOG

.
((((((((((((((((((((((((( Files Created from 2008-06-09 to 2008-07-09 )))))))))))))))))))))))))))))))
.

2008-07-09 18:19 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-07-09 18:18 . 2008-07-09 18:18 <DIR> d-------- C:\Program Files\Panda Security
2008-07-08 16:33 . 2008-07-08 16:39 <DIR> d-------- C:\Program Files\SkanerOnline
2008-07-07 19:24 . 2008-07-07 19:24 2,560 --a------ C:\Windows\_MSRSTRT.EXE
2008-07-07 17:38 . 2008-07-07 17:38 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-07 17:38 . 2008-05-16 00:18 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-07-06 22:58 . 2008-03-03 14:25 5,702 --ah----- C:\Windows\nod32restoretemdono.reg
2008-07-06 22:55 . 2008-07-06 22:55 <DIR> d-------- C:\Users\All Users\ESET
2008-07-06 22:55 . 2008-07-06 22:55 <DIR> d-------- C:\ProgramData\ESET
2008-07-06 22:02 . 2008-07-06 15:20 <DIR> d-------- C:\SDFix
2008-07-06 15:41 . 2008-07-06 15:41 28,800 --a------ C:\Windows\System32\fccbAQjj.dll
2008-06-16 17:06 . 2008-07-07 17:16 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-16 17:06 . 2008-07-07 17:16 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-06-15 18:59 . 2008-06-15 18:59 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-15 11:18 . 2008-06-15 11:18 <DIR> d-------- C:\Program Files\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 18:02 3,145,728 --sha-w C:\Users\Paweł\NTUSER.DAT
2008-07-09 18:02 3,145,728 --sha-w C:\Users\Paweł\NTUSER.DAT
2008-07-09 02:14 174 --sha-w C:\Program Files\desktop.ini
2008-07-08 17:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-08 17:44 --------- d-----w C:\ProgramData\WildTangent
2008-07-07 21:34 --------- d-----w C:\Program Files\Programs
2008-07-07 19:45 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-07-07 18:28 --------- d-----w C:\Users\Paweł\AppData\Roaming\Skype
2008-07-07 15:07 --------- d-----w C:\Users\Paweł\AppData\Roaming\skypePM
2008-07-06 14:40 --------- d-----w C:\Users\Paweł\AppData\Roaming\uTorrent
2008-07-03 17:46 27,335 ----a-w C:\Users\Paweł\AppData\Roaming\nvModes.dat
2008-06-25 18:40 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
2008-06-15 10:17 --------- d-----w C:\Program Files\Java
2008-06-15 09:43 --------- d-s---w C:\Users\Paweł\AppData\Roaming\Microsoft
2008-06-03 21:20 --------- d-----w C:\Program Files\uTorrent
2008-06-03 21:19 --------- d-----w C:\Users\Paweł\AppData\Roaming\Azureus
2008-06-01 11:16 --------- d-----w C:\Program Files\SopCast
2008-05-31 22:54 --------- d-----w C:\Users\Paweł\AppData\Roaming\GanymedeNet
2008-05-31 15:19 --------- d-----w C:\Program Files\Ganymede
2008-05-31 12:22 --------- d-----w C:\Program Files\Ultra RM Converter
2008-05-31 12:07 --------- d-----w C:\Users\Paweł\AppData\Roaming\streamripper
2008-05-31 12:06 --------- d-----w C:\Program Files\Streamripper
2008-05-28 14:04 --------- d-----w C:\ProgramData\Azureus
2008-05-25 14:04 --------- d-----w C:\Users\Paweł\AppData\Roaming\Real
2008-05-25 14:03 --------- d-----w C:\Users\Paweł\AppData\Roaming\vlc
2008-05-25 12:46 --------- d-----w C:\Program Files\VideoLAN
2008-05-19 15:39 --------- d-----w C:\Program Files\Real Alternative
2008-05-19 15:38 --------- d-----w C:\Program Files\Media Player Classic
2008-05-19 15:37 --------- d-----w C:\Program Files\AC3Filter
2008-05-19 15:36 --------- d-----w C:\Program Files\QuickTime Alternative
2008-05-19 15:33 36,734 ----a-w C:\Windows\System32\OggDSuninst.exe
2008-05-19 15:32 --------- d-----w C:\Program Files\ffdshow
2008-05-19 15:08 --------- d-----w C:\Program Files\SubEdit-Player
2008-05-18 21:31 --------- d-----w C:\Users\Paweł\AppData\Roaming\Gadu-Gadu
2008-05-18 16:41 --------- d-----w C:\ProgramData\OrbNetworks
2008-05-18 16:40 --------- d-----w C:\Program Files\Winamp
2008-05-18 16:39 --------- d-----w C:\ProgramData\Winamp Toolbar
2008-05-18 16:39 --------- d-----w C:\Program Files\Winamp Toolbar
2008-05-18 16:39 --------- d-----w C:\Program Files\Winamp Remote
2008-05-18 16:36 --------- d-----w C:\Users\Paweł\AppData\Roaming\Winamp
2008-05-18 15:11 --------- d-----w C:\ProgramData\CyberLink
2008-05-18 14:26 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-18 13:57 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-18 13:56 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-05-18 13:56 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-05-18 13:55 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-05-18 13:55 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-05-18 13:55 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-05-18 13:55 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-05-18 13:55 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-05-18 13:55 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-05-18 13:55 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-05-18 13:55 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-05-18 13:55 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-05-18 13:54 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-05-18 13:54 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-05-18 13:54 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-05-18 13:54 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-05-18 13:54 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-05-18 13:52 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-05-18 13:49 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-05-18 13:49 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-05-18 13:49 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-05-18 13:49 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-05-18 13:48 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-05-18 13:48 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-05-18 13:48 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-05-18 13:47 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-05-18 13:46 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-05-18 13:46 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-05-18 13:42 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-05-18 13:42 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-05-18 13:42 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-05-18 13:42 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-05-18 13:41 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-05-18 13:38 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-18 13:37 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-05-18 13:37 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-05-18 13:36 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-05-18 13:21 32 ----a-w C:\Users\All Users\ezsid.dat
2008-05-18 13:21 32 ----a-w C:\ProgramData\ezsid.dat
2008-05-18 13:13 --------- d-----w C:\Users\Paweł\AppData\Roaming\Adobe
2008-05-18 12:35 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-05-18 12:35 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-05-18 12:35 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-05-18 12:35 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-05-18 12:34 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-05-18 12:34 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-05-18 12:34 33,624 ----a-w C:\Windows\System32\wups.dll
2008-05-18 12:34 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-05-18 12:34 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-05-17 13:17 --------- d-----w C:\Program Files\Common Files\snp2std
2008-05-17 13:16 --------- d-----w C:\Users\Paweł\AppData\Roaming\InstallShield
2008-05-15 17:52 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-05-18 14:47 1232896]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-02 00:10 1783136]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 18:36 455968]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 02:54 507904]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-19 21:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-19 21:05 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-19 21:05 81920]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 09:29 102400]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-10-01 04:34 181544]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 08:13 218408]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 07:11 49152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 16:47 480560]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 23:53 311296]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 19:49 36352]
"FixCamera"="C:\Windows\FixCamera.exe" [2007-07-11 16:09 20480]
"tsnp2std"="C:\Windows\tsnp2std.exe" [2007-05-10 17:05 270336]
"snp2std"="C:\Windows\vsnp2std.exe" [2007-09-28 16:32 344064]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"MSServer"="C:\Windows\system32\fccbAQjj.dll" [2008-07-06 15:41 28800]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 00:19 79224]

C:\Users\Paweˆ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{3BA3028F-FD37-46BF-AD27-733734684F06}"= "C:\Windows\system32\fccbAQjj.dll" [2008-07-06 15:41 28800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"msacm.avis"= ff_acm.acm
"vidc.DIV3"= DivXc32.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5191A9EB-D83B-46A2-A81C-07F66711C7C8}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{715D1CA7-C01C-479C-9F71-DB42EE39C5C8}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{88E6DF99-E159-4ABF-98B8-9B3A2E538CB9}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4CAAE971-0114-479F-B15E-3579ADF55B91}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5DFAF0BD-504C-495F-8BBE-5C79D95BF853}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{D2784C0D-D366-4092-B229-2D07125BD00B}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{14C50A36-8DB3-46D4-8613-399EA1C55E88}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"TCP Query User{3F20A39B-E495-43E5-B151-409ECB5FF5EF}C:\\program files\\gadu-gadu\\gg.exe"= UDP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny
"UDP Query User{DD33642C-180D-4E79-9680-C14F2B02A094}C:\\program files\\gadu-gadu\\gg.exe"= TCP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny
"{15FFC916-6FB7-4FC6-9FAC-6D72AF5EABDF}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{CEB6E2C2-B186-46D0-99DC-D15C70E01E65}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{5A32FC7B-F915-40C0-91D1-AB3E9988C80C}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{0F682803-FAF7-4D09-856C-FCEF70693C8B}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{BD769E79-3F6E-45A7-A883-9C0F592699C2}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{409CCDA0-8DAA-4600-BA8E-A05EDA5B5F6D}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{7DC553E1-4DEA-42B1-88F5-E505166778FB}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{ACF0A18C-2335-48AC-8007-84463E64D338}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{859B3203-2440-4BA1-B786-F584E3B5674C}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{F76CB4CE-C9E6-4F5E-87E5-17E54AB3C548}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{70BFB42B-280E-4232-8D0D-D03024C66546}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{A76CD9E0-8E5A-461D-832B-ED3C46D72B29}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{02655EF9-D98B-4C4C-8EB5-649D9A2A7486}C:\\program files\\gadu-gadu\\gg.exe"= UDP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny
"UDP Query User{DCE0D74E-78F7-4B5C-8BBD-BD414479FBD8}C:\\program files\\gadu-gadu\\gg.exe"= TCP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny
"TCP Query User{8441AC14-2556-4311-8530-80EB9E677372}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.321\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{5E30C312-2684-4100-B2EC-8E3F3AAF39E6}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.321\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"TCP Query User{F04EAE22-2E56-4CF1-923F-9396EA2A0797}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{4A1BC1CB-339D-41F5-ADF1-AE6180BE61FE}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{98283A43-8E73-43C6-B98C-DCDB7B28AE90}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{9EC24670-4401-4B59-8D3C-0FD99E3894FB}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{78A104A1-5214-47BE-9955-58E6872C1C4F}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{36A4EA23-612D-47C7-81B1-0686C2168525}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{DD26C2DB-0F23-42CF-8931-C299C6934AF4}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{3F2C9C31-72B2-44DD-835D-617976ABEEA1}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{E797B685-981A-41DE-B5B9-3DB8FA58A051}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{4560A276-919E-4BEC-8164-B9B8752E4EC2}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{FC9BBB1F-CF6E-4183-A4A5-49A729CB355B}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{BEF0F58C-9D96-4F0B-9B7F-BB97952D4EC1}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{9EB777E0-4B4A-48E0-8791-DCF1033D1A84}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{4CE7255F-0E71-4E20-834B-EE604303397E}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{A88FE76D-2842-4C30-BA79-F7486363F4AB}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{DCA111A3-B06B-46A5-A4FC-3E3BE9C68DBE}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{67D466DC-2D97-4FC0-9F6C-2ED91195FB1B}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\polish\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\polish\setup.exe:Kaspersky Anti-Virus 2009 Setup
"UDP Query User{F286B4F6-9329-4A5F-A205-0824BD9CA0BA}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\polish\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\polish\setup.exe:Kaspersky Anti-Virus 2009 Setup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\Windows\system32\drivers\sfsync03.sys [2005-10-13 14:46]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 00:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 00:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 00:18]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-10-01 04:34]
R2 QPSched;QuickPlay Task Scheduler (QTS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-10-01 04:34]
R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 19:30]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\Windows\system32\DRIVERS\snp2sxp.sys [2007-09-05 13:48]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{391351bf-ebcf-11dc-b036-001b24f56c7c}]
\shell\AutoRun\command - RavMon.exe
\shell\explore\Command - RavMon.exe -e
\shell\open\Command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96a058bd-e8c4-11dc-a474-001b24f56c7c}]
\shell\AutoRun\command - G:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c120fa21-dc08-11dc-b38f-001b24f56c7c}]
\shell\AutoRun\command - F:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb5850a0-dc2e-11dc-91d9-001b24f56c7c}]
\shell\AutoRun\command - F:\Launch.exe

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{80123684-A222-4009-8220-A867294D6DE8} - (no file)
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
SSODL-axrfgvek-{AD14D33D-80DF-4CFA-9932-1292F988137F} - C:\Windows\axrfgvek.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-09 19:02:17
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-09 19:03:46
ComboFix-quarantined-files.txt 2008-07-09 18:03:43

Pre-Run: 30,771,646,464 bytes free
Post-Run: 30,852,771,840 bytes free

266 --- E O F --- 2008-07-09 02:05:00
 
   
Asdef 
Administrator



Pomógł: 32 razy
Skąd: Lodz
Wysłany: 2008-07-09, 23:30   
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - {80123684-A222-4009-8220-A867294D6DE8} - (no file)
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\fccbAQjj.dll,#1
O4 - HKLM\..\Run: [DelayLoad] C:\Users\PAWE~1\AppData\Local\Temp\atmadm2.exe

Pobierz Combofix: (nie wiem czy PAWE~, nie będziesz musiał podać pełnej ścieżki, bo obcięlo)
C:\Users\PAWE~1\AppData\Local\Temp\atmadm2.exe


Dalej FIX
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\PAWE~1\AppData\Local\Temp\lJaWPgfg.dll,#1

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\PAWE~1\AppData\Local\Temp\jkkHBQhe.dll,c
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O21 - SSODL: axrfgvek - {AD14D33D-80DF-4CFA-9932-1292F988137F} - C:\Windows\axrfgvek.dll


PS// jeszcze raz hijacka daj....
Ps_2//moze kots spr.. combofixa bo ja nie znam sie na nim ;)
_________________
PCT szuka ludzi dobrej woli, którzy jak mają ciekawe artykuły pisane z własnej ręki, to oczywiście można je nadsyłać nawet z gościa, po zatwierdzeniu przez moderatora…
http://www.pctown.pl/submitnews.php
lub wysyłać na asdef(malpa)o2.pl
http://img528.imageshack.us/img528/3311/dn9ar.png
 
   
Wyświetl posty z ostatnich:   
Forum komputerowe PC Town Strona Główna » Kompiradło » Bezpieczeństwo w sieci » Analiza logów » prosze o sprawdzenie loga HijackThis i ComboFix
Odpowiedz do tematu
Możesz pisać nowe tematy
Możesz odpowiadać w tematach
Nie możesz zmieniać swoich postów
Nie możesz usuwać swoich postów
Nie możesz głosować w ankietach
Nie możesz załączać plików na tym forum
Możesz ściągać załączniki na tym forum
 Dodaj temat do Ulubionych
Wersja do druku

Skocz do:  

Powered by phpBB modified by Przemo © 2003 phpBB Group
system walidacji dla gości opracował Petermechanic
Forum komputerowe
Strona wygenerowana w 0,15 sekundy. Zapytań do SQL: 10