musti10
(Musti10)
3 Czerwiec 2007 18:09
#1
Nie moge ogladac stron www , tylko niektore ‘wchodza’ . Poza tym nie widze nic albo kod zrodlowy, co zrobic , ludzie?! :o
Logfile of HijackThis v1.99.1 Scan saved at 19:08:53, on 2007-06-03 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\EpStsSrv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ntvdm.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\LClock\LClock.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NETGEAR\WG111T\wlan111t.exe C:\Program Files\Maxthon\Maxthon.exe C:\Program Files\Outlook Express\msimn.exe C:\Documents and Settings\Administrator\Desktop\hijackthis.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Most Wanted Edition Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F3 - REG:win.ini: load=C:\YDPDict\watch.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [LClock] C:\Program Files\LClock\LClock.exe O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [ZoneAlarm Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” O4 - HKLM…\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: EPSON ESC/POS Status Service (EPSON ESCPOS Status Service) - SEIKO EPSON Corp. - C:\WINDOWS\SYSTEM32\EpStsSrv.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Gutek
(Gutek)
3 Czerwiec 2007 18:11
#2
Log Ok
Daj log z Combofix
Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE
musti10
(Musti10)
3 Czerwiec 2007 18:18
#3
“Administrator” - 2007-06-03 19:13:36 Service Pack 2 ComboFix 07-05.27.BV - Running from: “C:\Documents and Settings\Administrator\Desktop” ((((((((((((((((((((((((((((((( Files Created from 2007-05-03 to 2007-06-03 )))))))))))))))))))))))))))))))))) 2007-06-01 23:21 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe 2007-06-01 22:31 2007-06-01 22:21 2007-06-01 22:18 2007-06-01 22:10 2007-06-01 21:34 2007-06-01 21:34 2007-06-01 21:34 2007-05-31 21:19 2007-05-18 02:58 339,968 --a------ C:\WINDOWS\system32\ATIDEMGX.dll 2007-05-18 02:58 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll 2007-05-18 02:57 268,288 --a------ C:\WINDOWS\system32\ati2dvag.dll 2007-05-18 02:51 139,264 --a------ C:\WINDOWS\system32\atipdlxx.dll 2007-05-18 02:50 42,496 --a------ C:\WINDOWS\system32\ati2edxx.dll 2007-05-18 02:50 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe 2007-05-18 02:49 479,232 --a------ C:\WINDOWS\system32\ati2evxx.exe 2007-05-18 02:48 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL 2007-05-18 02:41 2,922,144 --a------ C:\WINDOWS\system32\ati3duag.dll 2007-05-18 02:39 7,610,368 --a------ C:\WINDOWS\system32\atioglx2.dll 2007-05-18 02:30 972,072 --a------ C:\WINDOWS\system32\ativva6x.dat 2007-05-18 02:30 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat 2007-05-18 02:30 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat 2007-05-18 02:30 1,512,960 --a------ C:\WINDOWS\system32\ativvaxx.dll 2007-05-18 02:19 5,431,296 --a------ C:\WINDOWS\system32\atioglxx.dll 2007-05-18 02:17 262,144 --a------ C:\WINDOWS\system32\atikvmag.dll 2007-05-18 02:16 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll 2007-05-18 02:14 46,592 --a------ C:\WINDOWS\system32\atiok3x2.dll 2007-05-18 02:10 368,640 --a------ C:\WINDOWS\system32\ati2cqag.dll 2007-05-08 19:57 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-05-08 00:11 2007-05-04 09:00 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-03 09:15:01 -------- d-----w C:\Program Files\DC++ 2007-06-01 22:25:10 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-06-01 22:23:04 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-05-22 20:17:30 -------- d-----w C:\Program Files\Gadu-Gadu 2007-05-18 01:57:34 2,164,736 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-05-18 01:50:34 118,784 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2007-04-19 19:41:04 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\Opera 2007-04-18 16:16:59 733,824 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-18 16:12:31 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-18 16:12:12 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-18 16:10:01 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-18 16:09:10 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-18 16:07:49 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-18 16:06:59 90,112 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-07 22:03:16 -------- d-----w C:\Program Files\EPSON 2007-04-05 18:15:55 144,357 ----a-w C:\WINDOWS\system32\atiicdxx.dat 2007-03-23 20:23:23 77,824 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2007-03-18 11:55:09 208,384 ----a-w C:\WINDOWS\ADSno.exe 2007-03-17 13:45:03 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-11 17:53:11 16,368 ----a-w C:\DOCUME~1\ADMINI~1\APPLIC~1\GDIPFONTCACHEV1.DAT 2007-03-08 15:48:36 578,048 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:48:36 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:48:36 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 13:49:49 1,843,968 ----a-w C:\WINDOWS\system32\win32k.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 18:12] {53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 02:04] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-18 17:13] “LClock”=“C:\Program Files\LClock\LClock.exe” [2004-09-19 20:57] “SkyTel”=“SkyTel.EXE” [] “ZoneAlarm Client”=“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [2007-01-08 15:29] “StartCCC”=“C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 12:35] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-01-30 15:58] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2006-10-10 11:00] [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “nlsf”=cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” “tscuninstall”=%systemroot%\system32\tscupgrd.exe “nltide3”=cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoDesktopCleanupWizard”=1 (0x1) “NoRemoteRecursiveEvents”=1 (0x1) “ClearRecentDocsOnExit”=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “ClearRecentDocsOnExit”=1 (0x1) “NoStartBanner”=1 (0x1) “NoSMHelp”=1 (0x1) “NoResolveTrack”=1 (0x1) "LinkResolveIgnoreLinkInfo "=1 (0x1) “NoLowDiskSpaceChecks”=1 (0x1) “LinkResolveIgnoreLinkInfo”=1 (0x1) “NoResolveSearch”=1 (0x1) “NoSaveSettings”=0 (0x0) [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer] “ClearRecentDocsOnExit”=1 (0x1) “NoStartBanner”=1 (0x1) “NoSMHelp”=1 (0x1) “NoResolveTrack”=1 (0x1) "LinkResolveIgnoreLinkInfo "=1 (0x1) “NoLowDiskSpaceChecks”=1 (0x1) “LinkResolveIgnoreLinkInfo”=1 (0x1) “NoResolveSearch”=1 (0x1) “NoSaveSettings”=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2006-09-28 15:13] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* ******************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-03 19:15:35 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-06-03 19:16:29 — E O F —
dzieki za zainteresowanie
musti10
(Musti10)
3 Czerwiec 2007 18:31
#5
hmm a niech to. Moze ostatnie zmiany to spowodowaly, ostatnio instalowalem oprogramowanie do karty gr -ati, uaktualnie nie windowsa (tego syfa co mowi ze nie mam licencji ) i ten kodec/program do odtwarzania mrvb Real Alternative. To po tych zabiegach to sie stalo, czy to mozliwe ze ktores z tych programow namieszal w ten sposob?
PS uzywam 2 przegladarek - explorer i maxthon - obie jakby nie znaly html’a :?