apdjs
(apdjs)
2 Październik 2007 18:38
#1
Poniważ mój poprzedni post został usuniety (znajduje się w “Śmietnik” ) do którego odpowiedział na niego Gutek2222 poprosze o sprawdzenie Loga z HiJack
oraz podanie który Log z ComboFix mam wkleic??
Pozdro
HiJack
Tutaj cytuje wiadomość od Gutek2222:
"O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - (no file)
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach … enSaversFW BInitialSetup1.0.0.15-3.cab
usuń wpisy HJT
Daj log z ComboFix"
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:35:31, on 2007-10-02 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\aawservice.exe C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Kalendarz XP\Kalendarz.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM…\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM…\Run: [siSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe” O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe O8 - Extra context menu item: Download with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: Eksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Export to Microsoft Excel - res://C:\PROGRA~1\MIF269~1\OFFICE11\EXCEL.EXE/3000 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d … o-eula.cab O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://slimak.onet.pl/_m/wirusy/ArcaOnline.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso … 4432270015 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso … 4432251953 O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://217.28.152.19/wg_webeye.cab O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\aawservice.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) – End of file - 4076 bytes
ComboFix
ComboFix 07-10-02.2 - Andrzej 2007-10-02 20:00:05.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.242 [GMT 2:00] Running from: C:\Documents and Settings\Andrzej\Moje dokumenty\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Andrzej\Dane aplikacji\inst.exe . ((((((((((((((((((((((((( Files Created from 2007-09-02 to 2007-10-02 ))))))))))))))))))))))))))))))) . 2007-10-02 19:57 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-02 19:08 2007-10-02 03:20 2007-10-02 03:19 2007-10-02 00:04 2007-10-01 18:56 2007-10-01 15:25 2007-10-01 15:13 717 --a------ C:\WINDOWS\unins000.dat 2007-10-01 02:16 2007-10-01 01:06 2007-10-01 01:06 2007-10-01 01:06 2007-10-01 01:06 2007-09-30 21:01 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-09-30 21:01 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-09-30 20:59 56,096 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-09-30 20:59 1,795,616 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-09-30 20:59 2007-09-30 20:59 2007-09-29 22:45 94,208 --a–c— C:\Documents and Settings\Andrzej\Dane aplikacji\ezplay.sys 2007-09-29 22:45 94,208 --a------ C:\WINDOWS\system32\drivers\ezplay.sys 2007-09-29 22:45 47,360 --a–c— C:\Documents and Settings\Andrzej\Dane aplikacji\pcouffin.sys 2007-09-29 22:45 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-09-29 22:45 2007-09-29 22:45 2007-09-29 20:16 2007-09-29 17:38 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-09-28 23:38 2007-09-28 23:30 2007-09-28 23:25 2007-09-28 19:42 2007-09-28 18:37 68,608 --a–c— C:\WINDOWS\system32\dllcache\iisext51.dll 2007-09-28 18:37 64,512 --a–c— C:\WINDOWS\system32\dllcache\iismap.dll 2007-09-28 18:37 46,592 --a–c— C:\WINDOWS\system32\dllcache\coadmin.dll 2007-09-28 18:37 43,520 --a–c— C:\WINDOWS\system32\dllcache\admwprox.dll 2007-09-28 18:37 31,232 --a–c— C:\WINDOWS\system32\dllcache\iisrstas.exe 2007-09-28 18:37 133,632 --a–c— C:\WINDOWS\system32\dllcache\iisrtl.dll 2007-09-28 18:33 2007-09-28 17:46 2007-09-28 17:03 272,993,000 --a------ C:\WINDOWS\WindowsXP-KB835935-SP2-PLK.exe 2007-09-28 00:20 2007-09-28 00:13 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe 2007-09-27 23:55 2007-09-26 23:31 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2007-09-26 23:31 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-09-26 23:27 2007-09-26 22:38 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-09-26 21:27 359,808 --a–c— C:\WINDOWS\system32\dllcache\TCPIP.SYS 2007-09-26 19:23 2007-09-26 00:48 2007-09-25 10:43 2,327,888 --a------ C:\Program Files\Ad-Aware2007.exe 2007-09-25 09:55 2,250,104 --a------ C:\Program Files\Ad-Watch2007.exe 2007-09-25 09:00 726,376 --a------ C:\Program Files\CEAPI.dll 2007-09-25 09:00 574,808 --a------ C:\Program Files\aawservice.exe 2007-09-25 09:00 255,336 --a------ C:\Program Files\AWCCommunicatorDLL.dll 2007-09-25 09:00 238,944 --a------ C:\Program Files\CookieBlocker.dll 2007-09-25 09:00 214,352 --a------ C:\Program Files\AWCoreComm.dll 2007-09-25 09:00 206,160 --a------ C:\Program Files\AWRegWatchDLL.dll 2007-09-21 18:42 2007-09-21 17:24 2007-09-18 14:40 1,914,224 --a------ C:\Program Files\ProcessWatch.exe 2007-09-17 15:25 202,080 --a------ C:\Program Files\AWProcessWatch.dll 2007-09-16 20:50 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll 2007-09-16 20:50 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll 2007-09-16 20:50 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll 2007-09-16 02:53 2007-09-15 21:05 2007-09-15 15:06 2007-09-14 23:28 2007-09-14 23:21 2007-09-14 22:01 2007-09-14 21:37 2,362,184 -----c— C:\WINDOWS\system32\dllcache\wmvcore.dll 2007-09-14 21:08 2007-09-13 23:05 2007-09-02 22:41 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-02 19:49 --------- d-------- C:\Program Files\Kalendarz XP 2007-10-02 03:44 5996 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2007-10-02 03:44 23660 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2007-10-01 01:00 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-09-30 22:16 --------- d-------- C:\Documents and Settings\Andrzej\Dane aplikacji\OpenOffice.ux.pl2 2007-09-28 00:11 --------- d-------- C:\Program Files\Winamp 2007-09-28 00:11 --------- d-------- C:\Program Files\IrfanView 2007-09-28 00:11 --------- d-------- C:\Program Files\DivX 2007-09-28 00:11 --------- d-------- C:\Program Files\BitComet 2007-09-26 22:17 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS 2007-09-26 21:27 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL 2007-09-26 19:29 --------- d----c— C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2007-09-23 22:48 --------- d-------- C:\Program Files\Mozilla Thunderbird 2007-09-17 23:55 --------- d-------- C:\Program Files\Common Files\Ahead 2007-09-17 17:15 --------- d–h----- C:\Program Files\InstallShield Installation Information 2007-09-15 17:00 --------- d----c— C:\Documents and Settings\All Users\Dane aplikacji\Skype 2007-08-31 11:19 2123128 --a------ C:\Program Files\HostFileEditor.exe 2007-08-31 11:19 1815912 --a------ C:\Program Files\lsupdatemanager.exe 2007-08-30 13:19 87392 --a------ C:\Program Files\AAWTray.exe 2007-08-29 23:00 --------- d----c— C:\Documents and Settings\Andrzej\Dane aplikacji\SmartFTP 2007-08-29 22:10 --------- d----c— C:\Documents and Settings\Andrzej\Dane aplikacji\DivX 2007-08-28 23:43 --------- d----c— C:\Documents and Settings\Andrzej\Dane aplikacji\TuneUp Software 2007-08-28 15:53 --------- d-------- C:\Program Files\MarBit 2007-08-28 15:43 2321408 --a------ C:\WINDOWS\system32\TUKernel.exe 2007-08-28 15:14 --------- d----c— C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software 2007-08-27 10:41 525664 --a------ C:\Program Files\Update.dll 2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-27 01:06 524288 --a------ C:\WINDOWS\system32\DivXsm.exe 2007-07-27 01:06 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-07-27 01:06 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-07-27 01:06 144704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-07-27 01:06 129784 --------- C:\WINDOWS\system32\pxafs.dll 2007-07-27 01:06 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe 2007-07-27 01:06 118520 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-07-27 01:06 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-07-27 01:03 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-07-27 01:03 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-07-27 01:03 81920 --a------ C:\WINDOWS\system32\dpl100.dll 2007-07-27 01:03 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-07-27 01:03 740442 --a------ C:\WINDOWS\system32\DivX.dll 2007-07-27 01:03 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll 2007-07-27 01:03 57344 --a------ C:\WINDOWS\system32\dpv11.dll 2007-07-27 01:03 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll 2007-07-27 01:03 344064 --a------ C:\WINDOWS\system32\dpus11.dll 2007-07-27 01:03 294912 --a------ C:\WINDOWS\system32\dpu11.dll 2007-07-27 01:03 294912 --a------ C:\WINDOWS\system32\dpu10.dll 2007-07-27 01:03 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-07-27 01:03 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2007-07-20 00:57 267112 --a------ C:\WINDOWS\system32\xactengine2_9.dll 2007-07-20 00:54 18280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll 2007-07-19 18:14 444776 --a------ C:\WINDOWS\system32\d3dx10_35.dll 2007-07-19 18:14 3727720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2007-07-19 18:14 1358192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2007-07-11 14:37 636744 --a------ C:\Program Files\PKArchive84cb.dll 2007-07-11 14:37 274432 --a------ C:\Program Files\ProcessWatch.dll 2007-07-11 14:37 162304 --a------ C:\Program Files\unrar.dll 2007-06-07 20:27 188416 --a------ C:\Program Files\upmanager.dll 2004-10-12 12:14 26624 --a------ C:\Program Files\alert.wav . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SiSUSBRG”=“C:\WINDOWS\SiSUSBrg.exe” [2002-07-12 12:15] “SiSRaid”=“C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe” [2004-12-22 18:32] “AVP”=“C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe” [2007-06-28 12:51] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 09:39] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2007-07-10 10:30:27] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2007-07-10 10:30:27] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “appinit_dlls”=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Program Files\Spybot - Search Destroy\TeaTimer.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] “ctfmon.exe”=C:\WINDOWS\system32\ctfmon.exe “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” /tray [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] “WinampAgent”=C:\Program Files\Winamp\winampa.exe “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” “SoundMan”=SOUNDMAN.EXE R0 SiSRaid;SiSRaid;C:\WINDOWS\system32\DRIVERS\SiSRaid.sys R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe -k netsvcs R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - CATCHME . Contents of the ‘Scheduled Tasks’ folder “2007-09-28 15:16:45 C:\WINDOWS\Tasks\1-Click Maintenance.job” - C:[ciagnite rzeczy\SystemOptimizer.exe . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-02 20:12:42 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-02 20:15:18 C:\ComboFix-quarantined-files.txt … 2007-10-02 20:14 . — E O F —
Monczkin
(Monczkin)
2 Październik 2007 18:41
#2
Proszę przeczytać tematy w dziale bezpieczeństwo - zmienić tytuł i opisać problem.