Zaloguj się

Arti222 · 16.07.2008, 03:17

Kod:
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 04:11:06, on 2008-07-16

Platform: Windows XP(WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:Program FilescFosSpeedspd.exe

C:WINDOWSSystem32nvsvc32.exe

C:Program FilesPC Tools AntiVirusPCTAVSvc.exe

C:Program FilesAnalog DevicesSoundMAXSMAgent.exe

C:WINDOWSExplorer.EXE

C:Program FilesPC Tools AntiVirusPCTAV.exe

C:Program FilesJavajre1.5.0_07binjusched.exe

C:Program FilescFosSpeedcFosSpeed.exe

C:WINDOWSSystem32RUNDLL32.EXE

C:WINDOWSSystem32ctfmon.exe

C:Program FilesMessengermsmsgs.exe

C:Program FilesVIARAIDraid_tool.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:Program FilesTrend MicroHijackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_07binssv.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:PROGRA~1FlashFXPIEFlash.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:Program FilesAskSBarbar1.binASKSBAR.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:Program FilesAskSBarbar1.binASKSBAR.DLL

O4 - HKLM..Run: [PCTAVApp] "C:Program FilesPC Tools AntiVirusPCTAV.exe" /MONITORSCAN

O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_07binjusched.exe

O4 - HKLM..Run: [cFosSpeed] C:Program FilescFosSpeedcFosSpeed.exe

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit

O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k

O4 - HKLM..Run: [Windows] C:WINDOWSservices.exe

O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background

O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray

O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized

O4 - HKUSS-1-5-18..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background (User ''SYSTEM'')

O4 - HKUS.DEFAULT..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background (User ''Default user'')

O4 - Startup: hamachi.lnk = C:Program FilesHamachihamachi.exe

O4 - Global Startup: VIA RAID TOOL.lnk = C:Program FilesVIARAIDraid_tool.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_07binssv.dll

O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_07binssv.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm (file missing)

O9 - Extra ''Tools'' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm (file missing)

O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:Program FilescFosSpeedspd.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe

O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:Program FilesPC Tools AntiVirusPCTAVSvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:Program FilesAnalog DevicesSoundMAXSMAgent.exe

--

End of file - 3989 bytes

Kod:
"Silent Runners.vbs", revision 58, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}

"CTFMON.EXE" = "C:WINDOWSSystem32ctfmon.exe" [MS]

"MSMSGS" = ""C:Program FilesMessengermsmsgs.exe" /background" [MS]

"Gadu-Gadu" = ""C:Program FilesGadu-Gadugg.exe" /tray" ["Gadu-Gadu S.A."]

"Skype" = ""C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun {++}

"PCTAVApp" = ""C:Program FilesPC Tools AntiVirusPCTAV.exe" /MONITORSCAN" ["PC Tools Research Pty Ltd"]

"SunJavaUpdateSched" = "C:Program FilesJavajre1.5.0_07binjusched.exe" ["Sun Microsystems, Inc."]

"cFosSpeed" = "C:Program FilescFosSpeedcFosSpeed.exe" ["cFos Software GmbH"]

"NvCplDaemon" = "RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NvMediaCenter" = "RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit" [MS]

"KernelFaultCheck" = "C:WINDOWSsystem32dumprep 0 -k"

"Windows" = "C:WINDOWSservices.exe" [file not found]

HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

InProcServer32(Default) = "C:Program FilesJavajre1.5.0_07binssv.dll" ["Sun Microsystems, Inc."]

{E5A1691B-D188-4419-AD02-90002030B8EE}(Default) = (no title provided)

-> {HKLM...CLSID} = "FlashFXP Helper for Internet Explorer"

InProcServer32(Default) = "C:PROGRA~1FlashFXPIEFlash.dll" ["IniCom Networks, Inc."]

{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}(Default) = "Ask Toolbar BHO"

-> {HKLM...CLSID} = "Ask Toolbar BHO"

InProcServer32(Default) = "C:Program FilesAskSBarbar1.binASKSBAR.DLL" ["Ask.com"]

HKLMSOFTWAREMicrosoftWindowsCurrentVersionShell ExtensionsApproved

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

InProcServer32(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

InProcServer32(Default) = "C:WINDOWSSystem32hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

InProcServer32(Default) = "C:WINDOWSSystem32nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

InProcServer32(Default) = "C:WINDOWSSystem32nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

InProcServer32(Default) = "C:WINDOWSSystem32nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

InProcServer32(Default) = "C:WINDOWSSystem32nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

InProcServer32(Default) = "C:WINDOWSSystem32nvshell.dll" ["NVIDIA Corporation"]

HKLMSOFTWAREClasses*shellexContextMenuHandlers

PCTAVShellExtension(Default) = "{AEEAEC2D-7EE9-4C66-937C-80BF8B03FD54}"

-> {HKLM...CLSID} = "PCTAVShlExt Class"

InProcServer32(Default) = "C:Program FilesPC Tools AntiVirusPCTAVShellExtension.dll" ["PC Tools Research Pty Ltd"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]

HKLMSOFTWAREClassesDirectoryshellexContextMenuHandlers

PCTAVShellExtension(Default) = "{AEEAEC2D-7EE9-4C66-937C-80BF8B03FD54}"

-> {HKLM...CLSID} = "PCTAVShlExt Class"

InProcServer32(Default) = "C:Program FilesPC Tools AntiVirusPCTAVShellExtension.dll" ["PC Tools Research Pty Ltd"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]

HKLMSOFTWAREClassesFoldershellexContextMenuHandlers

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral

"Wallpaper" = "C:WINDOWSWebWallpaperIdylla.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCUControl PanelDesktop

"Wallpaper" = "C:WINDOWSWebWallpaperIdylla.bmp"

Windows Portable Device AutoPlay Handlers

-----------------------------------------

HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAutoplayHandlersHandlers

ASHAshampoo_Burning_Studio_7BURNONARRIVAL

"Provider" = "Ashampoo Burning Studio 7"

"InvokeProgID" = "Ashampoo.BurningStudio7"

"InvokeVerb" = "autoplay-burn"

HKLMSOFTWAREClassesAshampoo.BurningStudio7shellautoplay-burnCommand(Default) = ""C:Program FilesAshampooAshampoo Burning Studio 7burningstudio.exe" -autoplay -selectdrive "%l"" ["ashampoo Technology GmbH & Co. KG"]

ASHAshampoo_Burning_Studio_7COPYONARRIVAL

"Provider" = "Ashampoo Burning Studio 7"

"InvokeProgID" = "Ashampoo.BurningStudio7"

"InvokeVerb" = "autoplay-copy"

HKLMSOFTWAREClassesAshampoo.BurningStudio7shellautoplay-copyCommand(Default) = "C:Program FilesAshampooAshampoo Burning Studio 7burningstudio.exe" -autoplay -selectdrive "%l" -copy" [file not found]

ASHAshampoo_Burning_Studio_7RIPONARRIVAL

"Provider" = "Ashampoo Burning Studio 7"

"InvokeProgID" = "Ashampoo.BurningStudio7"

"InvokeVerb" = "autoplay-rip"

HKLMSOFTWAREClassesAshampoo.BurningStudio7shellautoplay-ripCommand(Default) = ""C:Program FilesAshampooAshampoo Burning Studio 7burningstudio.exe" -autoplay -selectdrive "%l" -rip" ["ashampoo Technology GmbH & Co. KG"]

MSPlayMusicFilesOnArrival

"Provider" = "@wmploc.dll,-6502"

"ProgID" = "WMPShell.HWEventHandler.1"

HKLMSOFTWAREClassesWMPShell.HWEventHandler.1CLSID(Default) = "{9B186A8F-F520-4eeb-B553-118304AC46C5}"

-> {HKLM...CLSID} = "WMP HWEventHandler"

LocalServer32(Default) = "C:WINDOWSSystem32wmpstub.exe" [MS]

MSPlayVideoFilesOnArrival

"Provider" = "@wmploc.dll,-6502"

"ProgID" = "WMPShell.HWEventHandler.1"

HKLMSOFTWAREClassesWMPShell.HWEventHandler.1CLSID(Default) = "{9B186A8F-F520-4eeb-B553-118304AC46C5}"

-> {HKLM...CLSID} = "WMP HWEventHandler"

LocalServer32(Default) = "C:WINDOWSSystem32wmpstub.exe" [MS]

WinampMTPHandler

"Provider" = "Winamp"

"ProgID" = "Shell.HWEventHandlerShellExecute"

"InitCmdLine" = "C:Program FilesWinampwinamp.exe"

HKLMSOFTWAREClassesShell.HWEventHandlerShellExecuteCLSID(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

-> {HKLM...CLSID} = "ShellExecute HW Event Handler"

LocalServer32(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

WinampPlayMediaOnArrival

"Provider" = "Winamp"

"InvokeProgID" = "Winamp.File"

"InvokeVerb" = "Play"

HKLMSOFTWAREClassesWinamp.FileshellPlaycommand(Default) = ""C:Program FilesWinampwinamp.exe" "%1"" ["Nullsoft"]

HKLMSOFTWAREClassesWinamp.FileshellPlayDropTargetCLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"

-> {HKLM...CLSID} = (no title provided)

LocalServer32(Default) = ""C:Program FilesWinampwinamp.exe"" ["Nullsoft"]

Startup items in "Arti" & "All Users" startup folders:

------------------------------------------------------

C:Documents and SettingsAll UsersMenu StartProgramyAutostart

"VIA RAID TOOL" -> shortcut to: "C:Program FilesVIARAIDraid_tool.exe" ["VIA Technologies"]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLMSYSTEMCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}

000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]

000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

Transport Service Providers

HKLMSYSTEMCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}

0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

C:Program FilesCommon FilesPC ToolsLspPCTLsp.dll ["PC Tools Research Pty Ltd."], 01 - 03, 09

%SystemRoot%system32mswsock.dll [MS], 04 - 06, 10 - 19

%SystemRoot%system32rsvpsp.dll [MS], 07 - 08

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKLMSOFTWAREMicrosoftInternet ExplorerToolbar

"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" = (no title provided)

-> {HKLM...CLSID} = "Ask Toolbar"

InProcServer32(Default) = "C:Program FilesAskSBarbar1.binASKSBAR.DLL" ["Ask.com"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLMSOFTWAREMicrosoftInternet ExplorerExtensions

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in"

InProcServer32(Default) = "C:Program FilesJavajre1.5.0_07binssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.5.0_07"

InProcServer32(Default) = "C:Program FilesJavajre1.5.0_07binnpjpi150_07.dll" ["Sun Microsystems, Inc."]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

cFosSpeed System Service, cFosSpeedS, ""C:Program FilescFosSpeedspd.exe" -service" ["cFos Software GmbH"]

NVIDIA Display Driver Service, NVSvc, "C:WINDOWSSystem32nvsvc32.exe" ["NVIDIA Corporation"]

PC Tools AntiVirus Engine, PCTAVSvc, ""C:Program FilesPC Tools AntiVirusPCTAVSvc.exe"" ["PC Tools Research Pty Ltd"]

SoundMAX Agent Service, SoundMAX Agent Service (default), "C:Program FilesAnalog DevicesSoundMAXSMAgent.exe" ["Analog Devices, Inc."]

Windows User Mode Driver Framework, UMWdf, "C:WINDOWSSystem32wdfmgr.exe" [MS]

---------- (launch time: 2008-07-16 16:05:05)

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

took 501 seconds.

---------- (total run time: 3490 seconds)

Oto moje logi z Hijacka i Silenta. Wystawiłem je, ponieważ obawiam się, że pomimo moich prób usunięcia keyloggera z komputera chyba nadal tam został. (ponowna instalacja systemu, lecz nie wiem czy format coś dał bo gdy chciałem zainstalować system pisało, że już jest) Prosiłbym o sprawdzenie wyników i poinformowanie mnie czy pośród procesów nie ma podejrzanych rzeczy.

@edit

Wydaje mi się, że teraz jest już wszystko ok. W razie jakichkolwiek niedociągnięć proszę o powiadomienie.

Zaloguj się
Login:
Hasło:	Nie pamiętam hasła
	Zapamiętaj mnie