Tematyka związana z produktami firmy Microsoft.
Wyślij odpowiedź

Prośba o sprawdzenie loga Z SILENT RUNNERS I HIJACKA

02 Gru 2006, 00:46

witam,

prosze o sparwdzenie loga

z góry wielkie dzięki
grape


"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}
"SigmatelSysTrayApp" = "stsystra.exe" ["SigmaTel, Inc."]
"ASUS Live Update" = "C:Program FilesASUSASUS Live UpdateALU.exe" [empty string]
"ATKMEDIA" = "C:Program FilesASUSATK MediaDMEDIA.EXE" ["ASUSTeK Computer INC."]
"SynTPEnh" = "C:Program FilesSynapticsSynTPSynTPEnh.exe" ["Synaptics, Inc."]
"ABLKSR" = "C:WINDOWSABLKSRABLKSR.exe" ["ASYSTeK Computer INC."]
"ccApp" = ""c:Program FilesCommon FilesSymantec SharedccApp.exe"" ["Symantec Corporation"]
"Power_Gear" = "C:Program FilesASUSPower4 GearBatteryLife.exe 1" ["ASUSTeK Computer Inc."]
"ACMON" = "C:Program FilesASUSSplendidACMON.exe" ["ATK"]
"IntelZeroConfig" = ""C:Program FilesIntelWirelessinCfgSvc.exe"" ["Intel Corporation"]
"(Default)" = "(empty string)" [file not found]
"Symantec NetDriver Monitor" = "C:PROGRA~1SYMNET~1SNDMon.exe /Consumer" ["Symantec Corporation"]
"ISUSPM Startup" = ""C:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe" -startup" ["Macrovision Corporation"]
"ISUSScheduler" = ""C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start" ["Macrovision Corporation"]
"Wireless Console 2" = "C:Program FilesWireless Console 2wcourier.exe" [null data]
"igfxhkcmd" = "C:WINDOWSsystem32hkcmd.exe" ["Intel Corporation"]
"IntelWireless" = ""C:Program FilesIntelWirelessBinifrmewrk.exe" /tf Intel PROSet/Wireless" ["Intel Corporation"]
"igfxtray" = "C:WINDOWSsystem32igfxtray.exe" ["Intel Corporation"]
"igfxpers" = "C:WINDOWSsystem32igfxpers.exe" ["Intel Corporation"]
"EOUApp" = ""C:Program FilesIntelWirelessBinEOUWiz.exe"" ["Intel Corporation"]
"HControl" = "C:WINDOWSATK0100HControl.exe" [empty string]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]
{4E7BD74F-2B8D-469E-A1FB-F862B587B57D}(Default) = (no title provided)
-> {HKLM...CLSID} = "Orange"
InProcServer32(Default) = "C:PROGRA~1orange3orange3.dll" [empty string]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1}(Default) = "Norton Internet Security"
-> {HKLM...CLSID} = "CNisExtBho Class"
InProcServer32(Default) = "c:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll" ["Symantec Corporation"]
{AE7CD045-E861-484f-8273-0445EE161910}(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Conversion Toolbar Helper"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll" ["Adobe Systems Incorporated"]
{BDF3E430-B101-42AD-A544-FADC6B084872}(Default) = "NAV Helper"
-> {HKLM...CLSID} = "CNavExtBho Class"
InProcServer32(Default) = "c:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll" ["Symantec Corporation"]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
InProcServer32(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:Program FilesSynapticsSynTPSynTPCpl.dll" ["Synaptics, Inc."]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0Acrobat ElementsContextMenu.dll" ["Adobe Systems Inc."]
"{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:Program FilesMicrosoft OfficeOfficesoa800.dll" [MS]

HKLMSoftwareMicrosoftWindows NTCurrentVersionWindows
<<!>> "AppInit_DLLs" = "acaptuser32.dll" ["Adobe Systems, Inc."]

HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify
<<!>> igfxcuiDLLName = "igfxdev.dll" ["Intel Corporation"]

HKLMSoftwareClassesFoldershellexColumnHandlers
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."]

HKLMSoftwareClasses*shellexContextMenuHandlers
Adobe.Acrobat.ContextMenu(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0Acrobat ElementsContextMenu.dll" ["Adobe Systems Inc."]
DAP_Menu(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"
-> {HKLM...CLSID} = "DAPMenuShellExt Class"
InProcServer32(Default) = "C:PROGRA~1DAPPRIVAC~1DAPCTX~1.DLL" ["Speedbit Ltd."]
DAP_ShredMenu(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"
-> {HKLM...CLSID} = "DAPMenuShellExt Class"
InProcServer32(Default) = "C:PROGRA~1DAPPRIVAC~1DAPCTX~1.DLL" ["Speedbit Ltd."]
Symantec.Norton.Antivirus.IEContextMenu(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
InProcServer32(Default) = "c:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll" ["Symantec Corporation"]

HKLMSoftwareClassesDirectoryshellexContextMenuHandlers
DAP_ShredMenu(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"
-> {HKLM...CLSID} = "DAPMenuShellExt Class"
InProcServer32(Default) = "C:PROGRA~1DAPPRIVAC~1DAPCTX~1.DLL" ["Speedbit Ltd."]

HKLMSoftwareClassesFoldershellexContextMenuHandlers
Symantec.Norton.Antivirus.IEContextMenu(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
InProcServer32(Default) = "c:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll" ["Symantec Corporation"]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral
"Wallpaper" = "C:WINDOWSsystem32configsystemprofileUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCUControl PanelDesktop
"Wallpaper" = "C:Documents and SettingsŁukaszUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"


Enabled Scheduled Tasks:
------------------------

"Norton AntiVirus - Scan my computer - Łukasz" -> launches: "c:PROGRA~1NORTON~1NORTON~1Navw32.exe /task:"C:Documents and SettingsAll UsersDane aplikacjiSymantecNorton AntiVirusTasksmycomp.sca"" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

Transport Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%system32 svpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCUSoftwareMicrosoftInternet ExplorerToolbarShellBrowser
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {HKLM...CLSID} = "Norton AntiVirus"
InProcServer32(Default) = "c:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll" ["Symantec Corporation"]

HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"
-> {HKLM...CLSID} = "Norton Internet Security"
InProcServer32(Default) = "c:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll" ["Symantec Corporation"]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
-> {HKLM...CLSID} = "Adobe PDF"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll" ["Adobe Systems Incorporated"]
"{4E7BD74F-2B8D-469E-A1FB-F862B587B57D}"
-> {HKLM...CLSID} = "Orange"
InProcServer32(Default) = "C:PROGRA~1orange3orange3.dll" [empty string]

HKLMSoftwareMicrosoftInternet ExplorerToolbar
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security"
-> {HKLM...CLSID} = "Norton Internet Security"
InProcServer32(Default) = "c:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll" ["Symantec Corporation"]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {HKLM...CLSID} = "Norton AntiVirus"
InProcServer32(Default) = "c:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll" ["Symantec Corporation"]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll" ["Adobe Systems Incorporated"]
"{4E7BD74F-2B8D-469E-A1FB-F862B587B57D}" = (no title provided)
-> {HKLM...CLSID} = "Orange"
InProcServer32(Default) = "C:PROGRA~1orange3orange3.dll" [empty string]

Explorer Bars

HKLMSoftwareMicrosoftInternet ExplorerExplorer Bars
{182EC0BE-5110-49C8-A062-BEB1D02A220B}(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll" ["Adobe Systems Incorporated"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLMSoftwareMicrosoftInternet ExplorerExtensions
{FB5F1910-F110-11D2-BB9E-00C04F795683}
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:Program FilesMessengermsmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:WINDOWSINFIERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.asus.com

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe"" ["Symantec Corporation"]
HTTP SSL, HTTPFilter, "C:WINDOWSSystem32svchost.exe -k HTTPFilter" {"C:WINDOWSSystem32w3ssl.dll" [MS]}
Intel(R) PROSet/Wireless Event Log, EvtEng, "C:Program FilesIntelWirelessBinEvtEng.exe" ["Intel Corporation"]
Intel(R) PROSet/Wireless Registry Service, RegSrvc, "C:Program FilesIntelWirelessBinRegSrvc.exe" ["Intel Corporation"]
Intel(R) PROSet/Wireless Service, S24EventMonitor, "C:Program FilesIntelWirelessBinS24EvMon.exe" ["Intel Corporation "]
ISSvc, ISSVC, ""c:Program FilesNorton Internet SecurityISSVC.exe"" ["Symantec Corporation"]
Norton AntiVirus Auto-Protect Service, navapsvc, ""c:Program FilesNorton Internet SecurityNorton AntiVirus
avapsvc.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""c:Program FilesCommon FilesSymantec SharedccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""c:Program FilesCommon FilesSymantec SharedSNDSrvc.exe"" ["Symantec Corporation"]
Symantec Network Proxy, ccProxy, ""c:Program FilesCommon FilesSymantec SharedccProxy.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""c:Program FilesCommon FilesSymantec SharedccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, ""c:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe"" ["Symantec Corporation"]
WUSB54GSv2SVC, WUSB54GSv2SVC, ""C:Program FilesLinksys Wireless-G USB Wireless Network MonitorWLService.exe" "WUSB54GSv2.exe"" ["GEMTEKS"]


Print Monitors:
---------------

HKLMSystemCurrentControlSetControlPrintMonitors
Adobe PDF PortDriver = "C:WINDOWSsystem32AdobePDF.dll" ["Adobe Systems Incorporated."]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 47 seconds, including 26 seconds for message boxes)






Logfile of HijackThis v1.99.1
Scan saved at 23:42:31, on 2006-12-01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
c:Program FilesCommon FilesSymantec SharedccProxy.exe
c:Program FilesCommon FilesSymantec SharedccSetMgr.exe
c:Program FilesNorton Internet SecurityISSVC.exe
c:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
c:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:WINDOWSExplorer.EXE
c:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
c:Program FilesNorton Internet SecurityNorton AntiVirus
avapsvc.exe
C:Program FilesIntelWirelessBinRegSrvc.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesLinksys Wireless-G USB Wireless Network MonitorWLService.exe
C:Program FilesLinksys Wireless-G USB Wireless Network MonitorWUSB54GSv2.exe
C:WINDOWSstsystra.exe
C:Program FilesASUSATK MediaDMEDIA.EXE
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesASUSSplendidACMON.exe
C:Program FilesIntelWirelessinCfgSvc.exe
C:WINDOWSsystem32ACEngSvr.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:Program FilesWireless Console 2wcourier.exe
C:WINDOWSsystem32hkcmd.exe
C:Program FilesIntelWirelessBinifrmewrk.exe
C:WINDOWSsystem32igfxtray.exe
C:WINDOWSsystem32igfxpers.exe
C:Program FilesIntelWirelessBinEOUWiz.exe
C:WINDOWSATK0100HControl.exe
C:WINDOWSsystem32acovcnt.exe
C:WINDOWSATK0100ATKOSD.exe
C:PROGRA~1IntelWirelessBinDot1XCfg.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesInternet Exploreriexplore.exe
c:Program FilesCommon FilesSymantec SharedAdBlockingNSMdtr.exe
C:Program FilesDAPDAP.EXE
C:Program FilesMessengermsmsgs.exe
C:DOCUME~1ŁUKASZUSTAWI~1TempKatalog tymczasowy 2 dla hijackthis.zipHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.asus.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:PROGRA~1orange3orange3.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:PROGRA~1orange3orange3.dll
O4 - HKLM..Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM..Run: [ASUS Live Update] C:Program FilesASUSASUS Live UpdateALU.exe
O4 - HKLM..Run: [ATKMEDIA] C:Program FilesASUSATK MediaDMEDIA.EXE
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [ABLKSR] C:WINDOWSABLKSRABLKSR.exe
O4 - HKLM..Run: [ccApp] "c:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [Power_Gear] C:Program FilesASUSPower4 GearBatteryLife.exe 1
O4 - HKLM..Run: [ACMON] C:Program FilesASUSSplendidACMON.exe
O4 - HKLM..Run: [IntelZeroConfig] "C:Program FilesIntelWirelessinCfgSvc.exe"
O4 - HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe /Consumer
O4 - HKLM..Run: [ISUSPM Startup] "C:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe" -startup
O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [Wireless Console 2] C:Program FilesWireless Console 2wcourier.exe
O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [IntelWireless] "C:Program FilesIntelWirelessBinifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [EOUApp] "C:Program FilesIntelWirelessBinEOUWiz.exe"
O4 - HKLM..Run: [HControl] C:WINDOWSATK0100HControl.exe
O8 - Extra context menu item: &Clean Traces - C:Program FilesDAPPrivacy Packagedapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:Program FilesDAPdapextie.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download &all with DAP - C:Program FilesDAPdapextie2.htm
O8 - Extra context menu item: orange search - file://C:Program FilesORANGE3CacheSelectedContextSearch.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O15 - Trusted Zone: http://*.mks.com.pl
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLMSystemCCSServicesTcpip..{B20DB712-650A-4225-A945-9F9D09FDE953}: NameServer = 10.1.10.254
O20 - AppInit_DLLs: acaptuser32.dll
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxdev.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:Program FilesIntelWirelessBinEvtEng.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:Program FilesNorton Internet SecurityISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:Program FilesNorton Internet SecurityNorton AntiVirus
avapsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:Program FilesIntelWirelessBinS24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - c:Program FilesNorton Internet SecurityNorton AntiVirusSAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:PROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: WUSB54GSv2SVC - Unknown owner - C:Program FilesLinksys Wireless-G USB Wireless Network MonitorWLService.exe" "WUSB54GSv2.exe (file missing)

02 Gru 2006, 13:38

O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxdev.dll


To raczej spyware lub coś gorszego

O4 - HKLM..Run: [ABLKSR] C:WINDOWSABLKSRABLKSR.exe
O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe


co to jest?

P.S. Trzeba zrobić coś z usługami bo masz ich dużo :wink:

02 Gru 2006, 14:41

Arexe napisał(a):
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxdev.dll


To raczej spyware lub coś gorszego

O4 - HKLM..Run: [ABLKSR] C:WINDOWSABLKSRABLKSR.exe
O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe


co to jest?

P.S. Trzeba zrobić coś z usługami bo masz ich dużo :wink:


Niestety nie mogę przyznać Ci racji. Są to wpisy od Intela. Ale nie martw się wielu na tym bład popełnia, bo wyglada podbnie do Purity chociaży.

Do tego ABLKSR to sam nie wiem co to, ale raczej syf.

http://instalki.pl/forum/viewtopic.php?t=6607

Narzędzie z ostatniego postu.

02 Gru 2006, 15:08

Witam,

Dzięki, co mam z tym wszystkim zrobić? i jak? :) i co ztymi usługami?

pozdrawiam,
grape

02 Gru 2006, 15:28

@ Usługi->sstart>>uruchom>>msconfig>>usługi :)
]
Usuwanie

Bardzo przydatna będzie maszynka-> http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

1.. Ściągamy z powyższego linka plik SmitfraudFix.zip i go wypakowujemy.
2.Uruchamiamy poprzez dwuklik plik SmitfraudFix.cmd:
Image
3.Aby stworzyć raport należy wybrać cyfre 1i zatwierdzć ENTEREM. Zrobiony raport podajemy na forum do analizy.
Zostanie utworzony plik C:
apport.txt który automatycznie otworzy się w Notatniku.
4.Aby rozpocząć usuwanie i mieć 100% pewność efektywności działania startujemy do awaryjnego(start>>uruchom>>msconfig>>boot.ini>zanzaczasz safeboot>>restart)
Ponownie uruchamiamy SmitfraudFix.cmd ale tym razem wybieramy liczbę 2 i ENTER:
Image
Czszczenie zostanie uruchomione, co można zauważyć poprzez ubicie procesu explorer.exe i znikniećie pasku zadań. Następnie padnie pytanie you want to clean the registryodpowiadamy, że tak czyli wpisujemy literke Y. Następuje czyszczenie rejestru z restrykcji iresztek śmiecia.
Po tej akcji narzędzie sprawdzi poprawność pliku winnet.dll i ewentualnie w razie problemu zapyta o zastąpienie go czystą wersja("Replace infected file?") Oczywiście wybieramy Y.

Finalnym krokiem jest restart kompa, no i pokazanie efektów na forum. Oby były owocne

02 Gru 2006, 16:17

wklejam raport z SmitFraudFix:

SmitFraudFix v2.126

Scan done at 15:14:36,03, 2006-12-02
Run from C:Documents and SettingsťukaszPulpitSmitfraudFix
OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
Fix run in normal mode

&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo; C:


&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo; C:WINDOWS


&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo; C:WINDOWSsystem


&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo; C:WINDOWSWeb


&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo; C:WINDOWSsystem32


&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo; C:Documents and Settingsťukasz


&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo; C:Documents and SettingsťukaszApplication Data


&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo; Start Menu


&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo; C:DOCUME~1ŁUKASZULUBIONE


&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo; Desktop


&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo; C:Program Files


&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo; Corrupted keys


&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo; Desktop Components

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDesktopComponents]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Moja bieľĄca strona gˆ˘wna"


&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo; Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo; AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
"AppInit_DLLs"="acaptuser32.dll"


&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo; Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]
"System"=""


&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo; pe386-msguard-lzx32


&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo; Scanning wininet.dll infection


&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo;&raquo; End





i co teraz mam zrobić ?

02 Gru 2006, 21:29

www.searchengines.pl/phpbb203/index.php ... 6745&st=30

1 post.

Potem logi z HiJacka i SmitFrauda z opcji nr. 1

wirus

02 Gru 2006, 21:52

hi tesz mam pewien problem weszlem na ostatnie posty i na
» Britney Spears Brutally fucked! i tak sie sklada ze tam byl wirus -.- i narazie ... przeskanowalem avastem i ad-aware se profesional pousuwalem te syfy ale w "treju" nan takie guwno "Cristal System Errors!" i nie wiem jak to usunonc help (wiencej w tym poscie Britney Spears Brutally fucked!)

02 Gru 2006, 22:09

ZRób nowy temat, wklej loga z HiJacka. Uzyj SMitFRaudFixa.

02 Gru 2006, 22:16

...ta wytlumacz to lopatologicznie... bo ja niewiem o co hodzi :/

02 Gru 2006, 22:39

Log z HijackThis'a:
Sciagasz, robisz scan i zawartosc kopiujesz na forum https://www.instalki.pl/download/programy/windows/bezpieczenstwo/antyspyware/hijackthis/
Wyślij odpowiedź