Prosze o sprawdzenie loga -restartuje sie jak chce!

INSTALKI.pl - programy, gry, sterowniki

Logi, zabezpieczenie komputera, danych. Programy antywirusowe antyspyware, firewall itp.

Regulamin forum

1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
Wyślij odpowiedź
 
macao1
  • macao1
  • Posty: 12
  • Dołączenie: 03 Paź 2007, 22:13

Prosze o sprawdzenie loga -restartuje sie jak chce!

05 Paź 2007, 13:22

Bardzo prosze o sprawdzenie ponizszego loga. Komputer restartuje mi sie na dzien dobry po kilka razy, a potem przewaznie jest ok! Podobno moze to byc wina Kaspersky-go, ale mam go od 2 lat i do tej pory bylo ok.
W logboek widze najczesciej cos takiego:


Identyfikator zdarzenia: 7031
Źródło zdarzenia: Menedżer sterowania usługami
Opis: Usługa Aplikacja systemowa modelu COM+ niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 1000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.
Identyfikator zdarzenia: 4689
Źródło zdarzenia: COM+
Opis: Środowisko czasu wykonania wykryło niespójność swego stanu wewnętrznego. Wskazuje to na potencjalną niestabilność procesu, która mogła zostać spowodowana przez działające w aplikacji COM+ składniki użytkownika, używane przez nie składniki lub inne czynniki. Błąd w pliku d:\qxp_slp\com\com1x\src\comsvcs\events\lcedisp.cpp(129), hr = 80040206: Nie można współuczestniczyć w tworzeniu obiektu EventSystem.





ComboFix 07-10-03.7 - Gebruiker 2007-10-05 10:09:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.232 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn ontvangen bestanden\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Fonts\acrsecI.fon

.
(((((((((((((((((((( Bestanden Gemaakt van 2007-09-05 to 2007-10-05 ))))))))))))))))))))))))))))))
.

2007-10-05 10:08 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-02 22:10 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\Apple Computer
2007-10-02 21:46 <DIR> d-------- C:\Program Files\QuickTime
2007-10-02 21:46 <DIR> d-------- C:\Program Files\Apple Software Update
2007-10-02 21:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-02 21:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-09-28 22:15 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-09-23 22:10 <DIR> d-------- C:\Program Files\IrfanView
2007-09-22 22:10 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\WinRAR
2007-09-21 22:47 23 --ahs---- C:\WINDOWS\system32\dbffcbfaef3_r.dll
2007-09-21 22:46 <DIR> d-------- C:\Program Files\jv16 PowerTools 2007
2007-09-21 15:31 40,960 --a------ C:\WINDOWS\system32\ssubtmr6.dll
2007-09-21 15:31 159,744 --a------ C:\WINDOWS\system32\wt_menu.dll
2007-09-21 15:31 <DIR> d-------- C:\Program Files\Smarty Uninstaller Pro
2007-09-20 18:13 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-09-20 18:13 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-09-20 18:10 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2007-09-20 18:10 <DIR> d-------- C:\Program Files\MSECACHE
2007-09-20 13:48 <DIR> d-------- C:\Program Files\RegCleaner
2007-09-18 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-09-11 18:59 <DIR> d-------- C:\Documents and Settings\LocalService\Bureaublad
2007-09-11 18:55 <DIR> d-------- C:\Program Files\CCleaner
2007-09-11 18:27 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2007-09-11 18:27 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
2007-09-11 18:27 <DIR> d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
2007-09-11 18:27 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
2007-09-11 18:27 <DIR> d-------- C:\Documents and Settings\Administrator\Mijn documenten
2007-09-11 18:27 <DIR> d-------- C:\Documents and Settings\Administrator\Favorieten
2007-09-11 18:27 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
2007-09-11 13:33 <DIR> d--h----- C:\WINDOWS\PIF

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-05 10:10 38528032 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-05 10:05 --------- d-------- C:\Documents and Settings\Gebruiker\Application Data\Skype
2007-10-05 08:50 --------- d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-03 22:22 518468 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-03 22:22 1911840 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-10-03 22:22 182396 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-09-23 00:00 --------- d-------- C:\Program Files\Common Files\Ahead
2007-09-19 15:00 162064 --a------ C:\WINDOWS\system32\drivers\U_E3.tmp
2007-09-18 16:15 162064 --a------ C:\WINDOWS\system32\drivers\U_EA.tmp
2007-09-11 19:33 --------- d-------- C:\Program Files\Incredimail
2007-08-30 14:55 --------- d-------- C:\Program Files\Common Files\Download Manager
2007-08-23 21:42 --------- d-------- C:\Program Files\MSXML 4.0
2007-08-22 20:17 --------- d-------- C:\Program Files\Lavalys
2007-08-22 20:16 --------- d-------- C:\Program Files\Sciagane
2007-08-22 18:38 --------- d-------- C:\Program Files\SiSoftware
2007-08-22 14:39 --------- d-------- C:\Documents and Settings\Gebruiker\Application Data\Ahead
2007-08-22 14:14 --------- d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-08-22 13:18 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-08-22 12:46 --------- d-------- C:\Program Files\File Recover
2007-08-19 20:23 --------- d-------- C:\Documents and Settings\Gebruiker\Application Data\LimeWire
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-02-14 17:44 3044944 --a------ C:\Program Files\LimeWireWin.exe
2005-10-02 16:00 457 --a------ C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-12-06 01:38]
"Update 3400C"="C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\update.exe" [2001-12-18 11:37]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-13 03:48]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-03-30 13:34]
"IncrediMail"="C:\Program Files\Incredimail\bin\IncMail.exe" [2007-08-21 11:44]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:33]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" [2000-07-19 05:30]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2006-08-06 11:46]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 06:31:04]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-09-05 00:23:00]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-09-07 20:11:32]
Ulead Photo Express 4.0 SE Calendar Checker .lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2005-08-12 13:41:59]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 06:31:04]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-09-05 00:23:00]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-09-07 20:11:32]
Ulead Photo Express 4.0 SE Calendar Checker .lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2005-08-12 13:41:59]


R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe"
R3 klim5;klim5;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 STAC97NA;SigmaTel 3D Environmental Audio;C:\WINDOWS\system32\drivers\stac97na.sys
R3 STAC97NH;STAC97NH;C:\WINDOWS\system32\drivers\stac97nh.sys
R3 VX3000;VX-3000;C:\WINDOWS\system32\DRIVERS\VX3000.sys
S3 CtlCam;Video Blaster WebCam Go Plus (WDM);C:\WINDOWS\system32\DRIVERS\Wcgopvid.sys

*Newly Created Service* - CATCHME
.
Inhoud van de 'Gedeelde Taken' map
"2007-10-02 19:46:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-05 10:10:48
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2007-10-05 10:11:41
C:\ComboFix-quarantined-files.txt ... 2007-10-05 10:11
.
--- E O F ---
 
slake1
  • slake1
  • Posty: 147
  • Dołączenie: 22 Lip 2007, 16:01

05 Paź 2007, 15:35

C:\WINDOWS\system32\drivers\U_E3.tmp
C:\WINDOWS\system32\drivers\U_EA.tmp


Pliki przeskanuj na http://virustotal.com i podaj wynik skanowania.

Pokaż log z HijackThis i Silent Runners.
 
macao1
  • macao1
  • Posty: 12
  • Dołączenie: 03 Paź 2007, 22:13

05 Paź 2007, 19:32

Bestand U_E3.tmp ontvangen op 2007.10.05 18:05:32 (CET)
Huidig status: Einde
Resultaat: 0/31 (0%)

Bestand U_EA.tmp ontvangen op 2007.10.05 18:30:17 (CET)
Huidig status: Einde
Resultaat: 0/32 (0%)

To rezultaty skanowania virustotal.
 
macao1
  • macao1
  • Posty: 12
  • Dołączenie: 03 Paź 2007, 22:13

A to logo z HijackThis

05 Paź 2007, 20:00

Logfile of HijackThis v1.99.1
Scan saved at 19:54:59, on 5/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\update.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn ontvangen bestanden\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [Update 3400C] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\update.exe 3400C+
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\Incredimail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/do ... se5059.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
 
slake1
  • slake1
  • Posty: 147
  • Dołączenie: 22 Lip 2007, 16:01

05 Paź 2007, 20:23

Przeskanuj jeszcze plik:

O4 - HKLM\..\Run: [Update 3400C] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\update.exe 3400C+


O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - (no file)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -


Fix.

Pokaż log z Silent Runners.
 
macao1
  • macao1
  • Posty: 12
  • Dołączenie: 03 Paź 2007, 22:13

05 Paź 2007, 21:50

"I logo z Silent Runnersa"

"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"IncrediMail" = "C:\Program Files\Incredimail\bin\IncMail.exe /c" ["IncrediMail, Ltd."]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" [file not found]
"MoneyAgent" = "C:\Program Files\Microsoft Money\System\Money Express.exe" [MS]
"Magentic" = "C:\PROGRA~1\Magentic\bin\Magentic.exe /c" [empty string]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"VX3000" = "C:\WINDOWS\vVX3000.exe" [MS]
"Update 3400C" = "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\update.exe 3400C+" ["Hewlett-Packard"]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]
"LifeCam" = ""C:\Program Files\Microsoft LifeCam\LifeExp.exe"" [MS]
"UnlockerAssistant" = ""C:\Program Files\Unlocker\UnlockerAssistant.exe"" [null data]
"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"" ["Kaspersky Lab"]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype add-on (mastermind)"
-> {HKLM...CLSID} = "Skype add-on (mastermind)"
\InProcServer32\(Default) = "C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL" ["Skype Technologies S.A."]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Configuratiescherm-uitbreiding Beeldscherm-panning"
-> {HKLM...CLSID} = "Configuratiescherm-uitbreiding Beeldscherm-panning"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-pictogramuitbreiding"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki dla ochrony WWW"
-> {HKLM...CLSID} = "Statystyki dla ochrony WWW"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mijn Gedeelde mappen"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" [file not found]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" [file not found]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" [file not found]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
IMMenuShellExt\(Default) = "{F8984111-38B6-11D5-8725-0050DA2761C4}"
-> {HKLM...CLSID} = "IMMenuShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\Incredimail\bin\ImShExtU.dll" ["IncrediMail, Ltd."]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll" ["Kaspersky Lab"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll" ["Kaspersky Lab"]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Magentic\Runtime\Magentic Wallpaper.bmp"


Startup items in "Gebruiker" & "All Users" startup folders:
-----------------------------------------------------------

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"Microsoft Works Calendar Reminders" -> shortcut to: "C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe" ["Microsoft&reg; Corporation"]
"NkbMonitor.exe" -> shortcut to: "C:\Program Files\Nikon\PictureProject\NkbMonitor.exe" ["Nikon Corporation"]
"Ulead Photo Express 4.0 SE Calendar Checker " -> shortcut to: "C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe" ["Ulead Systems, Inc."]


Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 25
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"
-> {HKLM...CLSID} = "&Links"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statystyki dla ochrony WWW"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_02"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_02"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll" ["Sun Microsystems, Inc."]

{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
"ButtonText" = "Statystyki dla ochrony WWW"

{77BF5300-1474-4EC7-9980-D32B190E9B07}\
"ButtonText" = "Skype"
"CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}"
-> {HKLM...CLSID} = "Skype add-on (button)"
\InProcServer32\(Default) = "C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL" ["Skype Technologies S.A."]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Logical Disk Manager Administrative-service, dmadmin, "C:\WINDOWS\System32\dmadmin.exe /com" ["Microsoft Corp., Veritas Software"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
Messenger USN Journal Reader service voor Gedeelde mappen, usnjsvc, ""C:\Program Files\MSN Messenger\usnsvc.exe"" [MS]
MSCamSvc, MSCamSvc, ""C:\Program Files\Microsoft LifeCam\MSCamS32.exe"" [MS]
Network Provisioning Service, xmlprov, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\xmlprov.dll" [MS]}
SmartLinkService, SLService, "slserv.exe" ["Smart Link"]
WMI-prestatieadapter, WmiApSrv, "C:\WINDOWS\System32\wbem\wmiapsrv.exe" [MS]


---------- (launch time: 2007-10-05 21:45:08)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 70 seconds, including 18 seconds for message boxes)
Wyślij odpowiedź
Switch to full style

Powered by phpBB © phpBB Group.

phpBB Mobile / SEO by Artodia.

Strona główna