Xavi Napisano 1 Stycznia 2008 Zgłoś Napisano 1 Stycznia 2008 (edytowane) Podejrzewam, że mam keyloggera, antywirus nic nie wykrył. Logi: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:56:03, on 2008-01-01Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\system32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\System32\svchost.exeC:\Clean\Ad Ware\aawservice.exeD:\Program Files\Alwil Software\Avast4\aswUpdSv.exeD:\Program Files\Alwil Software\Avast4\ashServ.exeD:\WINDOWS\system32\spoolsv.exeD:\WINDOWS\system32\nvsvc32.exeD:\WINDOWS\System32\PnkBstrA.exeD:\WINDOWS\System32\svchost.exeD:\Program Files\VMware\VMware Player\vmware-authd.exeD:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exeD:\WINDOWS\system32\vmnat.exeD:\WINDOWS\system32\vmnetdhcp.exeD:\Program Files\Alwil Software\Avast4\ashMaiSv.exeD:\Program Files\Alwil Software\Avast4\ashWebSv.exeD:\WINDOWS\Explorer.EXED:\Program Files\TortoiseSVN\bin\TSVNCache.exeD:\WINDOWS\SOUNDMAN.EXED:\WINDOWS\system32\RunDLL32.exeD:\WINDOWS\system32\ctfmon.exeD:\Program Files\Xfire\Xfire.exeD:\PROGRA~1\Mozilla Firefox\firefox.exeD:\WINDOWS\system32\wuauclt.exeD:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Program Files\Free Download Manager\iefdm2.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\DEVELO~1\Software\Zend\bin\ZENDIE~1.DLLO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Startup: Xfire.lnk = D:\Program Files\Xfire\Xfire.exeO8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - file://D:\Program Files\Free Download Manager\dlfvideo.htmO8 - Extra context menu item: Pobierz w Free Download Manager - file://D:\Program Files\Free Download Manager\dllink.htmO8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://D:\Program Files\Free Download Manager\dlall.htmO8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://D:\Program Files\Free Download Manager\dlselected.htmO8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Developerka\Software\Zend\bin\ZendIEToolbar.dll/DebugCurrent.htmlO8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Developerka\Software\Zend\bin\ZendIEToolbar.dll/DebugNext.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\DEVELO~1\Software\Zend\bin\ZENDIE~1.DLLO9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\DEVELO~1\Software\Zend\bin\ZENDIE~1.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exeO9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - D:\Program Files\Free Download Manager\FUM\fumiebtn.dllO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Clean\Ad Ware\aawservice.exeO23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apache2.2 - Unknown owner - D:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe (file missing)O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exeO23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\System32\PnkBstrA.exeO23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware\VMware Player\vmware-authd.exeO23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - D:\WINDOWS\system32\vmnetdhcp.exeO23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - D:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exeO23 - Service: VMware NAT Service - VMware, Inc. - D:\WINDOWS\system32\vmnat.exe--End of file - 6634 bytes I silent: "Silent Runners.vbs", revision 55, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"CTFMON.EXE" = "D:\WINDOWS\system32\ctfmon.exe" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]"KernelFaultCheck" = "D:\WINDOWS\system32\dumprep 0 -k"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar Helper" \InProcServer32\(Default) = "D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\(Default) = (no title provided) -> {HKLM...CLSID} = "FDMIECookiesBHO Class" \InProcServer32\(Default) = "D:\Program Files\Free Download Manager\iefdm2.dll" [null data]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]"{8903F6C9-25E3-40AC-A98F-E6D35CD0469C}" = "PSPad" -> {HKLM...CLSID} = "PSPad" \InProcServer32\(Default) = "C:\DEVELO~1\Software\PSPADE~1\PSPADS~1.DLL" [null data]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "D:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]"{F49C55B9-D417-45A1-A6E7-D6E057946280}" = "FdmUplShlExt" -> {HKLM...CLSID} = "FdmUplShlExt Class" \InProcServer32\(Default) = "D:\Program Files\Free Download Manager\FUM\fumshext.dll" [null data]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{03DAACC5-10BA-4E3E-9D54-2A569F6B4B87}" = "Sony Ericsson File Manager" -> {HKLM...CLSID} = "Sony Ericsson File Manager" \InProcServer32\(Default) = "D:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll" ["Popwire AB"]"{738D66C6-0149-4D40-84E4-A7BB2D0CE949}" = "Sony Ericsson File Manager" -> {HKLM...CLSID} = "Sony Ericsson File Manager" \InProcServer32\(Default) = "D:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll" ["Popwire AB"]"{30351348-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]"{30351347-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]"{3035134A-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]"{3035134C-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]"{30351346-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]"{30351349-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]"{3035134B-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]"{3035134D-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]"{3035134E-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\<<!>> "AppInit_DLLs" = "wbsys.dll" ["Stardock.Net, Inc"]HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<<!>> WB\DLLName = "D:\Program Files\AlienGUIse\fastload.dll" ["Stardock"]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{30351349-7B7D-4FCC-81B4-1E394CA267EB}\(Default) = (no title provided) -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "D:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]PSPad\(Default) = "{8903F6C9-25E3-40AC-A98F-E6D35CD0469C}" -> {HKLM...CLSID} = "PSPad" \InProcServer32\(Default) = "C:\DEVELO~1\Software\PSPADE~1\PSPADS~1.DLL" [null data]TortoiseSVN\(Default) = "{30351349-7B7D-4FCC-81B4-1E394CA267EB}" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]WinMerge\(Default) = "{4E716236-AA30-4C65-B225-D68BBA81E9C2}" -> {HKLM...CLSID} = "WinMergeShell Class" \InProcServer32\(Default) = "D:\Program Files\WinMerge\ShellExtensionU.dll" [empty string]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "D:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]TortoiseSVN\(Default) = "{30351349-7B7D-4FCC-81B4-1E394CA267EB}" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]WinMerge\(Default) = "{4E716236-AA30-4C65-B225-D68BBA81E9C2}" -> {HKLM...CLSID} = "WinMergeShell Class" \InProcServer32\(Default) = "D:\Program Files\WinMerge\ShellExtensionU.dll" [empty string]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]TortoiseSVN\(Default) = "{30351349-7B7D-4FCC-81B4-1E394CA267EB}" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "D:\Program Files\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\FdmUplShlExt\(Default) = "{F49C55B9-D417-45A1-A6E7-D6E057946280}" -> {HKLM...CLSID} = "FdmUplShlExt Class" \InProcServer32\(Default) = "D:\Program Files\Free Download Manager\FUM\fumshext.dll" [null data]Group Policies {policy setting}:--------------------------------Note: detected settings may not have any effect.HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"MemCheckBoxInRunDlg" = (REG_DWORD) dword:0x00000001{unrecognized setting}"NoStrCmpLogical" = (REG_DWORD) dword:0x00000001{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoChangeAnimation" = (REG_DWORD) dword:0x00000001{unrecognized setting}"NoStrCmpLogical" = (REG_DWORD) dword:0x00000001{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Devices: Allow undock without having to log on}"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000{unrecognized setting}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "%APPDATA%\Mozilla\Firefox\Tapeta pulpitu.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "D:\Documents and Settings\Xavi\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Enabled Screen Saver:---------------------HKCU\Control Panel\Desktop\"SCRNSAVE.EXE" = "D:\WINDOWS\System32\logon.scr" [MS]Startup items in "Xavi" & "All Users" startup folders:------------------------------------------------------D:\Documents and Settings\Xavi\Menu Start\Programy\Autostart"Adobe Gamma" -> shortcut to: "D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]"Xfire" -> shortcut to: "D:\Program Files\Xfire\Xfire.exe" ["Xfire Inc."]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]"{95188727-288F-4581-A48D-EAB3BD027314}" = (no title provided) -> {HKLM...CLSID} = "Zend Studio" \InProcServer32\(Default) = "C:\DEVELO~1\Software\Zend\bin\ZENDIE~1.DLL" [empty string]Extensions (Tools menu items, main toolbar menu buttons)HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\"MenuText" = "Sun Java Console""CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]{A26ABCF0-1C8F-46E7-A67C-0489DC21B9CC}\"ButtonText" = "Zend Studio Toolbar""MenuText" = "Zend Studio"{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS]{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1}\"ButtonText" = "Upload""CLSIDExtension" = "{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1}" -> {HKLM...CLSID} = "FDMUploadBtnForIe Class" \InProcServer32\(Default) = "D:\Program Files\Free Download Manager\FUM\fumiebtn.dll" [null data]Miscellaneous IE Hijack Points------------------------------HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\<<H>> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "*v" (unwritable string) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Ad-Aware 2007 Service, aawservice, ""C:\Clean\Ad Ware\aawservice.exe"" ["Lavasoft AB"]avast! Antivirus, avast! Antivirus, ""D:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]avast! iAVS4 Control Service, aswUpdSv, ""D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]avast! Mail Scanner, avast! Mail Scanner, ""D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]avast! Web Scanner, avast! Web Scanner, ""D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]NVIDIA Display Driver Service, NVSvc, "D:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]PnkBstrA, PnkBstrA, "D:\WINDOWS\System32\PnkBstrA.exe" [null data]VMware Authorization Service, VMAuthdService, "D:\Program Files\VMware\VMware Player\vmware-authd.exe" ["VMware, Inc."]VMware DHCP Service, VMnetDHCP, "D:\WINDOWS\system32\vmnetdhcp.exe" ["VMware, Inc."]VMware NAT Service, VMware NAT Service, "D:\WINDOWS\system32\vmnat.exe" ["VMware, Inc."]VMware Virtual Mount Manager Extended, vmount2, ""D:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe"" ["VMware, Inc."]---------- (launch time: 2008-01-01 11:03:00)<<!>>: Suspicious data at a malware launch point.<<H>>: Suspicious data at a browser hijack point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter.+ To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box.---------- (total run time: 62 seconds, including 18 seconds for message boxes) Edytowane 1 Stycznia 2008 przez Xavi Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach More sharing options...
Kolobos Napisano 1 Stycznia 2008 Zgłoś Napisano 1 Stycznia 2008 W logu nic nie widac. Wywal Yahoo. Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach More sharing options...
