Static.reverse.ltdomains.com

Conti · 13 Stycznia 2008

49.116.232.72.static.reverse.ltdomains.com

Przy starcie systemu IE7 chce natychmiast łączyć się z w/w stroną. A w zasadzie to svhost poprzez IE7 chce to robić. Dla niego problem w tym, że neo mam ustawione na ręczne połączeni a poza tym IE7 jest zablokowany w Kerio.

Szkody to nie robi, poza tym, że jak na razie jest upierdliwe.

Przeskanowałem kompa różnymi programami anty * - nic nie znalazły.

W autostarcie nic nie ma, W startup manager jedyny wpis, którego nie bardzo wiem do czego przypisać to "apaches" Target: "C:\WINDOWS\svhost.exe"

Może ktoś miał już z czymś takim do czynienia i zna receptę ??

Kolobos · 13 Stycznia 2008

Recepta to usuniecie trojanow. Daj logi z hijackthis oraz combofix.

Conti · 13 Stycznia 2008

Po przeskanowaniu ComboFixem wygląda na to, że problem z IE ustąpił. Ciekawe.

Logi z programów

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:56:27, on 2008-01-13

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Kerio\Personal Firewall\persfw.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

D:\Programy\AutoConnect\AutoConnect.exe

C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe

C:\Program Files\The Bat!\thebat.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Documents and Settings\Konrad\Pulpit\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {B5A83A59-8BE9-471F-80B1-EA6EE5F22189} - C:\WINDOWS\system32\cbxurrp.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [apaches] C:\WINDOWS\svhost.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [startup Manager] "C:\Program Files\Advanced System Optimizer\startUp manager.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1194903622828

O17 - HKLM\System\CCS\Services\Tcpip\..\{F17350DD-C1C3-42EB-B48C-B522F445BFE1}: NameServer = 194.204.159.1 217.98.63.164

O20 - Winlogon Notify: cbxurrp - C:\WINDOWS\SYSTEM32\cbxurrp.dll

O20 - Winlogon Notify: winzdn32 - C:\WINDOWS\SYSTEM32\winzdn32.dll

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe

--

End of file - 6593 bytes

Combofix przeskanował, zrestartował kompa i ....

ComboFix 08-01-13.1 - Konrad 2008-01-13 17:14:46.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1630 [GMT 1:00]

Running from: C:\Documents and Settings\Konrad\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\cbxurrp.dll

.

---- Previous Run -------

.

C:\WINDOWS\svhost.exe

C:\WINDOWS\system32\prsgrc.dll

C:\WINDOWS\system32\ssprs.dll

C:\WINDOWS\system32\winzdn32.dll

.

((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))

.

2008-01-13 17:02 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-13 10:16 . 2008-01-13 10:16 <DIR> d-------- C:\Program Files\Advanced System Optimizer

2008-01-13 10:16 . 2008-01-13 10:16 <DIR> d-------- C:\Documents and Settings\Konrad\Dane aplikacji\Systweak

2008-01-12 16:48 . 2008-01-12 16:48 <DIR> d-------- C:\Documents and Settings\Konrad\Dane aplikacji\Sony

2008-01-12 16:48 . 2008-01-12 16:48 <DIR> d-------- C:\Documents and Settings\Konrad\Dane aplikacji\Publish Providers

2008-01-12 16:46 . 2008-01-13 11:42 <DIR> d-------- C:\Program Files\Sony

2008-01-12 16:45 . 2008-01-12 16:45 <DIR> d-------- C:\Program Files\Sony Setup

2008-01-12 13:58 . 2008-01-12 14:22 <DIR> d-------- C:\Documents and Settings\Konrad\Dane aplikacji\Ulead Systems

2008-01-12 13:57 . 2008-01-12 13:57 <DIR> d-------- C:\Program Files\Common Files\InterVideo

2008-01-12 13:56 . 2008-01-12 13:56 <DIR> d-------- C:\Program Files\Windows Media Components

2008-01-12 13:55 . 2008-01-13 11:40 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems

2008-01-09 21:47 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys

2008-01-07 19:42 . 2008-01-07 19:42 <DIR> d-------- C:\Documents and Settings\Konrad\Dane aplikacji\onOne Software

2008-01-07 19:41 . 2008-01-07 19:42 <DIR> d-------- C:\Program Files\onOne Software

2008-01-07 17:04 . 2008-01-07 17:04 252 --a------ C:\WINDOWS\phedit.ini

2008-01-07 16:57 . 2008-01-07 17:06 <DIR> d-------- C:\Program Files\VCW VicMan's Photo Editor

2008-01-07 16:16 . 2008-01-07 16:19 <DIR> d-------- C:\Program Files\XnView

2008-01-07 16:16 . 2008-01-07 16:34 <DIR> d-------- C:\Documents and Settings\Konrad\Dane aplikacji\XnView

2008-01-06 19:32 . 2008-01-06 19:33 <DIR> d-------- C:\Program Files\GIMP-2.0

2008-01-06 16:50 . 2008-01-06 16:55 161,672 --a------ C:\WINDOWS\IMG_0830x.jpg

2008-01-06 16:12 . 2008-01-06 16:12 <DIR> d-------- C:\Program Files\Alien Skin

2008-01-06 13:38 . 2008-01-06 13:38 <DIR> d-------- C:\Documents and Settings\Konrad\Dane aplikacji\AKVIS LLC

2008-01-06 13:12 . 2008-01-06 13:12 <DIR> d-------- C:\Program Files\New Folder

2008-01-06 13:12 . 2008-01-06 16:23 <DIR> d-------- C:\Program Files\AkVis

2008-01-06 12:52 . 2008-01-06 15:35 <DIR> d-------- C:\Program Files\Plug-Ins

2008-01-06 12:17 . 2008-01-06 12:28 <DIR> d-------- C:\Documents and Settings\Konrad\Dane aplikacji\Ashampoo Photo Commander 4

2008-01-06 12:16 . 2008-01-06 12:16 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo

2008-01-06 11:01 . 2008-01-06 11:01 <DIR> d-------- C:\Program Files\Anti Red Eye

2008-01-06 00:47 . 2008-01-06 00:47 <DIR> d-------- C:\Program Files\Serif

2008-01-06 00:47 . 2008-01-06 00:47 <DIR> d-------- C:\Documents and Settings\Konrad\Dane aplikacji\Serif

2008-01-06 00:47 . 1995-07-31 13:44 212,480 --a------ C:\WINDOWS\pcdlib32.dll

2008-01-06 00:21 . 2008-01-06 00:21 <DIR> d-------- C:\Documents and Settings\Konrad\Dane aplikacji\FastStone

2008-01-06 00:20 . 2008-01-06 00:20 <DIR> d-------- C:\Program Files\Seagrand

2008-01-06 00:13 . 2008-01-07 17:08 <DIR> d-------- C:\Program Files\Photobie

2008-01-05 21:00 . 2008-01-05 21:00 <DIR> d-------- C:\Program Files\DCEnhancer

2008-01-05 20:26 . 1996-10-30 09:35 32,768 --a------ C:\WINDOWS\system32\PLUGIN.DLL

2008-01-05 16:40 . 2008-01-05 16:40 <DIR> d-------- C:\Documents and Settings\Konrad\Dane aplikacji\Imagenomic

2008-01-05 16:38 . 2008-01-05 16:38 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\VertusTech

2008-01-05 16:38 . 2008-01-05 16:38 1,024 --a------ C:\WINDOWS\system32\nwd5808.tgz

2008-01-05 16:25 . 2008-01-07 19:55 <DIR> d-------- C:\Documents and Settings\Konrad\Dane aplikacji\Alien Skin

2008-01-04 18:11 . 2008-01-04 18:12 <DIR> d-------- C:\Program Files\Ultra Video Converter

2008-01-04 18:11 . 2003-09-21 07:09 794,624 --a------ C:\WINDOWS\system32\mpgfiltr.ax

2008-01-04 18:11 . 2004-05-26 14:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.ax

2008-01-04 18:11 . 2004-01-11 08:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax

2008-01-01 15:41 . 2008-01-01 15:41 <DIR> d-------- C:\WINDOWS\system32\Futuremark

2008-01-01 15:41 . 2008-01-01 15:41 <DIR> d-------- C:\Program Files\Futuremark

2008-01-01 15:41 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys

2008-01-01 15:41 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd

2008-01-01 15:41 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys

2008-01-01 15:41 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys

2007-12-31 16:52 . 2008-01-07 18:48 <DIR> d-------- C:\Documents and Settings\Konrad\Dane aplikacji\Zoner

2007-12-31 16:50 . 2008-01-08 19:29 <DIR> d-------- C:\Program Files\Zoner

2007-12-30 00:51 . 2008-01-06 19:47 <DIR> d-------- C:\Documents and Settings\Konrad\Dane aplikacji\gtk-2.0

2007-12-30 00:51 . 2007-12-30 00:51 <DIR> d-------- C:\Documents and Settings\Konrad\.thumbnails

2007-12-30 00:49 . 2008-01-06 19:49 <DIR> d-------- C:\Documents and Settings\Konrad\.gimp-2.4

2007-12-29 19:06 . 2007-12-29 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ZoomBrowser

2007-12-26 13:25 . 2007-12-29 19:05 <DIR> d-------- C:\Program Files\Common Files\Canon

2007-12-26 13:25 . 2007-12-26 13:25 <DIR> d-------- C:\Documents and Settings\Konrad\Dane aplikacji\ZoomBrowser EX

2007-12-25 12:23 . 2007-12-25 12:24 <DIR> d-------- C:\Program Files\NAPI-PROJEKT

2007-12-25 11:35 . 2007-12-31 17:57 104 --a------ C:\WINDOWS\VplayerINI.vpl

2007-12-25 11:34 . 2007-12-31 17:57 1,196 --a------ C:\WINDOWS\VPlayer.INI

2007-12-25 11:10 . 2007-12-25 11:10 <DIR> d-------- C:\Program Files\Google

2007-12-25 11:10 . 2008-01-07 15:49 30,224 --ah----- C:\WINDOWS\system32\mlfcache.dat

2007-12-25 11:09 . 2007-12-26 11:37 <DIR> d-------- C:\Program Files\Picasa2

2007-12-24 22:32 . 2007-12-24 22:33 <DIR> d-------- C:\Program Files\Opera

2007-12-22 12:03 . 2007-12-22 16:24 <DIR> d-------- C:\Documents and Settings\Konrad\Dane aplikacji\Thinstall

2007-12-21 09:57 . 2007-12-21 09:57 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\espionServerData

2007-12-21 00:50 . 2007-12-21 00:50 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet

2007-12-21 00:49 . 2007-12-21 00:49 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

2007-12-20 21:05 . 2007-12-20 21:05 <DIR> d-------- C:\Program Files\Executive Software

2007-12-20 00:02 . 2007-12-20 00:02 37,888 --a------ C:\WINDOWS\system32\setupnt.dll

2007-12-19 23:47 . 2007-12-20 00:06 <DIR> d-------- C:\Program Files\Common Files\Acronis

2007-12-19 23:47 . 2007-12-19 23:47 97,248 --a------ C:\WINDOWS\system32\drivers\snapman.sys

2007-12-19 00:13 . 2007-12-19 00:13 <DIR> d-------- C:\Documents and Settings\Konrad\Dane aplikacji\BinarySense

2007-12-19 00:11 . 2007-12-27 19:05 <DIR> d-------- C:\Program Files\Common Files\BinarySense

2007-12-19 00:11 . 2008-01-06 13:58 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2007-12-15 19:16 . 2007-12-15 19:16 <DIR> d-------- C:\WINDOWS\ForceASPI

2007-12-15 19:16 . 2007-12-15 19:15 720,896 --a------ C:\WINDOWS\iun6002.exe

2007-12-13 23:01 . 2007-12-13 23:01 <DIR> d-------- C:\Documents and Settings\Konrad\Dane aplikacji\CyberLink

2007-12-13 16:21 . 2007-12-13 16:21 <DIR> d-------- C:\Program Files\LD-Anime

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-13 10:40 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-01-13 09:45 --------- d-----w C:\Program Files\Common Files\Adobe

2008-01-06 10:15 --------- d-----w C:\Program Files\IrfanView

2008-01-05 19:38 --------- d-----w C:\Program Files\Paint.NET

2007-12-29 18:07 --------- d-----w C:\Program Files\Canon

2007-12-26 11:02 20,640 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys

2007-12-23 18:42 --------- d-----w C:\Program Files\AIMP2

2007-12-17 14:52 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help

2007-12-11 14:49 --------- d-----w C:\Program Files\Microsoft IntelliPoint

2007-11-27 15:53 --------- d-----w C:\Program Files\Paragon Software

2007-11-24 20:48 --------- d-----w C:\Program Files\Defraggler

2007-11-24 18:48 --------- d-----w C:\Documents and Settings\Konrad\Dane aplikacji\Pixmantec

2007-11-18 14:49 --------- d-----w C:\Documents and Settings\Konrad\Dane aplikacji\IrfanView

2007-11-17 19:15 --------- d-----w C:\Documents and Settings\Konrad\Dane aplikacji\Media Player Classic

2007-11-17 19:13 --------- d-----w C:\Program Files\Real Alternative

2007-11-15 23:24 --------- d-----w C:\Documents and Settings\Konrad\Dane aplikacji\Gadu-Gadu

2007-11-14 08:23 --------- d-----w C:\Documents and Settings\Konrad\Dane aplikacji\JGsoft

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-13 00:14 --------- d-----w C:\Program Files\UltraISO

2007-11-13 00:14 --------- d-----w C:\Program Files\Common Files\EZB Systems

2007-11-13 00:12 --------- d-----w C:\Program Files\UltraISO2

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]

"Startup Manager"="C:\Program Files\Advanced System Optimizer\startUp manager.exe" [2007-06-22 11:56 919280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432]

"nwiz"="nwiz.exe" [2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920]

"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]

"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]

"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 28672]

"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38 866816]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]

"NWEReboot"="" []

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]

"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-13 00:23 949376]

"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 12:01 1037736]

"apaches"="C:\WINDOWS\svhost.exe" [ ]

R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-05-30 18:44]

R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys [2002-04-15 12:28]

S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-13 17:17:58

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]

-> C:\Program Files\Eset\pr_imon.dll

.

Completion time: 2008-01-13 17:19:54 - machine was rebooted [Konrad]

ComboFix-quarantined-files.txt 2008-01-13 16:19:45

.

2008-01-09 11:36:40 --- E O F ---

-------------------------------------------------------

Po przeskanowaniu ComboFixem wygląda na to, że problem z IE ustąpił. Ciekawe.

-------------------------------------------------------

Dziękuję

Edytowane 13 Stycznia 2008 przez Conti

kfgz · 13 Stycznia 2008

O20 - Winlogon Notify: cbxurrp - C:\WINDOWS\SYSTEM32\cbxurrp.dll

O20 - Winlogon Notify: winzdn32 - C:\WINDOWS\SYSTEM32\winzdn32.dll

Do kasacji.

Conti · 13 Stycznia 2008

Log z hijack po przeskanowaniu Combofix

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:41, on 2008-01-13

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Kerio\Personal Firewall\persfw.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\WINDOWS\system32\wuauclt.exe

D:\Programy\AutoConnect\AutoConnect.exe

C:\Program Files\The Bat!\thebat.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

I:\_download_\AvFw\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe