Kolejne narzędzie @sUBs'a
do wykonania skanu systemu, programik ściągacie na
pulpit 
i
odpalacie, zobaczycie takie okno dosowe :
czekacie cierpliwie aż wyskoczy log (DDS.txt)
i takie małe okienko :
jeśli naciśniecie "Nie"
, program zakończy działanie takim komunikataem :
natomiast gdy wybierzecie "Tak"
otrzymacie dodatkowego loga (Attach.txt) :
A tak wygląda przykładowo pierwszy log ( widać odrazu trzy
znaki od tzw.Windows
Security Center ) :
DDS
(Version 1.0) - NTFSx86
Run by xxxxxx at 19:54:58.27 on 16/11/2008
Microsoft® Windows Vista™ Home Premium
6.0.6001.1.1252.44.1033.18.766.127 [GMT 0:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\GetRight\getright.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\xxxxx\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Users\dave\Desktop\dds.scr
============== Psuedo HJT Report ===============
uSearchMigratedDefaultURL =
hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://uk.yahoo.com
mDefault_Page_URL = hxxp://uk.yahoo.com
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common
files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program
files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - c:\program
files\getright\xx2gr.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\common
files\symantec shared\coshared\browser\2.0\coIEPlg.dll
BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -
c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program
files\java\jre1.6.0_07\bin\ssv.dll
TB: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} -
c:\windows\system32\eDStoolbar.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\common
files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\common
files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Acer Tour Reminder]
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash
/minimized
uRun: [ISUSPM Startup] "c:\program files\common
files\installshield\updateservice\ISUSPM.exe" -startup
uRun: [BitComet] "c:\program files\bitlord\BitLord.exe"
uRun: [Antispyware] c:\program files\antispyware\Antispyware.exe -boot
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe
-hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Acer Tour]
mRun: [eDataSecurity Loader] c:\acer\empowering
technology\edatasecurity\eDSloader.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eRecoveryService]
mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe
mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
mRun: [SunJavaUpdateSched] "c:\program
files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe"
-atboottime
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [TkBellExe] "c:\program files\common
files\real\update_ob\realsched.exe" -osboot
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE
c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [C1B.tmp] c:\windows\temp\C1B.tmp
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader
8.0\reader\Reader_sl.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program
files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder:
c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk -
c:\acer\empowering technology\eAPLauncher.exe
StartupFolder:
c:\progra~2\micros~1\windows\startm~1\programs\startup\getrig~1.lnk -
c:\program files\getright\getright.exe
uPolicies-system: DisableTaskMgr = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableTaskMgr = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} -
c:\progra~1\java\jr1916~1.0_0\bin\ssv.dll
TCP: {ED5973AF-F337-492D-9BDD-9273F4F194FE} =
85.255.112.108;85.255.112.167
TCP: {F7630AD3-88AB-47A8-8904-55BFBCEDC5FA} =
85.255.112.108;85.255.112.167
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: eNetHook.dll
============= SERVICES / DRIVERS ===============
R1 IDSvix86;Symantec Intrusion Prevention
Driver;\??\c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20081114.002\IDSvix86.sys
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\common
files\symantec shared\ccSvcHst.exe" /h ccCommon
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\SYMNDISV.SYS
S2 Windows Tribute Service;Windows Tribute
Service;c:\windows\system32\kdfgx.exe -srv
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\drivers\COH_Mon.sys
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys
S3 WSVD;WSVD;\??\c:\windows\system32\drivers\WSVD.sys
============== File Associations ===============
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
piffile="%1" %*"
=============== Created Last 30 ================
2008-11-16 19:51 250 ac------ c:\windows\gmer.ini
2008-11-15 19:18 <DIR> -cd-----
c:\users\dave\appdata\roaming\Malwarebytes
2008-11-15 19:18 <DIR> -cd-----
c:\programdata\Malwarebytes
2008-11-15 19:18 <DIR> -cd----- c:\progra~2\Malwarebytes
2008-11-15 19:07 <DIR> -cd-----
c:\users\dave\appdata\roaming\Antispyware
2008-11-15 10:36 <DIR> -cd----- c:\programdata\Grisoft
2008-11-15 10:36 <DIR> -cd----- c:\progra~2\Grisoft
2008-11-15 09:58 318,976 ac------ c:\windows\system32\CF7645.exe
2008-11-13 04:42 <DIR> -cdsh--- C:\$RECYCLE.BIN
2008-11-10 04:01 160 ac------ C:\RPT23432
2008-10-30 10:13 428,544 ac------ c:\windows\system32\EncDec.dll
2008-10-30 10:13 217,088 ac------ c:\windows\system32\psisrndr.ax
2008-10-30 10:13 177,664 ac------ c:\windows\system32\mpg2splt.ax
2008-10-30 10:13 293,376 ac------ c:\windows\system32\psisdecd.dll
2008-10-30 10:13 80,896 ac------ c:\windows\system32\MSNP.ax
2008-10-29 07:52 147,456 ac------ c:\windows\system32\Faultrep.dll
2008-10-29 07:52 125,952 ac------ c:\windows\system32\wersvc.dll
2008-10-29 07:52 443,392 ac------ c:\windows\system32\win32spl.dll
2008-10-28 22:36 823,296 ac------ c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ac------ c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ac------ c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ac------ c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 ac------ c:\windows\system32\DivX.dll
2008-10-28 00:29 <DIR> -cd----- c:\program files\WMR11
2008-10-28 00:13 737,280 ac------ c:\windows\iun6002.exe
2008-10-23 19:28 <DIR> -cd----- C:\DVDVideoSoft
==================== Find3M ====================
2008-11-16 19:39 <DIR> -cd----- c:\program files\iMesh
Applications
2008-11-16 18:22 <DIR> -cd----- c:\progra~2\Symantec
2008-11-14 18:08 <DIR> -cd-----
c:\users\dave\appdata\roaming\iMesh
2008-11-13 03:33 <DIR> -cd----- c:\program files\muvee
Technologies
2008-11-12 19:00 <DIR> -cd----- c:\program files\DivX
2008-11-08 19:57 <DIR> -cd----- c:\program files\WinPcap
2008-11-06 22:00 <DIR> -cd----- c:\program files\common
files\muvee Technologies
2008-11-04 17:56 <DIR> -cd----- c:\program files\common
files\Symantec Shared
2008-11-01 07:36 <DIR> -cd----- c:\program files\Yahoo!
2008-10-23 20:00 <DIR> -cd----- c:\program files\common
files\DVDVideoSoft
2008-10-16 17:12 <DIR> -cd----- c:\program files\Windows
Lotto Pro 2000
2008-10-15 04:47 <DIR> -cd-----
c:\users\dave\appdata\roaming\AVS4YOU
2008-10-15 04:47 <DIR> -cd----- c:\progra~2\AVS4YOU
2008-10-15 04:46 <DIR> -cd----- c:\program files\common
files\AVSMedia
2008-10-12 01:28 413,696 ac------ c:\windows\system32\WebRecDLg.dll
2008-10-02 03:49 827,392 ac------ c:\windows\system32\wininet.dll
2008-09-25 08:03 524,288 ac------ c:\windows\system32\DivXsm.exe
2008-09-25 08:03 196,608 ac------ c:\windows\system32\dtu100.dll
2008-09-25 08:03 81,920 ac------ c:\windows\system32\dpl100.dll
2008-09-25 08:03 53,248 ac------ c:\windows\system32\dpuGUI10.dll
2008-09-25 08:03 593,920 ac------ c:\windows\system32\dpuGUI11.dll
2008-09-25 08:03 344,064 ac------ c:\windows\system32\dpus11.dll
2008-09-25 08:03 57,344 ac------ c:\windows\system32\dpv11.dll
2008-09-25 08:03 294,912 ac------ c:\windows\system32\dpu11.dll
2008-09-25 08:03 294,912 ac------ c:\windows\system32\dpu10.dll
2008-09-25 08:03 161,096 ac------
c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-19 21:57 3,596,288 ac------ c:\windows\system32\qt-dx331.dll
2008-09-19 21:55 1,044,480 ac------ c:\windows\system32\libdivx.dll
2008-09-19 21:55 200,704 ac------ c:\windows\system32\ssldivx.dll
2008-09-19 21:54 12,288 ac------ c:\windows\system32\DivXWMPExtType.dll
2008-09-18 05:09 3,601,464 ac------ c:\windows\system32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ac------ c:\windows\system32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ac------ c:\windows\system32\win32k.sys
2008-07-09 11:15 <DIR> -cd-----
c:\users\dave\appdata\roaming\Symantec
2007-11-06 18:04 <DIR> -cd-----
c:\users\dave\appdata\roaming\STOIK
2007-10-17 22:36 <DIR> -cd----- c:\progra~2\DeskShare
2007-10-14 01:44 <DIR> -cd----- c:\progra~2\NtiDvdCopy
2007-06-27 18:43 <DIR> -cd----- c:\progra~2\Citrix
2007-11-19 18:22 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2007-11-19 18:22 16,384 a--sh---
c:\windows\temp\history\history.ie5\index.dat
2007-11-19 18:22 32,768 a--sh--- c:\windows\temp\temporary internet
files\content.ie5\index.dat
============= FINISH: 19:57:11.36 ===============
a tak wygląda dodatkowy log:
UNLESS
SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Version 1.0)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 23/01/2007 18:49:08
System Uptime: 16/11/2008 19:32:41 (0 hours ago)
Motherboard: Acer | |
Myallm
Processor: AMD Turion(tm) 64 Mobile Technology MK-36 | U1 | 2000/800mhz
BIOS: PhoenixBIOS 4.0 Release
6.1 | ACRSYS -
6040000 | V1.14 | 13/12/2006
==== Disk Partitions =========================
C: is FIXED (NTFS) - 33 GiB total, 6.289 GiB free.
D: is FIXED (NTFS) - 33 GiB total, 18.883 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID:
Description: Mass Storage Controller
Device ID:
PCI\VEN_104C&DEV_803B&SUBSYS_01121025&REV_00\4&2AF5D23A&0&3280
Manufacturer:
Name: Mass Storage Controller
PNP Device ID:
PCI\VEN_104C&DEV_803B&SUBSYS_01121025&REV_00\4&2AF5D23A&0&3280
Service:
==== System Restore Points ===================
==== Installed Programs ======================
3 USB Modem
Acer Arcade Deluxe
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer OrbiCam
Acer OrbiCam
Acer ScreenSaver
Acer Tour
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.3
AppCore
Apple Software Update
AutoUpdate
BitLord 1.1
ccCommon
Component Framework
DivX Codec
DivX Converter
DivX Player
DivX Web Player
eMule
FLV Player 1.3.3
GetRight Pro
Google Earth
HDAUDIO Soft Data Fax Modem with SmartCP
iMesh
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Launch Manager
LightScribe 1.4.124.1
LiveUpdate (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Lotto Pro
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (1.5)
Mpeg2Decoder 1.3
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
muvee autoProducer 6.1
muvee coolStyles 1
muvee coolStyles 2
muvee efx stylePack
muvee Halloween stylePack
muvee Hi-Octane stylePack
muvee Photo-Centric stylePack
muvee photoMemories stylePack
Norton AntiVirus
Norton AntiVirus Help
Norton Confidential Core
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
NTI CD & DVD-Maker
NVIDIA Drivers
OpenOffice.org Installer 1.0
PowerDVD
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Serif PhotoPlus 6.0
Skype™ 3.8
SPBBC 32bit
Symantec Real Time Storage Protection Component
SymNet
Synaptics Pointing Device Driver
Uninstall 1.0.0.1
WinPcap 4.0
WinRAR archiver
WM Recorder 12.0
==== Event Viewer Messages ===================
==== End Of File ===========================
...i tak to mniej więcej wygląda, logi pokazujecie osobie
która ma o tym pojęcie i poda wam dalsze instrukcje.....
