x-kom hosting

[rozwiązany]błagam O Sprawdzenie Loga

Gość
utworzono
utworzono

oto log z HijackThisa ,, nie wiem co się stało ale mój komp chodzi ok. 15 razy wolniej nawet sie zacina podcza pisania tego tematu bo za szybko pisze , wlasnie robie skana kasperskym, zobaczymy ,moze to jakis wirus , narazie prosze o sprawdzenie loga ,

PS:ta stronka zawsze wchodzila mi w góra 3 sekund , teraz 28! zaraz wybuchne...

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:37:14, on 2007-11-17Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\tcpsvcs.exeC:\WINDOWS\system32\mqsvc.exeC:\WINDOWS\system32\mqtgsvc.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Winamp5,5\winamp.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\explorer.exeC:\Program Files\FlashGet\flashget.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\MotoMidMan\MotoMidMan_0.38PL\MotoMidMan.exeC:\WINDOWS\system32\cidaemon.exeC:\Program Files\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allegro.pl/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exeO4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dllO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [P2kAutostart] V493O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: BTTray.lnk = ?O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htmO8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htmO8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe--End of file - 7053 bytes

SilentRunners

"Silent Runners.vbs", revision 52, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"High Definition Audio Property Page Shortcut" = "HDAShCut.exe" ["Windows ® Server 2003 DDK provider"]"ISUSPM Startup" = "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup" ["InstallShield Software Corporation"]"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"" ["Kaspersky Lab"]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]"MsmqIntCert" = "regsvr32 /s mqrt.dll" [MS]"bpk" = "C:\WINDOWS\system32\bpk.exe" [null data]"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]"ISUSScheduler" = ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"]"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]HKLM\Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer"										\StubPath   = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE" [MS]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Skype add-on (mastermind)"				   \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = "flashget urlcatch"  -> {HKLM...CLSID} = "FGCatchUrl"				   \InProcServer32\(Default) = "C:\Program Files\FlashGet\jccatch.dll" ["www.flashget.com"]{75787F5C-BAC4-926A-E694-B76EFBE898ED}\(Default) = (no title provided)  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\WINDOWS\system32\zsdssdqu.dll" [null data]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)  -> {HKLM...CLSID} = "SSVHelper Class"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Google Toolbar Helper"				   \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Google Toolbar Notifier BHO"				   \InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll" ["Google Inc."]{F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided)  -> {HKLM...CLSID} = "FlashGet GetFlash Class"				   \InProcServer32\(Default) = "C:\Program Files\FlashGet\getflash.dll" ["www.flashget.com"]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.0.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.0.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.0.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.0.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]"{00020000-0000-1011-8004-0000C06B5161}" = "WIBU-SYSTEMS Shell Extension"  -> {HKLM...CLSID} = "WIBU-SYSTEMS Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\WIBU-SYSTEMS\System\WibuShellExt.dll" ["WIBU-SYSTEMS AG"]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"  -> {HKLM...CLSID} = "UnlockerShellExtension"				   \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"  -> {HKLM...CLSID} = "Moje miejsca interfejsu Bluetooth"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation."]"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki dla ochrony WWW"  -> {HKLM...CLSID} = "Statystyki dla ochrony WWW"				   \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"  -> {HKLM...CLSID} = "DesktopContext Class"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"  -> {HKLM...CLSID} = "NVIDIA CPL Extension"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"  -> {HKLM...CLSID} = "Desktop Explorer"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"  -> {HKLM...CLSID} = "nView Desktop Context Menu"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Uniwersalne urządzenia Plug and Play"  -> {HKLM...CLSID} = "Uniwersalne urządzenia Plug and Play"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"  -> {HKLM...CLSID} = "WPDShServiceObj Class"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]HKLM\Software\Classes\Folder\shellex\ColumnHandlers\{00020000-0000-1011-8004-0000C06B5161}\(Default) = (no title provided)  -> {HKLM...CLSID} = "WIBU-SYSTEMS Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\WIBU-SYSTEMS\System\WibuShellExt.dll" ["WIBU-SYSTEMS AG"]{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.0.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"  -> {HKLM...CLSID} = "PDF Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\Software\Classes\*\shellex\ContextMenuHandlers\DaemonShellExtImage\(Default) = "{40966797-8FFE-46C8-9EF8-7003F33CCF0F}"  -> {HKLM...CLSID} = "DaemonShellExtImage Class"				   \InProcServer32\(Default) = "C:\Program Files\DAEMON Tools Pro\imgshl32.dll" ["DT Soft Ltd."]Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll" ["Kaspersky Lab"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll" ["Kaspersky Lab"]UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"  -> {HKLM...CLSID} = "UnlockerShellExtension"				   \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"  -> {HKLM...CLSID} = "UnlockerShellExtension"				   \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoInstrumentation" = (REG_DWORD) hex:0x00000001{unrecognized setting}HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) hex:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\Użytkownik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Startup items in "Użytkownik" & "All Users" startup folders:------------------------------------------------------------C:\Documents and Settings\All Users\Menu Start\Programy\Autostart"BTTray" -> shortcut to: "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" ["Broadcom Corporation."]Enabled Scheduled Tasks:------------------------"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" [file not found]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]000000000005\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS]000000000006\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS]Transport Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 24%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"  -> {HKLM...CLSID} = "&Google"				   \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"  -> {HKLM...CLSID} = "&Google"				   \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]HKLM\Software\Microsoft\Internet Explorer\Toolbar\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)  -> {HKLM...CLSID} = "&Google"				   \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]Explorer BarsHKLM\Software\Microsoft\Internet Explorer\Explorer Bars\HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statystyki dla ochrony WWW"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]Extensions (Tools menu items, main toolbar menu buttons)HKLM\Software\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\"MenuText" = "Sun Java Console""CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"  -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]  -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\"ButtonText" = "Statystyki dla ochrony WWW"{77BF5300-1474-4EC7-9980-D32B190E9B07}\"ButtonText" = "Skype""CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}"  -> {HKLM...CLSID} = "Skype add-on (button)"				   \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]{CCA281CA-C863-46EF-9331-5C8D4460577F}\"ButtonText" = "@btrez.dll,-4015""MenuText" = "@btrez.dll,-12650""Script" = "C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm" [null data]{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\"ButtonText" = "FlashGet""MenuText" = "FlashGet""Exec" = "C:\Program Files\FlashGet\FlashGet.exe" ["FlashGet.com"]{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]Miscellaneous IE Hijack Points------------------------------HKLM\Software\Microsoft\Internet Explorer\AboutURLs\<<H>> "Tabs" = "res://ieframe.dll/tabswelcome.htm" [file not found]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."]Bluetooth Service, btwdins, "C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe" ["Broadcom Corporation."]Karta wydajności WMI, WmiApSrv, "C:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS]Kaspersky Internet Security 7.0, AVP, ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r" ["Kaspersky Lab"]Message Queuing, MSMQ, "C:\WINDOWS\system32\mqsvc.exe" [MS]Message Queuing Triggers, MSMQTriggers, "C:\WINDOWS\system32\mqtgsvc.exe" [MS]nTune Service, nTuneService, "C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe /StartService" ["NVIDIA"]NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]Odbiornik RIP, Iprip, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\iprip.dll" [MS]}PnkBstrA, PnkBstrA, "C:\WINDOWS\system32\PnkBstrA.exe" [null data]SecuROM User Access Service (V7), UserAccess7, "C:\WINDOWS\system32\UAService7.exe" [null data]Usługa Pomocnik IPv6, 6to4, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]}Usługi Simple TCP/IP, SimpTcp, "C:\WINDOWS\system32\tcpsvcs.exe" [MS]Print Monitors:---------------HKLM\System\CurrentControlSet\Control\Print\Monitors\Port drukarki interfejsu Bluetooth\Driver = "bthcrp.dll" ["Broadcom Corporation."]---------- (launch time: 2007-11-17 08:25:20)<<!>>: Suspicious data at a malware launch point.<<H>>: Suspicious data at a browser hijack point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ To search all directories of local fixed drives for DESKTOP.INI  DLL launch points, use the -supp parameter or answer "No" at the  first message box and "Yes" at the second message box.---------- (total run time: 72 seconds, including 18 seconds for message boxes)

GoBi
komentarz
komentarz

Czy to twój keylogger świadomie zaintalowany ? bo masz keylogger'a.....

Gość
komentarz
komentarz

hmm... ja go tam nie wrzucałem ! , zaraz wrzuce log z SilentRunners i podajcie mi logi do skasowania :szacunek: wogule jakos ostatnio syfi mi sie komp :( a mam Kasperskiego 7.0.125 ...

GoBi
komentarz
komentarz

Skasuj pogrubione pliki w trybie awaryjnym i wyłącz przywracanie systemu na ten czas:

C:\WINDOWS\system32\bpk.exe

O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)

O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

Nastepnie wejdz na http://www.virustotal.com/

I wyślji ten plik

C:\WINDOWS\system32\zsdssdqu.dll
Gość
komentarz
komentarz

wykozaczona stronka, skanuje plik wieloma antywirusami .dokładnie to 32-oma , moj wynik to 13/32.40,63% ze to wirus , co ? kasować?

GoBi
komentarz
komentarz

Skopiuj raport i wklej go tutaj

Gość
komentarz
komentarz

File zsdssdqu.dll received on 11.17.2007 09:34:25 (CET)

Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 13/32 (40.63%)

AhnLab-V3 2007.11.17.0 2007.11.16 -

AntiVir 7.6.0.34 2007.11.16 ADSPY/PuritySc.CG.2

Authentium 4.93.8 2007.11.17 -

Avast 4.7.1074.0 2007.11.16 Win32:Agent-RY

AVG 7.5.0.503 2007.11.17 Adware Generic2.SUO

BitDefender 7.2 2007.11.17 -

CAT-QuickHeal 9.00 2007.11.16 -

ClamAV 0.91.2 2007.11.17 -

DrWeb 4.44.0.09170 2007.11.17 -

eSafe 7.0.15.0 2007.11.14 Spyware.Purityscan

eTrust-Vet 31.2.5302 2007.11.17 -

Ewido 4.0 2007.11.16 -

FileAdvisor 1 2007.11.17 Low threat detected

Fortinet 3.11.0.0 2007.10.19 -

F-Prot 4.4.2.54 2007.11.16 -

F-Secure 6.70.13030.0 2007.11.16 -

Ikarus T3.1.1.12 2007.11.17 not-a-virus:AdWare.Win32.PurityScan.ak

Kaspersky 7.0.0.125 2007.11.17 -

McAfee 5165 2007.11.16 -

Microsoft 1.3007 2007.11.17 Spyware:Win32/MediaTicketsCDT

NOD32v2 2665 2007.11.17 probably a variant of Win32/Adware.PurityScan

Norman 5.80.02 2007.11.16 -

Panda 9.0.0.4 2007.11.17 Adware/PurityScan

Prevx1 V2 2007.11.17 -

Rising 20.18.50.00 2007.11.17 -

Sophos 4.23.0 2007.11.17 ClickSpring

Sunbelt 2.2.907.0 2007.11.17 ClickSpring.PuritySCAN

Symantec 10 2007.11.17 Adware.Purityscan

TheHacker 6.2.9.132 2007.11.16 -

VBA32 3.12.2.5 2007.11.16 -

VirusBuster 4.3.26:9 2007.11.16 -

Webwasher-Gateway 6.0.1 2007.11.16 Ad-Spyw

GoBi
komentarz
komentarz

Kasuj wpis i plik...

Gość
komentarz
komentarz

Po skasowaniu wpisu tego pliku już tam nie było , - czy Hijackthis go skasował? Przeszłem ten temat o optymalizacji sytemu autorstwa CatchMe i no i komp przyśpieszył, dzięki wam , :szacunek: dla Gobi i CatchMe :szacunek:

GoBi
komentarz
komentarz

Plik musisz skasować ręcznie... jesli nie bedzie szło normalnie użyj killbox'a

Gość
komentarz
komentarz

ok , temat rozwiązany , wszytko wróciło do normy , jeszcze raz THX Gobi

agresja
komentarz
komentarz

BlazingTools "Perfect Keylogger" instalowałeś to sam ?

Ten program , może przynieść za sobą nie pożądane skutki jeżeli nie potrafisz się nim obsługiwać....

Gość
komentarz
komentarz

nie nie sam , a jest on w wpisach podanych przez Gobi? bo jesli go nie skasowalem to prosze o podanie wpisu do skasowania bo nie chce miec keyloggerow , bo ktos je mi wrzucil (pewnie z czyms sciagnelem ...)

PS: wlasnie wyslalem na ta stronke http://www.virustotal.com/ plik systemowy C:\WINDOWS\system32\bpk.exe a to ten keylogger... ok skasuje, mam jeszcze jakiegos syfa w kompie ????

agresja
komentarz
komentarz
mam jeszcze jakiegos syfa w kompie ????

Dla pewności wklej jeszcze nowego loga z HijackThis.

Na przyszłość polecam Ewido Anti Spyware v 4.0.0.171.b bardzo dobry program do usuwania wszelkiego rodzaju malware (spyware, adware, trojany, robaki, dialery, keyloggery i wiele innych szkodników).

Zresztą zrobię Wam porządny poradnik ,jak i czym pozbywać się takiego świństwa - przyda się nie jednemu - i mam nadzieję że któryś z moderatorów przyklei go w dziale Bezpieczeństwo , niedługo dam odpowiednie materiały ...

Gość
komentarz
komentarz

ok log uaktualniony

Zresztą zrobię Wam porządny poradnik

nie mooge sie doczekać , kaby był naprawde dobry to powinieneś być mianowany na PRZYJACIEL'a forum :P

PS: Ja mam Ad-ware SE Profesional od takich wirusów ale sprawdze tego AVG

GoBi
komentarz
komentarz
Zresztą zrobię Wam porządny poradnik ,jak i czym pozbywać się takiego świństwa

Zapraszam do FAQ, tam załóż ten temacik... :) pozdrawiam

agresja
komentarz
komentarz
ok log uaktualniony

Czyściutko .

Ps. GoBi ,to będzie typowo o bezpieczeństwie , więc warto żeby był w tym dziale , ułatwi to każdemu sprawę.

W FAQ' będzie się marnował , zresztą jak go skończę to sam zrozumiesz :D

Pozdrawiam.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.