Gość utworzono 16 listopada 2007 utworzono 16 listopada 2007 oto log z HijackThisa ,, nie wiem co się stało ale mój komp chodzi ok. 15 razy wolniej nawet sie zacina podcza pisania tego tematu bo za szybko pisze , wlasnie robie skana kasperskym, zobaczymy ,moze to jakis wirus , narazie prosze o sprawdzenie loga , PS:ta stronka zawsze wchodzila mi w góra 3 sekund , teraz 28! zaraz wybuchne... Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:37:14, on 2007-11-17Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\tcpsvcs.exeC:\WINDOWS\system32\mqsvc.exeC:\WINDOWS\system32\mqtgsvc.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Winamp5,5\winamp.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\explorer.exeC:\Program Files\FlashGet\flashget.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\MotoMidMan\MotoMidMan_0.38PL\MotoMidMan.exeC:\WINDOWS\system32\cidaemon.exeC:\Program Files\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allegro.pl/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exeO4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dllO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [P2kAutostart] V493O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: BTTray.lnk = ?O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htmO8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htmO8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe--End of file - 7053 bytes SilentRunners "Silent Runners.vbs", revision 52, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"High Definition Audio Property Page Shortcut" = "HDAShCut.exe" ["Windows ® Server 2003 DDK provider"]"ISUSPM Startup" = "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup" ["InstallShield Software Corporation"]"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"" ["Kaspersky Lab"]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]"MsmqIntCert" = "regsvr32 /s mqrt.dll" [MS]"bpk" = "C:\WINDOWS\system32\bpk.exe" [null data]"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]"ISUSScheduler" = ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"]"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]HKLM\Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer" \StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE" [MS]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = (no title provided) -> {HKLM...CLSID} = "Skype add-on (mastermind)" \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = "flashget urlcatch" -> {HKLM...CLSID} = "FGCatchUrl" \InProcServer32\(Default) = "C:\Program Files\FlashGet\jccatch.dll" ["www.flashget.com"]{75787F5C-BAC4-926A-E694-B76EFBE898ED}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\zsdssdqu.dll" [null data]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Notifier BHO" \InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll" ["Google Inc."]{F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided) -> {HKLM...CLSID} = "FlashGet GetFlash Class" \InProcServer32\(Default) = "C:\Program Files\FlashGet\getflash.dll" ["www.flashget.com"]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.0.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.0.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.0.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.0.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]"{00020000-0000-1011-8004-0000C06B5161}" = "WIBU-SYSTEMS Shell Extension" -> {HKLM...CLSID} = "WIBU-SYSTEMS Shell Extension" \InProcServer32\(Default) = "C:\Program Files\WIBU-SYSTEMS\System\WibuShellExt.dll" ["WIBU-SYSTEMS AG"]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places" -> {HKLM...CLSID} = "Moje miejsca interfejsu Bluetooth" \InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation."]"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki dla ochrony WWW" -> {HKLM...CLSID} = "Statystyki dla ochrony WWW" \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Uniwersalne urządzenia Plug and Play" -> {HKLM...CLSID} = "Uniwersalne urządzenia Plug and Play" \InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]HKLM\Software\Classes\Folder\shellex\ColumnHandlers\{00020000-0000-1011-8004-0000C06B5161}\(Default) = (no title provided) -> {HKLM...CLSID} = "WIBU-SYSTEMS Shell Extension" \InProcServer32\(Default) = "C:\Program Files\WIBU-SYSTEMS\System\WibuShellExt.dll" ["WIBU-SYSTEMS AG"]{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.0.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\Software\Classes\*\shellex\ContextMenuHandlers\DaemonShellExtImage\(Default) = "{40966797-8FFE-46C8-9EF8-7003F33CCF0F}" -> {HKLM...CLSID} = "DaemonShellExtImage Class" \InProcServer32\(Default) = "C:\Program Files\DAEMON Tools Pro\imgshl32.dll" ["DT Soft Ltd."]Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll" ["Kaspersky Lab"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll" ["Kaspersky Lab"]UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoInstrumentation" = (REG_DWORD) hex:0x00000001{unrecognized setting}HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) hex:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\Użytkownik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Startup items in "Użytkownik" & "All Users" startup folders:------------------------------------------------------------C:\Documents and Settings\All Users\Menu Start\Programy\Autostart"BTTray" -> shortcut to: "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" ["Broadcom Corporation."]Enabled Scheduled Tasks:------------------------"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" [file not found]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]000000000005\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS]000000000006\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS]Transport Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 24%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]HKLM\Software\Microsoft\Internet Explorer\Toolbar\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]Explorer BarsHKLM\Software\Microsoft\Internet Explorer\Explorer Bars\HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statystyki dla ochrony WWW"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]Extensions (Tools menu items, main toolbar menu buttons)HKLM\Software\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\"MenuText" = "Sun Java Console""CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\"ButtonText" = "Statystyki dla ochrony WWW"{77BF5300-1474-4EC7-9980-D32B190E9B07}\"ButtonText" = "Skype""CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}" -> {HKLM...CLSID} = "Skype add-on (button)" \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]{CCA281CA-C863-46EF-9331-5C8D4460577F}\"ButtonText" = "@btrez.dll,-4015""MenuText" = "@btrez.dll,-12650""Script" = "C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm" [null data]{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\"ButtonText" = "FlashGet""MenuText" = "FlashGet""Exec" = "C:\Program Files\FlashGet\FlashGet.exe" ["FlashGet.com"]{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]Miscellaneous IE Hijack Points------------------------------HKLM\Software\Microsoft\Internet Explorer\AboutURLs\<<H>> "Tabs" = "res://ieframe.dll/tabswelcome.htm" [file not found]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."]Bluetooth Service, btwdins, "C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe" ["Broadcom Corporation."]Karta wydajności WMI, WmiApSrv, "C:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS]Kaspersky Internet Security 7.0, AVP, ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r" ["Kaspersky Lab"]Message Queuing, MSMQ, "C:\WINDOWS\system32\mqsvc.exe" [MS]Message Queuing Triggers, MSMQTriggers, "C:\WINDOWS\system32\mqtgsvc.exe" [MS]nTune Service, nTuneService, "C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe /StartService" ["NVIDIA"]NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]Odbiornik RIP, Iprip, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\iprip.dll" [MS]}PnkBstrA, PnkBstrA, "C:\WINDOWS\system32\PnkBstrA.exe" [null data]SecuROM User Access Service (V7), UserAccess7, "C:\WINDOWS\system32\UAService7.exe" [null data]Usługa Pomocnik IPv6, 6to4, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]}Usługi Simple TCP/IP, SimpTcp, "C:\WINDOWS\system32\tcpsvcs.exe" [MS]Print Monitors:---------------HKLM\System\CurrentControlSet\Control\Print\Monitors\Port drukarki interfejsu Bluetooth\Driver = "bthcrp.dll" ["Broadcom Corporation."]---------- (launch time: 2007-11-17 08:25:20)<<!>>: Suspicious data at a malware launch point.<<H>>: Suspicious data at a browser hijack point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter.+ To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box.---------- (total run time: 72 seconds, including 18 seconds for message boxes)
GoBi komentarz 17 listopada 2007 komentarz 17 listopada 2007 Czy to twój keylogger świadomie zaintalowany ? bo masz keylogger'a.....
Gość komentarz 17 listopada 2007 komentarz 17 listopada 2007 hmm... ja go tam nie wrzucałem ! , zaraz wrzuce log z SilentRunners i podajcie mi logi do skasowania wogule jakos ostatnio syfi mi sie komp a mam Kasperskiego 7.0.125 ...
GoBi komentarz 17 listopada 2007 komentarz 17 listopada 2007 Skasuj pogrubione pliki w trybie awaryjnym i wyłącz przywracanie systemu na ten czas: C:\WINDOWS\system32\bpk.exeO2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing) O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing) O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html Nastepnie wejdz na http://www.virustotal.com/ I wyślji ten plik C:\WINDOWS\system32\zsdssdqu.dll
Gość komentarz 17 listopada 2007 komentarz 17 listopada 2007 http://www.virustotal.com/ wykozaczona stronka, skanuje plik wieloma antywirusami .dokładnie to 32-oma , moj wynik to 13/32.40,63% ze to wirus , co ? kasować?
Gość komentarz 17 listopada 2007 komentarz 17 listopada 2007 File zsdssdqu.dll received on 11.17.2007 09:34:25 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 13/32 (40.63%) AhnLab-V3 2007.11.17.0 2007.11.16 - AntiVir 7.6.0.34 2007.11.16 ADSPY/PuritySc.CG.2 Authentium 4.93.8 2007.11.17 - Avast 4.7.1074.0 2007.11.16 Win32:Agent-RY AVG 7.5.0.503 2007.11.17 Adware Generic2.SUO BitDefender 7.2 2007.11.17 - CAT-QuickHeal 9.00 2007.11.16 - ClamAV 0.91.2 2007.11.17 - DrWeb 4.44.0.09170 2007.11.17 - eSafe 7.0.15.0 2007.11.14 Spyware.Purityscan eTrust-Vet 31.2.5302 2007.11.17 - Ewido 4.0 2007.11.16 - FileAdvisor 1 2007.11.17 Low threat detected Fortinet 3.11.0.0 2007.10.19 - F-Prot 4.4.2.54 2007.11.16 - F-Secure 6.70.13030.0 2007.11.16 - Ikarus T3.1.1.12 2007.11.17 not-a-virus:AdWare.Win32.PurityScan.ak Kaspersky 7.0.0.125 2007.11.17 - McAfee 5165 2007.11.16 - Microsoft 1.3007 2007.11.17 Spyware:Win32/MediaTicketsCDT NOD32v2 2665 2007.11.17 probably a variant of Win32/Adware.PurityScan Norman 5.80.02 2007.11.16 - Panda 9.0.0.4 2007.11.17 Adware/PurityScan Prevx1 V2 2007.11.17 - Rising 20.18.50.00 2007.11.17 - Sophos 4.23.0 2007.11.17 ClickSpring Sunbelt 2.2.907.0 2007.11.17 ClickSpring.PuritySCAN Symantec 10 2007.11.17 Adware.Purityscan TheHacker 6.2.9.132 2007.11.16 - VBA32 3.12.2.5 2007.11.16 - VirusBuster 4.3.26:9 2007.11.16 - Webwasher-Gateway 6.0.1 2007.11.16 Ad-Spyw
Gość komentarz 17 listopada 2007 komentarz 17 listopada 2007 Po skasowaniu wpisu tego pliku już tam nie było , - czy Hijackthis go skasował? Przeszłem ten temat o optymalizacji sytemu autorstwa CatchMe i no i komp przyśpieszył, dzięki wam , dla Gobi i CatchMe
GoBi komentarz 17 listopada 2007 komentarz 17 listopada 2007 Plik musisz skasować ręcznie... jesli nie bedzie szło normalnie użyj killbox'a
Gość komentarz 17 listopada 2007 komentarz 17 listopada 2007 ok , temat rozwiązany , wszytko wróciło do normy , jeszcze raz THX Gobi
agresja komentarz 17 listopada 2007 komentarz 17 listopada 2007 BlazingTools "Perfect Keylogger" instalowałeś to sam ? Ten program , może przynieść za sobą nie pożądane skutki jeżeli nie potrafisz się nim obsługiwać....
Gość komentarz 17 listopada 2007 komentarz 17 listopada 2007 nie nie sam , a jest on w wpisach podanych przez Gobi? bo jesli go nie skasowalem to prosze o podanie wpisu do skasowania bo nie chce miec keyloggerow , bo ktos je mi wrzucil (pewnie z czyms sciagnelem ...) PS: wlasnie wyslalem na ta stronke http://www.virustotal.com/ plik systemowy C:\WINDOWS\system32\bpk.exe a to ten keylogger... ok skasuje, mam jeszcze jakiegos syfa w kompie ????
agresja komentarz 17 listopada 2007 komentarz 17 listopada 2007 mam jeszcze jakiegos syfa w kompie ???? Dla pewności wklej jeszcze nowego loga z HijackThis. Na przyszłość polecam Ewido Anti Spyware v 4.0.0.171.b bardzo dobry program do usuwania wszelkiego rodzaju malware (spyware, adware, trojany, robaki, dialery, keyloggery i wiele innych szkodników). Zresztą zrobię Wam porządny poradnik ,jak i czym pozbywać się takiego świństwa - przyda się nie jednemu - i mam nadzieję że któryś z moderatorów przyklei go w dziale Bezpieczeństwo , niedługo dam odpowiednie materiały ...
Gość komentarz 17 listopada 2007 komentarz 17 listopada 2007 ok log uaktualniony Zresztą zrobię Wam porządny poradnik nie mooge sie doczekać , kaby był naprawde dobry to powinieneś być mianowany na PRZYJACIEL'a forum PS: Ja mam Ad-ware SE Profesional od takich wirusów ale sprawdze tego AVG
GoBi komentarz 17 listopada 2007 komentarz 17 listopada 2007 Zresztą zrobię Wam porządny poradnik ,jak i czym pozbywać się takiego świństwa Zapraszam do FAQ, tam załóż ten temacik... pozdrawiam
agresja komentarz 17 listopada 2007 komentarz 17 listopada 2007 ok log uaktualniony Czyściutko . Ps. GoBi ,to będzie typowo o bezpieczeństwie , więc warto żeby był w tym dziale , ułatwi to każdemu sprawę. W FAQ' będzie się marnował , zresztą jak go skończę to sam zrozumiesz Pozdrawiam.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.