Ville utworzono 2 marca 2007 utworzono 2 marca 2007 Wczoraj usunalem wirusa bo mi wpadl ale czuje ze nie wszystko usunalem. Prosze sprawdzic loga: ================================================================ "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++} "Gadu-Gadu" = ""C:Program FilesGadu-Gadugg.exe" /tray" ["Gadu-Gadu Sp. z oo"] HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++} "SpeedTouch USB Diagnostics" = ""C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon" ["THOMSON Telecom Belgium"] "NvCplDaemon" = "RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup" [MS] "CTHelper" = "CTHELPER.EXE" ["Creative Technology Ltd"] "UpdReg" = "C:WINDOWSUpdReg.EXE" ["Creative Technology Ltd."] "Jet Detection" = ""C:Program FilesCreativeSBLivePROGRAMADGJDet.exe"" [empty string] "NvMediaCenter" = "RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit" [MS] "AVG7_CC" = "C:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP" ["GRISOFT, s.r.o."] HKLMSoftwareMicrosoftActive SetupInstalled Components >{26923b43-4d38-484f-9b9e-de460746276c}(Default) = "Internet Explorer" StubPath = "C:WINDOWSsystem32shmgrate.exe OCInstallUserConfigIE" [MS] HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" InProcServer32(Default) = "C:Program FilesJavajre1.5.0_11binssv.dll" ["Sun Microsystems, Inc."] HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" InProcServer32(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" InProcServer32(Default) = "C:WINDOWSSystem32hticons.dll" ["Hilgraeve, Inc."] "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" InProcServer32(Default) = "C:Program FilesGrisoftAVG7avgse.dll" ["GRISOFT, s.r.o."] "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension" -> {HKLM...CLSID} = "AVG7 Find Extension Class" InProcServer32(Default) = "C:Program FilesGrisoftAVG7avgse.dll" ["GRISOFT, s.r.o."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" InProcServer32(Default) = "C:WINDOWSSystem32nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" InProcServer32(Default) = "C:WINDOWSSystem32nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "C:WINDOWSSystem32nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" InProcServer32(Default) = "C:WINDOWSSystem32nvshell.dll" ["NVIDIA Corporation"] "{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension" -> {HKLM...CLSID} = "7-Zip Shell Extension" InProcServer32(Default) = "C:Program Files7-Zip7-zip.dll" ["Igor Pavlov"] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" InProcServer32(Default) = "C:Program FilesMicrosoft OfficeOffice10OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "C:Program FilesMicrosoft OfficeOffice10msohev.dll" [MS] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" InProcServer32(Default) = "C:WINDOWSSystem32nvcpl.dll" ["NVIDIA Corporation"] HKLMSystemCurrentControlSetControlSecurityProviders <<!>> ("" [file not found]) "SecurityProviders" = "msapsspc.dll, schannel.dll, digest.dll,, msnsspc.dll" HKLMSoftwareClassesFoldershellexColumnHandlers {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."] HKLMSoftwareClasses*shellexContextMenuHandlers 7-Zip(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" InProcServer32(Default) = "C:Program Files7-Zip7-zip.dll" ["Igor Pavlov"] AVG7 Shell Extension(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" InProcServer32(Default) = "C:Program FilesGrisoftAVG7avgse.dll" ["GRISOFT, s.r.o."] HKLMSoftwareClassesDirectoryshellexContextMenuHandlers 7-Zip(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" InProcServer32(Default) = "C:Program Files7-Zip7-zip.dll" ["Igor Pavlov"] HKLMSoftwareClassesFoldershellexContextMenuHandlers AVG7 Shell Extension(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" InProcServer32(Default) = "C:Program FilesGrisoftAVG7avgse.dll" ["GRISOFT, s.r.o."] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer "NoToolbarCustomize" = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Windows Components|Internet Explorer|Toolbars| Disable customizing browser toolbar buttons} "NoBandCustomize" = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Windows Components|Internet Explorer|Toolbars| Disable customizing browser toolbars} HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegistryTools" = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral "Wallpaper" = "C:Documents and Settingsadmin.RZ-6YBS9G3DO52TUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCUControl PanelDesktop "Wallpaper" = "C:Documents and Settingsadmin.RZ-6YBS9G3DO52TUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp" Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_E tries {++} 000000000001LibraryPath = "%SystemRoot%System32nwprovau.dll" [MS] 000000000002LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] 000000000003LibraryPath = "%SystemRoot%System32winrnr.dll" [MS] 000000000004LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] Transport Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_En ries {++} 0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:WINDOWSSystem32avgfwafu.dll ["GRISOFT, s.r.o."], 01 - 05 %SystemRoot%system32mswsock.dll [MS], 06 - 09, 12 - 30 %SystemRoot%system32rsvpsp.dll [MS], 10 - 11 Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVG Firewall, AVGFwSrv, "C:PROGRA~1GrisoftAVG7avgfwsrv.exe /srvfsys" ["GRISOFT, s.r.o."] AVG7 Alert Manager Server, Avg7Alrt, "C:PROGRA~1GrisoftAVG7avgamsvr.exe" ["GRISOFT, s.r.o."] AVG7 Update Service, Avg7UpdSvc, "C:PROGRA~1GrisoftAVG7avgupsvc.exe" ["GRISOFT, s.r.o."] Creative Service for CDROM Access, Creative Service for CDROM Access, "C:WINDOWSSystem32CTsvcCDA.exe" ["Creative Technology Ltd"] Machine Debug Manager, MDM, ""C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe"" [MS] NVIDIA Display Driver Service, NVSvc, "C:WINDOWSSystem32nvsvc32.exe" ["NVIDIA Corporation"] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 1234 seconds, including 7 seconds for message boxes)
Barthezz komentarz 4 marca 2007 komentarz 4 marca 2007 Nic nie znalazłem, dla pewności daj jeszcze loga z hijackthis i najlepiej daj go między żeby było estetyczniej i wygodniej
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.