x-kom hosting

prosze sprawdzic...

Ville
utworzono
utworzono

Wczoraj usunalem wirusa bo mi wpadl ale czuje ze nie wszystko usunalem. Prosze sprawdzic loga:

================================================================

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}

"Gadu-Gadu" = ""C:Program FilesGadu-Gadugg.exe" /tray" ["Gadu-Gadu Sp. z oo"]

HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}

"SpeedTouch USB Diagnostics" = ""C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon" ["THOMSON Telecom Belgium"]

"NvCplDaemon" = "RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup" [MS]

"CTHelper" = "CTHELPER.EXE" ["Creative Technology Ltd"]

"UpdReg" = "C:WINDOWSUpdReg.EXE" ["Creative Technology Ltd."]

"Jet Detection" = ""C:Program FilesCreativeSBLivePROGRAMADGJDet.exe"" [empty string]

"NvMediaCenter" = "RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit" [MS]

"AVG7_CC" = "C:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]

HKLMSoftwareMicrosoftActive SetupInstalled Components

>{26923b43-4d38-484f-9b9e-de460746276c}(Default) = "Internet Explorer"

StubPath = "C:WINDOWSsystem32shmgrate.exe OCInstallUserConfigIE" [MS]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

InProcServer32(Default) = "C:Program FilesJavajre1.5.0_11binssv.dll" ["Sun Microsystems, Inc."]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

InProcServer32(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

InProcServer32(Default) = "C:WINDOWSSystem32hticons.dll" ["Hilgraeve, Inc."]

"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"

-> {HKLM...CLSID} = "AVG7 Shell Extension Class"

InProcServer32(Default) = "C:Program FilesGrisoftAVG7avgse.dll" ["GRISOFT, s.r.o."]

"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"

-> {HKLM...CLSID} = "AVG7 Find Extension Class"

InProcServer32(Default) = "C:Program FilesGrisoftAVG7avgse.dll" ["GRISOFT, s.r.o."]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

InProcServer32(Default) = "C:WINDOWSSystem32nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

InProcServer32(Default) = "C:WINDOWSSystem32nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

InProcServer32(Default) = "C:WINDOWSSystem32nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

InProcServer32(Default) = "C:WINDOWSSystem32nvshell.dll" ["NVIDIA Corporation"]

"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"

-> {HKLM...CLSID} = "7-Zip Shell Extension"

InProcServer32(Default) = "C:Program Files7-Zip7-zip.dll" ["Igor Pavlov"]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

InProcServer32(Default) = "C:Program FilesMicrosoft OfficeOffice10OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

InProcServer32(Default) = "C:Program FilesMicrosoft OfficeOffice10msohev.dll" [MS]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

InProcServer32(Default) = "C:WINDOWSSystem32nvcpl.dll" ["NVIDIA Corporation"]

HKLMSystemCurrentControlSetControlSecurityProviders

<<!>> ("" [file not found]) "SecurityProviders" = "msapsspc.dll, schannel.dll, digest.dll,, msnsspc.dll"

HKLMSoftwareClassesFoldershellexColumnHandlers

{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."]

HKLMSoftwareClasses*shellexContextMenuHandlers

7-Zip(Default) = "{23170F69-40C1-278A-1000-000100020000}"

-> {HKLM...CLSID} = "7-Zip Shell Extension"

InProcServer32(Default) = "C:Program Files7-Zip7-zip.dll" ["Igor Pavlov"]

AVG7 Shell Extension(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

-> {HKLM...CLSID} = "AVG7 Shell Extension Class"

InProcServer32(Default) = "C:Program FilesGrisoftAVG7avgse.dll" ["GRISOFT, s.r.o."]

HKLMSoftwareClassesDirectoryshellexContextMenuHandlers

7-Zip(Default) = "{23170F69-40C1-278A-1000-000100020000}"

-> {HKLM...CLSID} = "7-Zip Shell Extension"

InProcServer32(Default) = "C:Program Files7-Zip7-zip.dll" ["Igor Pavlov"]

HKLMSoftwareClassesFoldershellexContextMenuHandlers

AVG7 Shell Extension(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

-> {HKLM...CLSID} = "AVG7 Shell Extension Class"

InProcServer32(Default) = "C:Program FilesGrisoftAVG7avgse.dll" ["GRISOFT, s.r.o."]

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer

"NoToolbarCustomize" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Windows Components|Internet Explorer|Toolbars|

Disable customizing browser toolbar buttons}

"NoBandCustomize" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Windows Components|Internet Explorer|Toolbars|

Disable customizing browser toolbars}

HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|System|

Prevent access to registry editing tools}

HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral

"Wallpaper" = "C:Documents and Settingsadmin.RZ-6YBS9G3DO52TUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCUControl PanelDesktop

"Wallpaper" = "C:Documents and Settingsadmin.RZ-6YBS9G3DO52TUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_E

tries {++}

000000000001LibraryPath = "%SystemRoot%System32nwprovau.dll" [MS]

000000000002LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

000000000003LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]

000000000004LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

Transport Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_En

ries {++}

0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

C:WINDOWSSystem32avgfwafu.dll ["GRISOFT, s.r.o."], 01 - 05

%SystemRoot%system32mswsock.dll [MS], 06 - 09, 12 - 30

%SystemRoot%system32rsvpsp.dll [MS], 10 - 11

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

AVG Firewall, AVGFwSrv, "C:PROGRA~1GrisoftAVG7avgfwsrv.exe /srvfsys" ["GRISOFT, s.r.o."]

AVG7 Alert Manager Server, Avg7Alrt, "C:PROGRA~1GrisoftAVG7avgamsvr.exe" ["GRISOFT, s.r.o."]

AVG7 Update Service, Avg7UpdSvc, "C:PROGRA~1GrisoftAVG7avgupsvc.exe" ["GRISOFT, s.r.o."]

Creative Service for CDROM Access, Creative Service for CDROM Access, "C:WINDOWSSystem32CTsvcCDA.exe" ["Creative Technology Ltd"]

Machine Debug Manager, MDM, ""C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe"" [MS]

NVIDIA Display Driver Service, NVSvc, "C:WINDOWSSystem32nvsvc32.exe" ["NVIDIA Corporation"]

----------

<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 1234 seconds, including 7 seconds for message boxes)

Barthezz
komentarz
komentarz

Nic nie znalazłem, dla pewności daj jeszcze loga z hijackthis i najlepiej daj go między



żeby było estetyczniej i wygodniej

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.