spybot - search & destroy i windows security center

[PyToN]

Od pewnego czasu w programie SpyBot - Search & Destroy wyswietla mi dziwny problem.

Dziwny wpis w rejestrze, nie wiem czy wykasowac czy tez lepiej nie tykac.
Mozecie mi opisac co to wlasciwie jest i czy moge z czystym sumieniem wykasowac "to cos"



Ps. Kaspersky oraz ad-aware nic nie wykrył. Mam Win XP + SP2.

[Tom@szek]

Kasuj śmiało:

Rootkit "Windows Security Center"

Ale zapodaj log-a z hijackthis.

[PyToN]

Porsze log i sorki ze tak pozno, niestety internet radiowy dziala jak sam chce...

Logfile of HijackThis v1.99.1
Scan saved at 16:23:28, on 2006-10-30
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
F:\Programy\Kaspersky Internet Security 6.0.30 PL\avp.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
F:\Programy\java\bin\jusched.exe
F:\Programy\cFos\cFosSpeed.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Programy\Clock Tray Skins\ClockTraySkins.exe
F:\Programy\Kaspersky Internet Security 6.0.30 PL\avp.exe
F:\Programy\cFos\spd.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\System32\svchost.exe
F:\Programy\eMule\emule.exe
F:\Programy\Winamp\winamp.exe
F:\Programy\Mozilla Firefox\firefox.exe
F:\Programy\hitack logi\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programy\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Local Spool Net support DLL - {41943050-65CC-454B-81E4-9C8A9D7CBAEA} - C:\WINDOWS\system32\localsplnet.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Programy\java\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - F:\Programy\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [kis] "F:\Programy\Kaspersky Internet Security 6.0.30 PL\avp.exe"
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Programy\java\bin\jusched.exe
O4 - HKLM\..\Run: [cFosSpeed] F:\Programy\cFos\cFosSpeed.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SkinClock] F:\Programy\Clock Tray Skins\ClockTraySkins.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Dodaj do Kaspersky Anti-Banner - F:\Programy\Kaspersky Internet Security 6.0.30 PL\\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programy\java\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programy\java\bin\ssv.dll
O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - F:\Programy\Kaspersky Internet Security 6.0.30 PL\scieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O20 - AppInit_DLLs: F:\Programy\KASPER~1.30P\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - F:\Programy\Kaspersky Internet Security 6.0.30 PL\avp.exe" -r (file missing)
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - F:\Programy\cFos\spd.exe" -service (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - F:\Programy\Nero 7 Ultra Edition\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

[Tom@szek]

Usuń te wpisy- a

Kasuj śmiało:

Rootkit "Windows Security Center"

R3 - Default URLSearchHook is missing
O2 - BHO: Local Spool Net support DLL - {41943050-65CC-454B-81E4-9C8A9D7CBAEA} - C:\WINDOWS\system32\localsplnet.dll (file missing)

Autor postu otrzymał pochwałę

[PyToN]

Tom@szek dziekuje bardzo za szybką odpowiedź, temat mozna zamknąć.

[Red]

Pyton666 proponuje koniecznie zastosowac:

http://downloads.subratam.org/Fixwareout.exe
i wklej zawartosc na forum

Autor postu otrzymał pochwałę

[PyToN]

Red zastosowałem sie do twoich instrukcji.

i wklej zawartosc na forum

Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
...

Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects.
Directory of C:\WINDOWS\system32

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.

[Red]

Dobra,nic nie zostało.Jest czysto.