Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3900: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3902: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3903: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3904: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
po skanowaniu potrzebuje porady !!!! • programosy.pl
Aktualizacje na programosy.pl: Mixmax FreeChromiumKaspersky Rescue DiskVimTelegram Desktop PortableTelegram DesktopGeoGebra PortableGeoGebraSmartFTP  

  • Ogłoszenie:

po skanowaniu potrzebuje porady !!!!

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.
Wyślij odpowiedź

po skanowaniu potrzebuje porady !!!!

Postprzez zyga435 25 Paź 2005, 20:40

reklama
Zeskanowałem sobie kompa skanerem z strony http://scan.sygatetech.com/

I wynik był następujący
Trojan 80 OPEN Executor, RingZero
Trojan 113 OPEN Kazimas

Co mam zrobić czy to są trojany obecne w moim kompie mam antywirus jak sie one przedostały jak je zwalczyć ?? lub czym.
Dodaje hijacka
Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 20:47:27, on 2005-10-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AntiVirenKit\AVKService.exe
D:\Program Files\AntiVirenKit\AVKWCtl.exe
D:\Program Files\Gizmo Project\mDNSResponder.exe
D:\WINDOWS\System32\cisvc.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Beniamin\tguard.exe
D:\Program Files\Common Files\G DATA\AVKMail\AVKPOP.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Azureus\Azureus.exe
D:\Program Files\Java\jre1.5.0_02\bin\javaw.exe
D:\WINDOWS\system32\cidaemon.exe
D:\Program Files\22M WLAN Adapter\WLANMON.exe
c:\Program Files\Winamp\Winamp.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Gadu-Gadu\gg.exe
D:\Program Files\VVSN\VVSN.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Administrator\Pulpit\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - <default> - (no file)
F2 - REG:system.ini: UserInit=D:\WINDOWS\Sound32.exe,D:\WINDOWS\system32\userinit.exe,
O1 - Hosts: 62.75.224.159 www.bns3.net
O1 - Hosts: 62.75.224.159 www.bns4.net
O1 - Hosts: 62.75.224.159 www.bns5.net
O1 - Hosts: 62.75.224.159 www.bns6.net
O1 - Hosts: 62.75.224.159 www.bns7.net
O1 - Hosts: 62.75.224.159 www.bns8.net
O1 - Hosts: 62.75.224.159 www.cms3.net
O1 - Hosts: 62.75.224.159 www.cms4.net
O1 - Hosts: 62.75.224.159 www.cms5.net
O1 - Hosts: 62.75.224.159 www.cms6.net
O1 - Hosts: 62.75.224.159 www.cms7.net
O1 - Hosts: 62.75.224.159 www.cms8.net
O1 - Hosts: 62.75.224.159 www.rg1.com
O1 - Hosts: 62.75.224.159 www.rg2.com
O1 - Hosts: 62.75.224.159 www.rg3.com
O1 - Hosts: 62.75.224.159 www.rg4.com
O1 - Hosts: 62.75.224.159 www.rg5.com
O1 - Hosts: 62.75.224.159 www.rg6.com
O1 - Hosts: 62.75.224.159 www.rg7.com
O1 - Hosts: 62.75.224.159 www.rg8.com
O1 - Hosts: 62.75.224.159 bns3.net
O1 - Hosts: 62.75.224.159 bns4.net
O1 - Hosts: 62.75.224.159 bns5.net
O1 - Hosts: 62.75.224.159 bns6.net
O1 - Hosts: 62.75.224.159 bns7.net
O1 - Hosts: 62.75.224.159 bns8.net
O1 - Hosts: 62.75.224.159 cms3.net
O1 - Hosts: 62.75.224.159 cms4.net
O1 - Hosts: 62.75.224.159 cms5.net
O1 - Hosts: 62.75.224.159 cms6.net
O1 - Hosts: 62.75.224.159 cms7.net
O1 - Hosts: 62.75.224.159 cms8.net
O1 - Hosts: 62.75.224.159 rg1.com
O1 - Hosts: 62.75.224.159 rg2.com
O1 - Hosts: 62.75.224.159 rg3.com
O1 - Hosts: 62.75.224.159 rg4.com
O1 - Hosts: 62.75.224.159 rg5.com
O1 - Hosts: 62.75.224.159 rg6.com
O1 - Hosts: 62.75.224.159 rg7.com
O1 - Hosts: 62.75.224.159 rg8.com
O1 - Hosts: 62.75.224.159 www.m7z.net
O1 - Hosts: 62.75.224.159 m7z.net
O1 - Hosts: 62.75.224.159 jcontent.bns1.m7z.net
O1 - Hosts: 62.75.224.159 j.2004CMS.com
O1 - Hosts: 62.75.224.159 2004CMS.com
O1 - Hosts: 62.75.224.159 bns1.m7z.net
O2 - BHO: ADefaultSearch Class - {944864A5-3916-46E2-96A9-A2E84F3F1208} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [tguard] D:\Program Files\Beniamin\tguard.exe
O4 - HKLM\..\Run: [AVK Mail Checker] "D:\Program Files\Common Files\G DATA\AVKMail\AVKPOP.EXE"
O4 - HKLM\..\Run: [VVSN] D:\Program Files\VVSN\VVSN.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AVKBar] "D:\Program Files\AntiVirenKit\AVKBar.exe"
O4 - Global Startup: 22M WLAN Adapter.lnk = ?
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download with Internet TOOLS - D:\Program Files\MarBit\TOOLS\MBdownload.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\bnmndrv.dll
O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_16.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123509008461
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127492750686
O16 - DPF: {E95CF138-A587-4C54-8175-3AD80997CB14} (GameDesire Soccer) - http://67.15.101.3/g_bin/pl/soccer_2_0_0_9.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_23.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C6} (GameDesire Pool 8UK) - http://67.15.101.3/g_bin/pl/billard8UK_2_0_0_23.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7373D6A0-07F4-4175-96B2-9A46A782A7AA}: NameServer = 192.168.0.1
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - D:\Program Files\AntiVirenKit\AVKService.exe
O23 - Service: Strażnik AVK (AVKWCtl) - Unknown owner - D:\Program Files\AntiVirenKit\AVKWCtl.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - D:\Program Files\Gizmo Project\mDNSResponder.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Ostatnio edytowany przez zyga435, 25 Paź 2005, 20:52, edytowano w sumie 1 raz
zyga435
~user
 
Posty: 33
Dołączenie: 12 Wrz 2005, 20:14


Góra

Postprzez jeff 25 Paź 2005, 20:44

wrzuć na wszelki wypadek loga z Hijacka....

a do walki polecam:

CWShredder 2.15
jeff
 


Góra

Postprzez zyga435 25 Paź 2005, 21:18

wkleiłem i co dalej mam te trojany czy nie ??
zyga435
~user
 
Posty: 33
Dołączenie: 12 Wrz 2005, 20:14


Góra

Postprzez Red 25 Paź 2005, 21:36

no to zyga zacznij od usuniecia tego badziewia:
R3 - URLSearchHook: (no name) - <default> - (no file)
O1 - Hosts: 62.75.224.159 www.bns3.net
O1 - Hosts: 62.75.224.159 www.bns4.net
O1 - Hosts: 62.75.224.159 www.bns5.net
O1 - Hosts: 62.75.224.159 www.bns6.net
O1 - Hosts: 62.75.224.159 www.bns7.net
O1 - Hosts: 62.75.224.159 www.bns8.net
O1 - Hosts: 62.75.224.159 www.cms3.net
O1 - Hosts: 62.75.224.159 www.cms4.net
O1 - Hosts: 62.75.224.159 www.cms5.net
O1 - Hosts: 62.75.224.159 www.cms6.net
O1 - Hosts: 62.75.224.159 www.cms7.net
O1 - Hosts: 62.75.224.159 www.cms8.net
O1 - Hosts: 62.75.224.159 www.rg1.com
O1 - Hosts: 62.75.224.159 www.rg2.com
O1 - Hosts: 62.75.224.159 www.rg3.com
O1 - Hosts: 62.75.224.159 www.rg4.com
O1 - Hosts: 62.75.224.159 www.rg5.com
O1 - Hosts: 62.75.224.159 www.rg6.com
O1 - Hosts: 62.75.224.159 www.rg7.com
O1 - Hosts: 62.75.224.159 www.rg8.com
O1 - Hosts: 62.75.224.159 bns3.net
O1 - Hosts: 62.75.224.159 bns4.net
O1 - Hosts: 62.75.224.159 bns5.net
O1 - Hosts: 62.75.224.159 bns6.net
O1 - Hosts: 62.75.224.159 bns7.net
O1 - Hosts: 62.75.224.159 bns8.net
O1 - Hosts: 62.75.224.159 cms3.net
O1 - Hosts: 62.75.224.159 cms4.net
O1 - Hosts: 62.75.224.159 cms5.net
O1 - Hosts: 62.75.224.159 cms6.net
O1 - Hosts: 62.75.224.159 cms7.net
O1 - Hosts: 62.75.224.159 cms8.net
O1 - Hosts: 62.75.224.159 rg1.com
O1 - Hosts: 62.75.224.159 rg2.com
O1 - Hosts: 62.75.224.159 rg3.com
O1 - Hosts: 62.75.224.159 rg4.com
O1 - Hosts: 62.75.224.159 rg5.com
O1 - Hosts: 62.75.224.159 rg6.com
O1 - Hosts: 62.75.224.159 rg7.com
O1 - Hosts: 62.75.224.159 rg8.com
O1 - Hosts: 62.75.224.159 www.m7z.net
O1 - Hosts: 62.75.224.159 m7z.net
O1 - Hosts: 62.75.224.159 jcontent.bns1.m7z.net
O1 - Hosts: 62.75.224.159 j.2004CMS.com
O1 - Hosts: 62.75.224.159 2004CMS.com
O1 - Hosts: 62.75.224.159 bns1.m7z.net
O2 - BHO: ADefaultSearch Class - {944864A5-3916-46E2-96A9-A2E84F3F1208} - (no file)
O4 - HKLM\..\Run: [VVSN] D:\Program Files\VVSN\VVSN.exe

wylacz przywracanie systemu i w trybie awaryjnym f8 usuwasz to co podalem powyzej
to co pogrubione leci recznie tzn:
D:\Program Files\VVSN\VVSN.exe
reszte usuniesz za pomocą hijacka naciskając fix
wynik był następujący
Trojan 80 OPEN Executor, RingZero
Trojan 113 OPEN Kazimas

prosze o screny z tego co pokazał sygatetech


dodatkowo przelec system progsem lodorusa:
http://www.searchengines.pl/phpbb203/index.php?s=5debf1bfeab0c89e54567f66c39699f0&act=Attach&type=post&id=459
napisz jak sie ma sytuacja i screny ,screny :D :D

ps
dodatkowo zrob jeszcze taki bajerek:
Panel sterowania>> Java Plug-in>>> Cache >> klikasz>>> Clear>>ok
Awatar użytkownika
Red
^zasłużony
 
Posty: 8694
Dołączenie: 01 Wrz 2005, 10:57
Miejscowość: Piaseczno
Pochwały: 701

Góra

Postprzez zyga435 25 Paź 2005, 22:22

Image

edit Tom@szek- poprawiłem link

Link do obrazka bo coś nie widac go.


Zrobiłem to co w opisie i nadal mam to samo :/

A tutaj jeszcze raz z hijacka po usunięciu.
Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 22:01:42, on 2005-10-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Mam już pewnoś wykryte przez skaner to są trojany lecz jak je teraz usunąć ??

Prosze o pomoc.
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Beniamin\tguard.exe
D:\Program Files\Eset\nod32kui.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\22M WLAN Adapter\WLANMON.exe
D:\Program Files\Gizmo Project\mDNSResponder.exe
D:\WINDOWS\System32\cisvc.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\wbem\wmiprvse.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\System32\wbem\wmiprvse.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Administrator\Pulpit\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: UserInit=D:\WINDOWS\Sound32.exe,D:\WINDOWS\system32\userinit.exe,
O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [tguard] D:\Program Files\Beniamin\tguard.exe
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: 22M WLAN Adapter.lnk = ?
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download with Internet TOOLS - D:\Program Files\MarBit\TOOLS\MBdownload.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_16.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123509008461
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127492750686
O16 - DPF: {E95CF138-A587-4C54-8175-3AD80997CB14} (GameDesire Soccer) - http://67.15.101.3/g_bin/pl/soccer_2_0_0_9.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_23.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C6} (GameDesire Pool 8UK) - http://67.15.101.3/g_bin/pl/billard8UK_2_0_0_23.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7373D6A0-07F4-4175-96B2-9A46A782A7AA}: NameServer = 192.168.0.1
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - D:\Program Files\Gizmo Project\mDNSResponder.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - D:\Program Files\Eset\nod32krn.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
zyga435
~user
 
Posty: 33
Dołączenie: 12 Wrz 2005, 20:14


Góra

Postprzez Red 26 Paź 2005, 13:12

popraw screny ,nic nie widac
do usuniecia pozostaje jeszcze:
F2 - REG:system.ini: UserInit=D:\WINDOWS\Sound32.exe,D:\WINDOWS\system32\userinit.exe,

to co pogrubilem to plik trojana>>> WORM_AGOBOT.GG
wszystko robisz w trybie awaryjnym :
start >>uruchom>>>regedit i smigasz sciezką:
KEY_LOCAL_MACHINE\Software\Microsoft\Windows
CurrentVersion\Run
i sprawdzasz czy nie siedzi po prawej stronie wpis:
Sound services = "SOUND32.EXE”
jesli bedzie usuwasz
i raz jeszcze przeskanuj system antywirem

ps
kurcze a gdzie ty masz wpisy 010 od beniamina .W pierwszym logu były a teraz ich niema :roll:
Awatar użytkownika
Red
^zasłużony
 
Posty: 8694
Dołączenie: 01 Wrz 2005, 10:57
Miejscowość: Piaseczno
Pochwały: 701

Góra

Postprzez zyga435 26 Paź 2005, 15:58

screen jest na Image

usunełem to co napisałes ale nadal to samo przeskanowałem kasperskym z najnowszą bazą danych i nadal to samo i powyżej podanymi programami do zwalczania trojanów. Co mam kurde zrobić aby sie tego pozbyć ??

Tutaj zamieszczam najnowszy log po usunięciu i skanowaniu.
Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 15:55:39, on 2005-10-26
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Beniamin\tguard.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\22M WLAN Adapter\WLANMON.exe
D:\Program Files\Gizmo Project\mDNSResponder.exe
D:\WINDOWS\System32\cisvc.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\cidaemon.exe
D:\Documents and Settings\Administrator\Pulpit\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [tguard] D:\Program Files\Beniamin\tguard.exe
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: 22M WLAN Adapter.lnk = ?
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download with Internet TOOLS - D:\Program Files\MarBit\TOOLS\MBdownload.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\bnmndrv.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123509008461
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127492750686
O16 - DPF: {E95CF138-A587-4C54-8175-3AD80997CB14} (GameDesire Soccer) - http://67.15.101.3/g_bin/pl/soccer_2_0_0_9.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_23.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C6} (GameDesire Pool 8UK) - http://67.15.101.3/g_bin/pl/billard8UK_2_0_0_23.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7373D6A0-07F4-4175-96B2-9A46A782A7AA}: NameServer = 192.168.0.1
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - D:\Program Files\Gizmo Project\mDNSResponder.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
zyga435
~user
 
Posty: 33
Dołączenie: 12 Wrz 2005, 20:14


Góra

Postprzez Red 26 Paź 2005, 16:12

log z hijacka nie bedzie nam juz potrzebny ,w tym momencie jest juz za słaby
nic nie pokazuje i jest czysty
prosze o wstawienie loga z programu:
Ściągnij ten program na dysk i odpal

http://www.silentrunners.org/Silent%20Runners.zip

Pojawi się okienko i klikasz na "Nie ", dzięki czemu otrzymamy pełen log. Poczekaj chwile aż pojawi się info że log już gotowy i wklej zawartość txt na forum


screny są nadal potrzebne
:D :D
Awatar użytkownika
Red
^zasłużony
 
Posty: 8694
Dołączenie: 01 Wrz 2005, 10:57
Miejscowość: Piaseczno
Pochwały: 701

Góra

Postprzez zyga435 26 Paź 2005, 16:34

Kod: Zaznacz wszystko
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "D:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATIPTA" = ""D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]
"RemoteControl" = ""D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"tguard" = "D:\Program Files\Beniamin\tguard.exe" ["AKKORP"]
"KAVPersonal50" = ""D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize" ["Kaspersky Lab"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
  -> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
  -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\rpshell.dll" ["RealNetworks, Inc."]
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"
  -> {CLSID}\InProcServer32\(Default) = ""D:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
  -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{ED65AB21-B24F-11d3-BA80-00C0CA16AA37}" = "Mobile"
  -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Siemens Data Suite\DES\DESShellExt.dll" ["Siemens AG"]
"{ED65AB22-B24F-11d3-BA80-00C0CA16AA37}" = "Mobile ContextMenuHandler"
  -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Siemens Data Suite\DES\DESShellExt.dll" ["Siemens AG"]
"{ED65AB23-B24F-11d3-BA80-00C0CA16AA37}" = "Mobile PropertySheetHandler"
  -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Siemens Data Suite\DES\DESShellExt.dll" ["Siemens AG"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
  -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\shellex.dll" ["Kaspersky Lab"]
TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"
  -> {CLSID}\InProcServer32\(Default) = ""D:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"
  -> {CLSID}\InProcServer32\(Default) = ""D:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
  -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\shellex.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "D:\WINDOWS\Europa.scr" ["Microsoft"]


Startup items in "Administrator" & "All Users" startup folders:
---------------------------------------------------------------

D:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"22M WLAN Adapter" -> shortcut to: "D:\Program Files\22M WLAN Adapter\WLANMON.exe" [" "]


Enabled Scheduled Tasks:
------------------------

"1-Click Maintenance" -> launches: "D:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SYSTEMROOT%\system32\bnmndrv.dll [null data], 01 - 13, 27
%SystemRoot%\system32\mswsock.dll [MS], 14 - 16, 19 - 26
%SystemRoot%\system32\rsvpsp.dll [MS], 17 - 18


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
  -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\

Missing lines (compared with English-language version):
HIJACK WARNING! "TuneUp" = "file://D|/Documents and Settings/All Users/Dane aplikacji/TuneUp Software/Common/base.css" [file not found]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "D:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
Bonjour Service, Bonjour Service, "D:\Program Files\Gizmo Project\mDNSResponder.exe" ["Apple Computer, Inc."]
kavsvc, kavsvc, ""D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"" ["Kaspersky Lab"]
Machine Debug Manager, MDM, ""D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
TuneUp WinStyler Theme Service, TUWinStylerThemeSvc, ""D:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe"" ["TuneUp Software GmbH"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzlnt12\Driver = "hpzlnt12.dll" ["HP"]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
  took 223 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
  took 78 seconds.
---------- (total run time: 396 seconds)
zyga435
~user
 
Posty: 33
Dołączenie: 12 Wrz 2005, 20:14


Góra

Postprzez Red 26 Paź 2005, 16:40

zyga435 napisalem ci :
Poczekaj chwile aż pojawi się info że log już gotowy


a ten twoj jest urwany :) troszke cierpliwosci :)
Awatar użytkownika
Red
^zasłużony
 
Posty: 8694
Dołączenie: 01 Wrz 2005, 10:57
Miejscowość: Piaseczno
Pochwały: 701

Góra

Postprzez zyga435 26 Paź 2005, 16:48

już go zamieniłem na właściwy :-)
zyga435
~user
 
Posty: 33
Dołączenie: 12 Wrz 2005, 20:14


Góra

Postprzez Red 26 Paź 2005, 16:51

zyga435 napisał(a):już go zamieniłem na właściwy


dobrze i w nim rowniez nic nie ma .zyga435
zaczynam troszke watpic w infekcje twojego kompa .I teraz tak :
albo dasz mi screny o ktore cie prosze od dawna i sie przekonamy co to jest
albo zwyczajnie ten program od sygate wali scieme ze niby cos masz :)
Awatar użytkownika
Red
^zasłużony
 
Posty: 8694
Dołączenie: 01 Wrz 2005, 10:57
Miejscowość: Piaseczno
Pochwały: 701

Góra

Postprzez zyga435 26 Paź 2005, 17:11

Image
Tu jest screen.

edit Tom@szek

jak wstawiasz link do obrazka z innego serwera zacznij od Image
zyga435
~user
 
Posty: 33
Dołączenie: 12 Wrz 2005, 20:14


Góra

Postprzez Red 26 Paź 2005, 18:23

zyga435 dzieki tomaszkowi mamy problem z głowy -poprawił widocznosc :) :)
masz informacje( z tego scanera) o otwartych portach ,ktore mogą byc potencjalną sciezką dla wirusow jednak nie muszą .I nic ale to zupelnie nic wiecej :) :)
Troszke nam to zajeło czasu ale przynajmniej kompa masz totalnie sprawdzonego i przetestowanego na obecnosc smieci.
Konczac napisze ze jest czysto i nie musisz sie obawiac.Olewasz info z tego scanerka :) :)

ps
zainstalujesz sobie dobrego firewalla ,pozamykasz porty progsem wwdc i nie bedziesz miał informacji o tego rodzaju ciekawostkach .

Autor postu otrzymał pochwałę
Awatar użytkownika
Red
^zasłużony
 
Posty: 8694
Dołączenie: 01 Wrz 2005, 10:57
Miejscowość: Piaseczno
Pochwały: 701

Góra

Postprzez zyga435 26 Paź 2005, 18:29

Spoko dziękas za pomoc i fatygę za to dałem ci plusa :-)
zyga435
~user
 
Posty: 33
Dołączenie: 12 Wrz 2005, 20:14


Góra
Wyślij odpowiedź

Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 9 gości

Powered by phpBB © Group
Forum Programosy.pl