Aktualizacje na programosy.pl: Brave BrowserActiveSMARTChromiumKaspersky Rescue DiskVimK7 UltimateSecuritySigilMicrosoft OneDriveCherryTree  

  • Ogłoszenie:

prośba o sprawdzenie logga :)

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.
Wyślij odpowiedź

prośba o sprawdzenie logga :)

Postprzez sauroon 03 Lis 2006, 20:06

reklama
Witojcie, proszę o sprawdzenie loga bo komp się emuli.

Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 18:42:10, on 2006-11-03
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\Winamp.exe
C:\Documents and Settings\Michał\Pulpit\hijackthis.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EA3F694-D5EB-4B89-BC3D-356CC489B633}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{0EA3F694-D5EB-4B89-BC3D-356CC489B633}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

[/url]
Ałaaaa !!! Google mnie ugryzło :)
Awatar użytkownika
sauroon
~user
 
Posty: 263
Dołączenie: 06 Paź 2005, 10:36
Miejscowość: Kentucky Koźle
Pochwały: 8

Góra

Postprzez Aqui 03 Lis 2006, 20:09

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cab
==>To jest w porządku
Log czysty
Daj jeszcze silentrunners
Przeczysc rejestr,start==>uruchom==>msconfig zakladka uruchamianie i wylacz co uwazasz za stosowne :wink:
Awatar użytkownika
Aqui
~user
 
Posty: 935
Dołączenie: 09 Wrz 2006, 19:33
Pochwały: 75

Góra

Postprzez AmAtoR 04 Lis 2006, 00:34

witam
Do Modow: pisze w poscie innego usera poniewaz ja nie moge utworzyc nowego postu niewiem co sie dzieje;/
mam zainstalowanego nod-a32 i co jakies 30-40 sek wykrywa mi infekcje nawt jezeli sam inter jest wlaczony bez zadnych innych programow zamieszczam loga
Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 23:11:02, on 2006-11-03
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\ewido anti-spyware 4.0\guard.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
E:\Program Files\Eset\nod32krn.exe
E:\WINDOWS\system32\svchost.exe
E:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
E:\PROGRA~1\NEOSTR~1\CnxMon.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Program Files\ScanSoft\OmniPageSE\opware32.exe
E:\Program Files\Eset\nod32kui.exe
E:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
E:\Program Files\Corel\Graphics9\Register\Remind32.exe
E:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
E:\WINDOWS\system32\wscntfy.exe
E:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
E:\PROGRA~1\NEOSTR~1\ComComp.exe
E:\PROGRA~1\NEOSTR~1\Watch.exe
E:\Program Files\Miranda IM\miranda32.exe
E:\Program Files\Winamp\winamp.exe
E:\Program Files\D-Tools\daemon.exe
E:\Program Files\WinRAR\WinRAR.exe
E:\DOCUME~1\wsp\USTAWI~1\Temp\Rar$EX00.078\HijackThis.exe
E:\Program Files\mozilla.org\Mozilla\mozilla.exe
E:\DOCUME~1\wsp\USTAWI~1\Temp\Rar$EX18.578\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - E:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [CTStartup] E:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [WOOWATCH] E:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] E:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [WooCnxMon] E:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SiSUSBRG] E:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Omnipage] E:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [nod32kui] "E:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Jet Detection] E:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [dmgnt.exe] E:\WINDOWS\system32\dmgnt.exe
O4 - Startup: Rejestrowanie produktów Corela.lnk = E:\Program Files\Corel\Graphics9\Register\Remind32.exe
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Download All by FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - E:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\flashget.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6838D502-D1C7-4969-BADB-8898B963AC47}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBC45764-ADF6-4238-B8FF-DB98899DC08A}: NameServer = 85.255.114.108,85.255.112.143
O20 - Winlogon Notify: rpcc - E:\WINDOWS\system32\rpcc.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Alias Maya 5.0 PLE Help Server (Maya5PLEHelpServer) - Unknown owner - C:\Maya 5  Personal Learning Edition\docs\Wrapper.exe" -s "C:\Maya 5  Personal Learning Edition\docs/Wrapper.conf (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - E:\Program Files\Eset\nod32krn.exe


przeskanowalme system ewido i ad-adware i nic nie wykrywa wszystko z aktualizacjami

log z silenta
Kod: Zaznacz wszystko
"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTStartup" = "E:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run" ["Creative Technology Ltd."]
"WOOWATCH" = "E:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]
"WOOTASKBARICON" = "E:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Télécom R&D"]
"WooCnxMon" = "E:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]
"UpdReg" = "E:\WINDOWS\Updreg.exe" ["Creative Technology Ltd."]
"SunJavaUpdateSched" = "E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"SpeedTouch USB Diagnostics" = ""E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"SiSUSBRG" = "E:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]
"Omnipage" = "E:\Program Files\ScanSoft\OmniPageSE\opware32.exe" ["ScanSoft, Inc"]
"nod32kui" = ""E:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
"NeroFilterCheck" = "E:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"Jet Detection" = "E:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [empty string]
"dmgnt.exe" = "E:\WINDOWS\system32\dmgnt.exe" [file not found]

HKLM\Software\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
                                        \StubPath   = "E:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "AcroIEHlprObj Class"
                   \InProcServer32\(Default) = "E:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "SSVHelper Class"
                   \InProcServer32\(Default) = "E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
{A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "IeCatch2 Class"
                   \InProcServer32\(Default) = "E:\PROGRA~1\FLASHGET\jccatch.dll" ["Amaze Soft"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "E:\WINDOWS\system32\hticons.dll" [file not found]
"{B089FE88-FB52-11d3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
                   \InProcServer32\(Default) = "E:\Program Files\Eset\nodshex.dll" ["Eset "]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
  -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
                   \InProcServer32\(Default) = "E:\Program Files\K-Lite Codec Pack\Real\rpshell.dll" ["RealNetworks, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
                   \InProcServer32\(Default) = "E:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
<<!>> "System" = "csepp.exe" [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<<!>> rpcc\DLLName = "E:\WINDOWS\system32\rpcc.dll" [null data]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
  -> {HKLM...CLSID} = "CContextScan Object"
                   \InProcServer32\(Default) = "E:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11d3-BDF1-0050DA34150D}"
  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
                   \InProcServer32\(Default) = "E:\Program Files\Eset\nodshex.dll" ["Eset "]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
  -> {HKLM...CLSID} = "CContextScan Object"
                   \InProcServer32\(Default) = "E:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
FineReader\(Default) = "{AC0DD14A-8F29-4F88-BE1D-0F0ED1B06C9F}"
  -> {HKLM...CLSID} = "FineReaderExplorerContextMenuHandler"
                   \InProcServer32\(Default) = "e:\program files\abbyy finereader 7.0 professional edition\fecmenu.dll" ["ABBYY (BIT Software)"]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11d3-BDF1-0050DA34150D}"
  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
                   \InProcServer32\(Default) = "E:\Program Files\Eset\nodshex.dll" ["Eset "]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]


Default executables:
--------------------

HKLM\Software\Classes\.scr\(Default) = "Icad.load.scr"
HKLM\Software\Classes\Icad.load.scr\shell\open\command\ = (key not found)
HKLM\Software\Classes\Icad.load.scr\ = (key not found)


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoBandCustomize" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Windows Components|Internet Explorer|Toolbars|
Disable customizing browser toolbars}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "E:\WINDOWS\Mozilla Wallpaper.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "E:\WINDOWS\Mozilla Wallpaper.bmp"


Startup items in "wsp" & "All Users" startup folders:
-----------------------------------------------------

E:\Documents and Settings\wsp\Menu Start\Programy\Autostart
"Rejestrowanie produktów Corela" -> shortcut to: "E:\Program Files\Corel\Graphics9\Register\Remind32.exe" ["IntelliQuest Communications, Inc."]
"Adobe Gamma" -> shortcut to: "E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

E:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Microsoft Office" -> shortcut to: "E:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"InterVideo WinCinema Manager" -> shortcut to: "E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [file not found]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
imon.dll ["Eset "], 01 - 05, 21
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 20
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar"
  -> {HKLM...CLSID} = "FlashGet Bar"
                   \InProcServer32\(Default) = "E:\PROGRA~1\FLASHGET\fgiebar.dll" ["Amaze Soft"]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "E:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "E:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "E:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
  -> {HKCU...CLSID} = "Java Plug-in"
                   \InProcServer32\(Default) = "E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
                   \InProcServer32\(Default) = "E:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{36ECAF82-3300-8F84-092E-AFF36D6C7040}\
"ButtonText" = "Run WinHTTrack"
"MenuText" = "Launch WinHTTrack"
"CLSIDExtension" = "{86529161-034E-4F8A-88D2-3C625E612E04}"
  -> {HKLM...CLSID} = "WinHTTrackLauncher Class"
                   \InProcServer32\(Default) = "E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll" [null data]

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "E:\PROGRA~1\FLASHGET\flashget.exe" ["Amaze Soft"]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)
  -> {HKLM...CLSID} = "Search Class"
                   \InProcServer32\(Default) = "E:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]


HOSTS file
----------

E:\WINDOWS\System32\drivers\etc\HOSTS

maps: 1 domain name to an IP address,
      1 of the IP addresses is *not* localhost!


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "E:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "E:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]
Kerio Personal Firewall 4, KPF4, ""E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe"" ["Kerio Technologies"]
NOD32 Kernel Service, NOD32krn, ""E:\Program Files\Eset\nod32krn.exe"" ["Eset "]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzlnt08\Driver = "hpzlnt08.dll" ["HP"]


----------
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
  took 36 seconds.
---------- (total run time: 113 seconds)

przy probie wlaczenia programiku Windows worms dorrs closed pojawil mi sie nastepujacy komunikat
Kod: Zaznacz wszystko
your system seems to be infected by a virus your SVCHOST virtual memory usage 27576Ko is beyond usual values.It is strongly advised to chec your system with AntiVirus up to date and antiTrojan.

co zrobic z tym fantem;(
Ostatnio edytowany przez AmAtoR 04 Lis 2006, 13:45, edytowano w sumie 2 razy
Awatar użytkownika
AmAtoR
~user
 
Posty: 338
Dołączenie: 17 Sie 2004, 22:38
Miejscowość: Lublin
Pochwały: 10


Góra

Postprzez Tom@szek 04 Lis 2006, 01:50

Zasady usuwania znasz.

O1 - Hosts: localhost 127.0.0.1
O4 - HKLM\..\Run: [dmgnt.exe] E:\WINDOWS\system32\dmgnt.exe
O4 - Startup: Rejestrowanie produktów Corela.lnk = E:\Program Files\Corel\Graphics9\Register\Remind32.exe


To chyba nie Twoje DNS-y :?:

O17 - HKLM\System\CCS\Services\Tcpip\..\{BBC45764-ADF6-4238-B8FF-DB98899DC08A}: NameServer = 85.255.114.108,85.255.112.143


O20 - Winlogon Notify: rpcc - E:\WINDOWS\system32\rpcc.dll
Tom@szek
 


Góra

Postprzez AmAtoR 04 Lis 2006, 13:30

log po wywaleniu pozycji a problem z infekcjami nadal sie pojawia;/
Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 12:06:58, on 2006-11-04
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\Program Files\ewido anti-spyware 4.0\guard.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
E:\Program Files\Eset\nod32krn.exe
E:\WINDOWS\system32\svchost.exe
E:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
E:\PROGRA~1\NEOSTR~1\CnxMon.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Program Files\ScanSoft\OmniPageSE\opware32.exe
E:\Program Files\Eset\nod32kui.exe
E:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
E:\Program Files\Winamp\winamp.exe
E:\Program Files\Neostrada TP\NeostradaTP.exe
E:\Program Files\Neostrada TP\ComComp.exe
E:\Program Files\Neostrada TP\Watch.exe
E:\Program Files\Miranda IM\miranda32.exe
E:\Program Files\mozilla.org\Mozilla\mozilla.exe
E:\Documents and Settings\wsp\Moje dokumenty\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - E:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [CTStartup] E:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [WOOWATCH] E:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] E:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [WooCnxMon] E:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SiSUSBRG] E:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Omnipage] E:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [nod32kui] "E:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Jet Detection] E:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [MSConfig] E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Download All by FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - E:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\flashget.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6838D502-D1C7-4969-BADB-8898B963AC47}: NameServer = 194.204.152.34 217.98.63.164
O20 - Winlogon Notify: rpcc - E:\WINDOWS\system32\rpcc.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Alias Maya 5.0 PLE Help Server (Maya5PLEHelpServer) - Unknown owner - C:\Maya 5  Personal Learning Edition\docs\Wrapper.exe" -s "C:\Maya 5  Personal Learning Edition\docs/Wrapper.conf (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - E:\Program Files\Eset\nod32krn.exe



[ Dodano: Dzisiaj o 12:09 ]
przy probie wlaczenia programiku Windows worms dorrs closed pojawil mi sie nastepujacy komunikat
Kod:

your system seems to be infected by a virus your SVCHOST virtual memory usage 27576Ko is beyond usual values.It is strongly advised to chec your system with AntiVirus up to date and antiTrojan.

co zrobic z tym fantem;(

to wpis z nod32
Kod: Zaznacz wszystko
Informacje o wirusie
Zbiór:http;/66.185.126.34/sp_prx1_v106_0.exe
Wirus: Prawdopodbnie nieznany NewHeur_PE wirus
Uwagi: Zbiró zawiera wirusa który zagraża komputerowi

po wyswietleniu takiego komunikatu kopiuje plik do kwarantanny
Kod: Zaznacz wszystko
Zdarzenie miało miejsce podczas próby tworzenia nowego zbioru przez program: E:\WINDOWS\system32\svchost.exe. Zbiór został przeniesiony do kwarantanny.
Awatar użytkownika
AmAtoR
~user
 
Posty: 338
Dołączenie: 17 Sie 2004, 22:38
Miejscowość: Lublin
Pochwały: 10


Góra

Postprzez Red 04 Lis 2006, 14:25

AmAtoR nadal siedzi:

O20 - Winlogon Notify: rpcc - E:\WINDOWS\system32\rpcc.dll



prosze sciagnac killboxa:

http://wiruskill.pl/forum/viewtopic.php?t=58

Odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej ścieżkę :


E:\WINDOWS\system32\rpcc.dll i nacisnij x
Program będzie pytał o restart (oczywiście zgadzasz się)
Awatar użytkownika
Red
^zasłużony
 
Posty: 8694
Dołączenie: 01 Wrz 2005, 10:57
Miejscowość: Piaseczno
Pochwały: 701

Góra

Postprzez AmAtoR 04 Lis 2006, 14:45

zrobione
Kod: Zaznacz wszystko
O20 - Winlogon Notify: rpcc - E:\WINDOWS\system32\rpcc.dll (file missing)

a czy to mialo zwiazek
Kod: Zaznacz wszystko
E:\WINDOWS\system32\svchost.exe
Awatar użytkownika
AmAtoR
~user
 
Posty: 338
Dołączenie: 17 Sie 2004, 22:38
Miejscowość: Lublin
Pochwały: 10


Góra

Postprzez Red 04 Lis 2006, 14:46

Daj log do kontroli

tu masz info o tym trojanie:

Info
Awatar użytkownika
Red
^zasłużony
 
Posty: 8694
Dołączenie: 01 Wrz 2005, 10:57
Miejscowość: Piaseczno
Pochwały: 701

Góra

Postprzez AmAtoR 04 Lis 2006, 14:54

Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 13:19:49, on 2006-11-04
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\ewido anti-spyware 4.0\guard.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
E:\Program Files\Eset\nod32krn.exe
E:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
E:\PROGRA~1\NEOSTR~1\CnxMon.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Program Files\ScanSoft\OmniPageSE\opware32.exe
E:\Program Files\Eset\nod32kui.exe
E:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
E:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
E:\WINDOWS\system32\wscntfy.exe
E:\PROGRA~1\NEOSTR~1\ComComp.exe
E:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
E:\PROGRA~1\NEOSTR~1\Watch.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Documents and Settings\wsp\Moje dokumenty\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - E:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [CTStartup] E:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [WOOWATCH] E:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] E:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [WooCnxMon] E:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SiSUSBRG] E:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Omnipage] E:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [nod32kui] "E:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Jet Detection] E:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Download All by FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - E:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\flashget.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6838D502-D1C7-4969-BADB-8898B963AC47}: NameServer = 194.204.152.34 217.98.63.164
O20 - Winlogon Notify: rpcc - E:\WINDOWS\system32\rpcc.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Alias Maya 5.0 PLE Help Server (Maya5PLEHelpServer) - Unknown owner - C:\Maya 5  Personal Learning Edition\docs\Wrapper.exe" -s "C:\Maya 5  Personal Learning Edition\docs/Wrapper.conf (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - E:\Program Files\Eset\nod32krn.exe


poszukalem tez w necie i znlazlem cos takiego
Kod: Zaznacz wszystko
http://support.microsoft.com/kb/826234/pl

i pozamykalem porty narazie cisza;)
Dziekuje za Pomoc.
Awatar użytkownika
AmAtoR
~user
 
Posty: 338
Dołączenie: 17 Sie 2004, 22:38
Miejscowość: Lublin
Pochwały: 10


Góra

Postprzez Red 04 Lis 2006, 14:56

Zaznacz w hijacku i usun wpis:

O20 - Winlogon Notify: rpcc - E:\WINDOWS\system32\rpcc.dll (file missing)
Awatar użytkownika
Red
^zasłużony
 
Posty: 8694
Dołączenie: 01 Wrz 2005, 10:57
Miejscowość: Piaseczno
Pochwały: 701

Góra

Postprzez sauroon 05 Lis 2006, 00:02

AmAtoR napisał(a):a czy to mialo zwiazek
Kod:
E:\WINDOWS\system32\svchost.exe


svchost to wazny plik systemowy, svcchost to jest szkodnik :)
Ałaaaa !!! Google mnie ugryzło :)
Awatar użytkownika
sauroon
~user
 
Posty: 263
Dołączenie: 06 Paź 2005, 10:36
Miejscowość: Kentucky Koźle
Pochwały: 8

Góra

Postprzez Aqui 05 Lis 2006, 00:32

sauroon napisał(a):svchost to wazny plik systemowy

Jesli wystepuje w odpowiedniej lokalizacji :wink:
Daj jeszcze silenta
Awatar użytkownika
Aqui
~user
 
Posty: 935
Dołączenie: 09 Wrz 2006, 19:33
Pochwały: 75

Góra

Postprzez sauroon 05 Lis 2006, 11:09

Silent RUNNERS:

Kod: Zaznacz wszystko
"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
"mouseElf" = "C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE" [" "]
"NeroCheck" = "C:\WINDOWS\System32\\NeroCheck.exe" ["Ahead Software Gmbh"]
"GhostStartTrayApp" = "C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" ["Symantec Corporation"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]

HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
                                       \StubPath   = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "SSVHelper Class"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
Ałaaaa !!! Google mnie ugryzło :)
Awatar użytkownika
sauroon
~user
 
Posty: 263
Dołączenie: 06 Paź 2005, 10:36
Miejscowość: Kentucky Koźle
Pochwały: 8

Góra
Wyślij odpowiedź

Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 13 gości

Powered by phpBB © Group
Forum Programosy.pl