zitz
(Zitz)
20 Październik 2006 10:55
#1
Witam!
Ostatnio mi wszystko dzialalo ok ale kilka dni temu F-Secure wykryl mi Exploita ale wydaje mi sie ze do konca nieusunal bo teraz mam taki problem otoz jak wchodze na maxior tam sa smiesze filmiki wogole niemam odtwarzanego glosu a pierw bylo ok (dodam ze odtwarzac muzyke moge glos jest).
Probowalem nawet odinstalowac stery od glosu i zainstalowac ponownie ten sam problem, prosze wiec o pomoc i nizej umieszczam logi.
Dzieki i Pozdro!
Logfile of HijackThis v1.99.1 Scan saved at 12:22:17, on 2006-10-20 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\SYSTEM32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\PowerS.exe D:\WINDOWS\system32\RUNDLL32.EXE D:\Program Files\F-Secure\Common\FSM32.EXE D:\Program Files\Analog Devices\SoundMAX\SMTray.exe D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe D:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE D:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe D:\Program Files\Xfire\Xfire.exe D:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe D:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE D:\Program Files\F-Secure\Common\FSMA32.EXE D:\Program Files\F-Secure\Anti-Virus\fssm32.exe D:\WINDOWS\system32\nvsvc32.exe D:\Program Files\F-Secure\Common\FSMB32.EXE D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe D:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe D:\Program Files\F-Secure\Common\FCH32.EXE D:\WINDOWS\System32\svchost.exe D:\Program Files\F-Secure\Anti-Virus\fsqh.exe D:\Program Files\F-Secure\Common\FAMEH32.EXE D:\Program Files\F-Secure\Anti-Virus\fsrw.exe D:\Program Files\F-Secure\Anti-Virus\fsav32.exe D:\Program Files\F-Secure\Common\FNRB32.EXE D:\Program Files\F-Secure\Common\FIH32.EXE D:\Program Files\F-Secure\FWES\Program\fsdfwd.exe D:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe D:\Program Files\F-Secure\FSGUI\fsguidll.exe D:\Program Files\FlashGet\flashget.exe D:\Program Files\Engelmann Media\5star Game Copy\5star Game Copy.exe D:\Program Files\Mozilla Firefox\firefox.exe F:\Najpotrzebniejsze programy 2\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wp.pl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O1 - Hosts: 212.227.76.23 reports.x-wars.pl # uni 1 O1 - Hosts: 212.227.76.23 forum.x-wars.pl O1 - Hosts: 212.227.76.27 reports.uni2.xwars.pl # uni 2, ale działa sporadycznie O1 - Hosts: 87.106.3.182 reports.uni3.xwars.pl # uni 3 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\PROGRA~1\FlashGet\getflash.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM…\Run: [PowerS] D:\WINDOWS\PowerS.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [F-Secure Manager] “D:\Program Files\F-Secure\Common\FSM32.EXE” /splash O4 - HKLM…\Run: [F-Secure TNB] “D:\Program Files\F-Secure\TNB\TNBUtil.exe” /CHECKALL /WAITFORSW O4 - HKLM…\Run: [smapp] D:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\Xfire.exe O4 - Global Startup: F-Secure Automatic Update.lnk = D:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe O4 - Global Startup: Scheduler.lnk = D:\Program Files\Prolink\PlayTV\TVSCHL.EXE O8 - Extra context menu item: &Block this popup - D:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - D:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - D:\Program Files\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program Files\F-Secure\Anti-Spyware\ieshield.dll O9 - Extra ‘Tools’ menuitem: IE Shield… - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program Files\F-Secure\Anti-Spyware\ieshield.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 0561767109 O20 - AppInit_DLLs: ?? O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - D:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - D:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - D:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: fsbwsys - F-Secure Corp. - D:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: UBO - Unknown owner - D:\DOCUME~1\Emo\USTAWI~1\Temp\UBO.exe (file missing)
“Silent Runners.vbs”, revision 46, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “PowerS” = “D:\WINDOWS\PowerS.exe” [“prolink”] “NvCplDaemon” = “RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS] “NeroFilterCheck” = “D:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “F-Secure Manager” = ““D:\Program Files\F-Secure\Common\FSM32.EXE” /splash” [“F-Secure Corporation”] “F-Secure TNB” = ““D:\Program Files\F-Secure\TNB\TNBUtil.exe” /CHECKALL /WAITFORSW” [“F-Secure Corporation”] “Smapp” = “D:\Program Files\Analog Devices\SoundMAX\SMTray.exe” [“Analog Devices, Inc.”] “SunJavaUpdateSched” = ““D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe”” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}(Default) = (no title provided) -> {HKLM…CLSID} = “IeCatch5 Class” \InProcServer32(Default) = “D:\PROGRA~1\FlashGet\jccatch.dll” [“FlashGet”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll” [“Sun Microsystems, Inc.”] {F156768E-81EF-470C-9057-481BA8380DBA}(Default) = (no title provided) -> {HKLM…CLSID} = “gFlash Class” \InProcServer32(Default) = “D:\PROGRA~1\FlashGet\getflash.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “D:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “D:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “D:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “D:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{21569614-B795-46b1-85F4-E737A8DC09AD}” = “Shell Search Band” -> {HKLM…CLSID} = “Shell Search Band” \InProcServer32(Default) = “D:\WINDOWS\system32\browseui.dll” [MS] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll” [“Alcohol Soft Development Team”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “D:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Program Files\WinRAR\rarext.dll” [null data] “{2B3453E4-49DF-11D3-8229-0080BE509050}” = “GMail Drive” -> {HKLM…CLSID} = “GMail Drive” \InProcServer32(Default) = “D:\WINDOWS\system32\ShellExt\GMailFS.dll” [“Bjarke Viksoe”] “{2B3453E4-49DF-11D3-8229-0080BE509052}” = “GMailFS Property Sheet” -> {HKLM…CLSID} = “GMailFS Property Sheet” \InProcServer32(Default) = “D:\WINDOWS\system32\ShellExt\GMailFS.dll” [“Bjarke Viksoe”] “{2B3453E4-49DF-11D3-8229-0080BE509054}” = “GMailFS Drop Handler” -> {HKLM…CLSID} = “GMailFS Drop Handler” \InProcServer32(Default) = “D:\WINDOWS\system32\ShellExt\GMailFS.dll” [“Bjarke Viksoe”] “{2B3453E4-49DF-11D3-8229-0080BE509056}” = “GMailFS Context Menu” -> {HKLM…CLSID} = “GMailFS Context Menu” \InProcServer32(Default) = “D:\WINDOWS\system32\ShellExt\GMailFS.dll” [“Bjarke Viksoe”] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ “AppInit_DLLs” = (value not set) HKLM\System\CurrentControlSet\Control\Session Manager\ INFECTION WARNING! “BootExecute” = “autocheck autochk * SsiEfr.e SsiEfr.e” [file not found], [MS], [file not found], [file not found], [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! WgaLogon\DLLName = “WgaLogon.dll” [MS] INFECTION WARNING! WRNotifier\DLLName = “WRLogonNTF.dll” [file not found] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Program Files\WinRAR\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “D:\Documents and Settings\Emo\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “Emo” & “All Users” startup folders: ----------------------------------------------------- D:\Documents and Settings\Emo\Menu Start\Programy\Autostart “Xfire” -> shortcut to: “D:\Program Files\Xfire\Xfire.exe” [“Xfire Inc.”] D:\Documents and Settings\All Users\Menu Start\Programy\Autostart “F-Secure Automatic Update” -> shortcut to: “D:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe -startup” [“F-Secure Automatic Update”] “Scheduler” -> shortcut to: “D:\Program Files\Prolink\PlayTV\TVSCHL.EXE” [“TelSignal Co., Ltd.”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000004\LibraryPath = “%SystemRoot%\System32\nwprovau.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: D:\Program Files\F-Secure\FSPS\program\FSLSP.DLL [“F-Secure Corporation”], 01 - 20, 43 %SystemRoot%\system32\mswsock.dll [MS], 21 - 23, 26 - 42, 44 %SystemRoot%\system32\rsvpsp.dll [MS], 24 - 25 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{E0E899AB-F487-11D5-8D29-0050BA6940E3}” = “FlashGet Bar” -> {HKLM…CLSID} = “FlashGet Bar” \InProcServer32(Default) = “D:\PROGRA~1\FlashGet\fgiebar.dll” [“Amaze Soft”] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}” -> {HKLM…CLSID} = “Java Plug-in 1.5.0_09” \InProcServer32(Default) = “D:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll” [“Sun Microsystems, Inc.”] {300DB664-75B5-47C0-8B45-A44ACCF73C00}\ “ButtonText” = “IE Shield” “MenuText” = “IE Shield…” “CLSIDExtension” = “{0928F506-07E8-470c-979D-147C296D4879}” -> {HKLM…CLSID} = “F-Secure IE Shield COM button” \InProcServer32(Default) = “D:\Program Files\F-Secure\Anti-Spyware\ieshield.dll” [“F-Secure Corporation”] {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ “ButtonText” = “FlashGet” “MenuText” = “&FlashGet” “Exec” = “D:\PROGRA~1\FlashGet\flashget.exe” [“FlashGet.com ”] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “D:\Program Files\Messenger\msmsgs.exe” [MS] HOSTS file ---------- D:\WINDOWS\System32\drivers\etc\HOSTS maps: 5 domain names to IP addresses, 4 of the IP addresses are *not* localhost! Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ F-Secure Anti-Virus Firewall Daemon, FSDFWD, ““D:\Program Files\F-Secure\FWES\Program\fsdfwd.exe”” [“F-Secure Corporation”] F-Secure Automatic Update, BackWeb Plug-in - 7681197, “D:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE” [“F-Secure Automatic Update”] F-Secure Management Agent, FSMA, ““D:\Program Files\F-Secure\Common\FSMA32.EXE”” [“F-Secure Corporation”] F-Secure Network Request Broker, F-Secure Network Request Broker, ““D:\Program Files\F-Secure\Common\FNRB32.EXE”” [“F-Secure Corporation”] fsbwsys, fsbwsys, ““D:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe”” [“F-Secure Corp.”] FSGKHS, F-Secure Gatekeeper Handler Starter, ““D:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe”” [“F-Secure Corp.”] NVIDIA Display Driver Service, NVSvc, “D:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] SoundMAX Agent Service, SoundMAX Agent Service (default), “D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe” [“Analog Devices, Inc.”] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer “No” at the first message box. ---------- (total run time: 35 seconds, including 6 seconds for message boxes)
Gutek
(Gutek)
20 Październik 2006 14:12
#2
Otwórz Notatnik i wklej w nim to:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager] “BootExecute”=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\ 00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00 [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ WRNotifier]
Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą FIX.REG >>> kliknij podwójnie zrobiony plik i potwierdź >>> reset kompa
O1 - Hosts: 212.227.76.23 reports.x-wars.pl # uni 1 O1 - Hosts: 212.227.76.23 forum.x-wars.pl O1 - Hosts: 212.227.76.27 reports.uni2.xwars.pl # uni 2, ale działa sporadycznie O1 - Hosts: 87.106.3.182 reports.uni3.xwars.pl # uni 3 O20 - AppInit_DLLs: ?? O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
usuń wpisy HJT
Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ
Pozdrawiam Gutek2222