Cmdservice jak go usunac

karon · 10 Maj 2006 08:45

Mialem problem z VX2 z ktorym pewnei razem w pakiecie dostalem cmdservice Spybot mi go wykrywa ale nie moze usunac ,probowalem go znalezc poprzez services.msc ale go tam nie ma.

wpisy z spybot

Command Service: Settings (Registry key, nothing done)

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService


Command Service: Settings (Registry key, nothing done)

  HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService


Command Service: Settings (Registry key, nothing done)

  HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService

MaYsTeR · 10 Maj 2006 12:47

Włącz Hijackthis :

Open misc tools section -> Delete a NT service --> Wpisz cmdService

kuz5 · 10 Maj 2006 13:31

Zobacz jeszce raz czy nie ma usługi Command Service

Wklej loga HijackThis i Silent Runners

karon · 10 Maj 2006 15:32

Niestety sie nie da mam wiadomosc ze cmdSercice is enabled or running.

sprawdzalem i zadnej uslugi command service nie znalalem.Logow z silent runnera nie moge dac bo mi nie chce go uruchomic mam problem ze skryptem VBS instalowalem ale dalej nic.

logi z HijackThis

Logfile of HijackThis v1.99.1

Scan saved at 5:23:58 PM, on 5/10/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Yahoo!\Messenger\ypager.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Everest Labs\Spydefense\sdc.exe

C:\WINDOWS\system32\acs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Windows NT\whypertrm.exe

C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\andrzej\Desktop\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [OWS Setup CmdLine] "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\40\bin\cfgwiz.exe" /pkg "Office 2000 Server Extensions"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [SpyDefense] C:\Program Files\Everest Labs\Spydefense\sdc.exe /service

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe

O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Bieniol · 10 Maj 2006 15:39

W logu nic złego nie widać :roll:

Kosmetycznie usuń te wpisy:

A co do Silenta, to zobacz:

Problemy z uruchomieniem Silent Runners: 1. Silent Runners jest całkowicie bezpieczny, dlatego jesli wasz antyvirus będzie alarmował, wyłączcie go na czas skanowania 2. Najczęszczym problemem jest wyłączony Windows Scripting Host, jest to komponent windowsa, który umożliwia nam uruchamianie plików z rozszerzeniem *.vbs. Przykładowymi błędami mogą być: Po uruchomieniu silenta, nastepuje prośba o wskazanie programu, który ma go uruchomić. “Dostęp do hosta skryptów systemu Windows jest wyłączony na tym komputerze” By to skorygować należy ściągnąć noscript, jets to proste narzędzie od symenteca, którym możemy błyskawicznie właczyć i wyłączyć WSH.Naszym zadaniem jest włączyć, dlatego odpalamy noscript Zmieniamy z disable na enable i…vuala. 3. Komunikat “Brak aparatu skryptów dla plików o rozszerzeniu vbs” Mój komputer Narzędzia Opcje folderów Typy plików Na liście znajdujemy obecne rozszerzenie vbs podświetlamyje i kasujemy. Następnie wybieramy opcję Nowe wpisujemy nazwę VBS klikamy Zaawansowane w rozwijalnej liście wybieramy jako skojarzony typ VBSscript Script File zatwierdzamy

musg · 10 Maj 2006 15:41

usuwanie cmd trzy sposoby:

w notatniku windowsa wklej:

w notatniku u góry>>>plik zapisz jako>>>Zmienić rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisać pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru…

wersja 2 usuwania:

sciagnij sobie:

http://users.telenet.be/marcvn/tools/delcmdservice.zip

zapisz na pulpicie,kliknij dwa razy na folder delcmdservice folder ,nastepnie dwa razy na delreg.bat ,poczekaj na wykonanie akcji i restartuj kompa.

wersja 3 usuwania:

sciagasz:

http://downloads.subratam.org/Lon/ren-cmdservice.zip

otwierasz folder>> ren-cmdservice i klikasz dwa razy na ren-cmdservice.bat.Restart kompa.

karon · 10 Maj 2006 16:58

No i pomoglo Po skanowaniu juz mi nie wyskakuje cmd,wielkie dzieki

za to mam jeszcze cos takiego,log z ad-aware,spybot jest czysciutki

log

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


 Adware.Director Object Recognized!

    Type : Regkey

    Data : 

    TAC Rating : 3

    Category : Adware

    Comment : 

    Rootkey : HKEY_USERS

    Object : S-1-5-21-1708537768-2111687655-839522115-1003\software\director


 Adware.Director Object Recognized!

    Type : RegValue

    Data : 

    TAC Rating : 3

    Category : Adware

    Comment : 

    Rootkey : HKEY_USERS

    Object : S-1-5-21-1708537768-2111687655-839522115-1003\software\director

    Value : Request


Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 2

Objects found so far: 2



Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 2



Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»



Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 2




Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 2



Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 2





Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 2


7:08:30 PM Scan Complete


Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:29:38.750

Objects scanned:185329

Objects identified:2

Objects ignored:0

New critical objects:2

Niestety nic sie nie zmienilo,dalej ten sam error mi wyskakuje znalazlem ten blad w helpie na stronie silentrunners ale tez nic nie pomoglo

musg · 10 Maj 2006 18:22

nie wiem kiedy tu bede ,ale potrzebny bedzie wynik skanowania tym ,czyms :mrgreen: :mrgreen:

http://www.europe.f-secure.com/exclude/ … blbeta.exe

rootkit cie odwiedził ,generalnie do uwalenia ,ale potrzebuje wynik…

karon · 10 Maj 2006 19:08

No to mnie zasmuciles a juz mialem nadzieje ze ze wszystkim sie uporalem.Zrobilem skan ale nic nie wykazal ,zadnych ukrytych folderow ,calkowicie nic.Zrobilem tez skan Rootkitreveal

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed	5/10/2006 9:43 PM	4 bytes	Data mismatch between Windows API and raw hive data.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesSuccessful	5/10/2006 9:43 PM	4 bytes	Data mismatch between Windows API and raw hive data.

C:\Documents and Settings\andrzej\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD	5/10/2006 10:05 PM	558 bytes	Hidden from Windows API.

C:\Documents and Settings\andrzej\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD	5/10/2006 10:05 PM	146 bytes	Hidden from Windows API.

C:\Documents and Settings\andrzej\Cookies\andrzej@m.webtrends[1].txt	5/10/2006 10:04 PM	181 bytes	Hidden from Windows API.

C:\Documents and Settings\andrzej\Cookies\andrzej@microsoft[1].txt	5/10/2006 10:04 PM	266 bytes	Hidden from Windows API.

C:\Documents and Settings\andrzej\Gadu-Gadu\_cache\_tbgjfca.htm	5/10/2006 7:21 PM	1.14 KB	Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\andrzej\Gadu-Gadu\_cache\_thiefba.htm	5/10/2006 7:21 PM	4.34 KB	Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\andrzej\Gadu-Gadu\_cache\_tiggfaa.htm	5/10/2006 7:21 PM	636 bytes	Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\andrzej\Gadu-Gadu\_cache\_tjeccda.htm	5/10/2006 7:21 PM	838 bytes	Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\andrzej\Local Settings\Application Data\Mozilla\Firefox\Profiles\c0h2mypu.default\Cache\0213C949d01	5/10/2006 10:02 PM	53.52 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Application Data\Mozilla\Firefox\Profiles\c0h2mypu.default\Cache\2323A159d01	5/10/2006 9:57 PM	37.10 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Application Data\Mozilla\Firefox\Profiles\c0h2mypu.default\Cache\4743B364d01	5/10/2006 10:12 PM	29.79 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Application Data\Mozilla\Firefox\Profiles\c0h2mypu.default\Cache\4BB25697d01	5/10/2006 10:12 PM	26.18 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Application Data\Mozilla\Firefox\Profiles\c0h2mypu.default\Cache\7153C260d01	5/10/2006 10:12 PM	22.18 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Application Data\Mozilla\Firefox\Profiles\c0h2mypu.default\Cache\99BB59EDd01	5/10/2006 9:57 PM	24.31 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temp\Rar$EX00.390\Eula.txt	2/11/2006 9:22 AM	1.92 KB	Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\andrzej\Local Settings\Temp\Rar$EX00.390\RootkitRevealer.chm	12/7/2005 2:19 PM	99.77 KB	Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\238LSBM7\0000001186_000000000000000301842[2].swf	5/10/2006 10:03 PM	23.63 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\238LSBM7\66C86C3188FE01870578750E01822[1].jpg	5/10/2006 10:03 PM	2.16 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\238LSBM7\AC74213EC54D45D74D21B94FB5A82[1].jpg	5/10/2006 10:03 PM	2.70 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\238LSBM7\arrowLTR[1].gif	5/10/2006 10:04 PM	821 bytes	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\238LSBM7\expand[1].jpg	5/10/2006 10:03 PM	64 bytes	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\238LSBM7\hr-end[1].gif	5/10/2006 10:03 PM	283 bytes	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\238LSBM7\main[2].css	5/10/2006 10:03 PM	15.62 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\238LSBM7\pgtop-right[1].gif	5/10/2006 10:03 PM	2.30 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\238LSBM7\pgtop-right[2].gif	5/10/2006 10:04 PM	2.30 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\238LSBM7\s_code[3].js	5/10/2006 10:03 PM	18.62 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\238LSBM7\wt[1].js	5/10/2006 10:03 PM	12.26 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\ATYHODEN\1376[1].gif	5/10/2006 10:03 PM	85 bytes	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\ATYHODEN\5793CB468D3C0FEC1CAE5EAE246F[1].jpg	5/10/2006 10:03 PM	14.37 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\ATYHODEN\BrowserAlternative[1].htm	5/10/2006 10:04 PM	15.91 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\ATYHODEN\bullet[1].gif	5/10/2006 10:03 PM	49 bytes	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\ATYHODEN\CommonFunctions[1].js	5/10/2006 10:04 PM	11.14 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\ATYHODEN\F8AE6B1DC35767BFE3958341D05A[1].jpg	5/10/2006 10:03 PM	13.78 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\ATYHODEN\fade[1].gif	5/10/2006 10:03 PM	1022 bytes	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\ATYHODEN\ms_masthead_ltr[1].gif	5/10/2006 10:03 PM	947 bytes	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\ATYHODEN\ms_masthead_ltr[2].gif	5/10/2006 10:04 PM	947 bytes	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\ATYHODEN\nonGenuine[1].htm	5/10/2006 10:03 PM	54.16 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\ATYHODEN\s_code[1].js	5/10/2006 10:04 PM	18.62 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\ATYHODEN\SiteRecruit_PageConfiguration_2943mt30-2944mt1[1].js	5/10/2006 10:03 PM	12.30 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\ATYHODEN\su[1].js	5/10/2006 10:03 PM	5.47 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\ATYHODEN\themes[1].js	5/10/2006 4:42 PM	2.97 KB	Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\MPG5C7I3\92D5A5F7E4FFFDD04F69881D9A1E97[1].jpg	5/10/2006 10:03 PM	7.82 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\MPG5C7I3\ad_120x90_WGA_th[1].gif	5/10/2006 10:04 PM	4.66 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\MPG5C7I3\arrowLTR[1].gif	5/10/2006 10:03 PM	821 bytes	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\MPG5C7I3\broker[1].js	5/10/2006 10:03 PM	40.81 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\MPG5C7I3\defender[1].gif	5/10/2006 10:03 PM	1005 bytes	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\MPG5C7I3\divider-end[1].gif	5/10/2006 10:03 PM	275 bytes	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\MPG5C7I3\F4A6CCC772A74841A87DB34A12346A[1].jpg	5/10/2006 10:03 PM	1.83 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\MPG5C7I3\keyactivation[1].jpg	5/10/2006 10:03 PM	2.23 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\MPG5C7I3\menujs[1].xml&clicktrax=False	5/10/2006 10:04 PM	103 bytes	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\MPG5C7I3\pgtop-left[1].gif	5/10/2006 10:04 PM	2.66 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\MPG5C7I3\pgtop-right[1].gif	5/10/2006 10:03 PM	2.30 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\MPG5C7I3\ql[1].js	5/10/2006 10:03 PM	5.91 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\MPG5C7I3\validate[1].htm	5/10/2006 10:04 PM	7.20 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\Y1O7YZGX\ad_120x90_PYPC_th[1].gif	5/10/2006 10:04 PM	2.54 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\Y1O7YZGX\CA8PIVKD.HTM	5/10/2006 10:03 PM	1.15 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\Y1O7YZGX\CATGC3X1.HTM	5/10/2006 5:18 PM	906 bytes	Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\Y1O7YZGX\clear[1].gif	5/10/2006 10:03 PM	43 bytes	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\Y1O7YZGX\css[1].css	5/10/2006 10:04 PM	2.48 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\Y1O7YZGX\IE7[1].gif	5/10/2006 10:03 PM	923 bytes	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\Y1O7YZGX\legitcheck[1].hta	5/10/2006 10:04 PM	4.16 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\Y1O7YZGX\pgtop-left[1].gif	5/10/2006 10:03 PM	2.66 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\Y1O7YZGX\pgtop-left[2].gif	5/10/2006 10:03 PM	2.66 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\Y1O7YZGX\ql[1].css	5/10/2006 10:03 PM	1.46 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\Y1O7YZGX\ql[1].gif	5/10/2006 10:03 PM	51 bytes	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\Y1O7YZGX\styles[1].css	5/10/2006 10:04 PM	18.25 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\Y1O7YZGX\themes[1].js	5/10/2006 10:03 PM	2.55 KB	Hidden from Windows API.

C:\Documents and Settings\andrzej\Local Settings\Temporary Internet Files\Content.IE5\Y1O7YZGX\WinGenuine[1].css	5/10/2006 10:03 PM	3.43 KB	Hidden from Windows API.

C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060510.019\vscanmsx.dat	5/10/2006 9:50 PM	2.02 KB	Hidden from Windows API.

C:\RECYCLER\S-1-5-21-1708537768-2111687655-839522115-1003\Dc25.bmp	5/10/2006 7:54 PM	243.69 KB	Visible in directory index, but not Windows API or MFT.

C:\RECYCLER\S-1-5-21-1708537768-2111687655-839522115-1003\Dc26.vbs	5/10/2006 5:59 PM	289.24 KB	Visible in directory index, but not Windows API or MFT.

Robinhio · 10 Maj 2006 19:46

Co do SilentRunners wykonaj:

1.Start=> Uruchom i wpisz lub wklej:

regsvr32 %SystemRoot%\system32\scrrun.dll

Jeśli powyzsza metoda nie pomoże to sciągnij Windows Script 5.6 i zainstaluj

karon · 11 Maj 2006 05:57

Pierwsza metoda nie pomogla,a co do drugiej to zabawna historia,sciagam ten skrypt i probuje go instalowac ale po pierwszym kontynuj wywala mi strone w jezyku tajskim pewnei na podstawie mojego IP A ja nic z tego nie kumam

Robinhio · 11 Maj 2006 13:14

W pierwszej kolejności musisz wyczyscic system ze śmieci.

Pobierz CCleaner 1.29.295, klikasz na Cleaner i pozniej Uruchom Cleaner

Jak to zrobisz wejdz do pliku HOSTS => C:\WINDOWS\system32\drivers\etc , otwierasz plik Hosts i usun wszystko oprocz 127.0.0.1 localhost o ile beda jakies wpisy.

Sprawdz jeszcze tym CWShredder 2.19

Nastepnie sciagasz i instalujesz =>Windows Script 5.6 a potem restart i uruchamiasz SilentRunners

karon · 11 Maj 2006 15:58

Wielkie dzieki Robinho W koncu odpalilem Silentrunner.Skanowalem spybotem i nic nie wykazal za to Ad-aware wciaz pokazuje jakis syf

"Silent Runners.vbs", revision 45, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\

"WinUpdate.exe" = "C:\Program Files\Windows\WinUpdate.exe" [file not found]


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"]

"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet" ["Yahoo! Inc."]

"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

"SpyDefense" = "C:\Program Files\Everest Labs\Spydefense\sdc.exe /service" ["Everest Labs"]

"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"ACTray" = "C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" ["Lenovo"]

"ACWLIcon" = "C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" ["Lenovo"]

"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]

"SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]

"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]

"OWS Setup CmdLine" = ""C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\40\bin\cfgwiz.exe" /pkg "Office 2000 Server Extensions"" [MS]

"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]

"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]

"Odkurzacz-MCD" = "C:\Program Files\Odkurzacz 10.1 Pro\odk_mcd.exe" ["FranmoSoft"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"

  -> {HKLM...CLSID} = "Display Panning CPL Extension"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"

  -> {HKLM...CLSID} = "YMailShellExt Class"

                   \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

  -> {HKLM...CLSID} = "Shell Search Band"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"

  -> {HKLM...CLSID} = "IEContextMenu Class"

                   \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"

  -> {HKLM...CLSID} = "YMailShellExt Class"

                   \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"

  -> {HKLM...CLSID} = "IEContextMenu Class"

                   \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is enabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp"


Active Desktop web content:


HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\

"FriendlyName" = ""

"Source" = ""

"SubscribedURL" = ""



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\


HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\1\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]



Enabled Scheduled Tasks:

------------------------


"Norton AntiVirus - Scan my computer - andrzej" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]

"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 14

%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"

  -> {HKLM...CLSID} = "Norton AntiVirus"

                   \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{85D1F590-48F4-11D9-9669-0800200C9A66}\

"MenuText" = "Uninstall BitDefender Online Scanner v8"

"Exec" = "%windir%\bdoscandel.exe" [null data]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Ac Profile Manager Service, AcPrfMgrSvc, "C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe" [null data]

Access Connections Main Service, AcSvc, "C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe" ["Lenovo"]

ACU Configuration Service, ACS, "C:\WINDOWS\system32\acs.exe" [null data]

Diskeeper, Diskeeper, ""C:\Program Files\Executive Software\DiskeeperLite\DKService.exe"" ["Executive Software International, Inc."]

EvtEng, EvtEng, "C:\Program Files\Intel\Wireless\Bin\EvtEng.exe" ["Intel Corporation"]

HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}

IBM PM Service, IBMPMSVC, "C:\WINDOWS\system32\ibmpmsvc.exe" [null data]

Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]

Norton AntiVirus Firewall Monitor Service, NPFMntor, ""C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"" ["Symantec Corporation"]

RegSrvc, RegSrvc, "C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe" ["Intel Corporation"]

Spectrum24 Event Monitor, S24EventMonitor, "C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe" ["Intel Corporation "]

Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]

Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]

Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]

Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]

Symantec SPBBCSvc, SPBBCSvc, ""C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

  use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 32 seconds, including 5 seconds for message boxes)

Bieniol · 11 Maj 2006 16:03

Otwórz notatnik i wklej w nim to:

Plik --> zapisz jako --> zmień rozszerzenie na wszystkie pliki --> zapisz pid nazwą FIX.REG

W trybie awaryjnym odpal plik FIX.REG i potwierdź dodanie do rejestru i reset kompa

MaYsTeR · 11 Maj 2006 16:29

na dopełnienie przeskanuj :

http://www.ewido.net/en/

karon · 11 Maj 2006 18:07

Wielkie dzieki za pomoc! Chyba wyglada na to ze wszystko jest OK.

Dla pewnosci logi z ewido,glownie cookie,mam nadzieje ze tym razem wszystko bedzie ok

__________________________________________________

ewido security suite online scanner

	http://www.ewido.net

__________________________________________________



Name: TrackingCookie.Tradedoubler

Path: :mozilla.15:C:\Documents and Settings\andrzej\Application Data\Mozilla\Firefox\Profiles\c0h2mypu.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Tradedoubler

Path: :mozilla.16:C:\Documents and Settings\andrzej\Application Data\Mozilla\Firefox\Profiles\c0h2mypu.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Adocean

Path: :mozilla.25:C:\Documents and Settings\andrzej\Application Data\Mozilla\Firefox\Profiles\c0h2mypu.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Adocean

Path: :mozilla.26:C:\Documents and Settings\andrzej\Application Data\Mozilla\Firefox\Profiles\c0h2mypu.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Liveperson

Path: :mozilla.28:C:\Documents and Settings\andrzej\Application Data\Mozilla\Firefox\Profiles\c0h2mypu.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Liveperson

Path: :mozilla.29:C:\Documents and Settings\andrzej\Application Data\Mozilla\Firefox\Profiles\c0h2mypu.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Liveperson

Path: :mozilla.30:C:\Documents and Settings\andrzej\Application Data\Mozilla\Firefox\Profiles\c0h2mypu.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Liveperson

Path: :mozilla.31:C:\Documents and Settings\andrzej\Application Data\Mozilla\Firefox\Profiles\c0h2mypu.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Tribalfusion

Path: :mozilla.34:C:\Documents and Settings\andrzej\Application Data\Mozilla\Firefox\Profiles\c0h2mypu.default\cookies.txt

Risk: Medium


Name: Adware.Agent

Path: C:\Program Files\Symantec\SYMEVENT.exe

Risk: Medium

adam9870 · 11 Maj 2006 18:09

Większość to ciacha. Możesz usunąć je.

Możesz dać nowy log z Silenta.

karon · 11 Maj 2006 18:18

"Silent Runners.vbs", revision 45, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"]

"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet" ["Yahoo! Inc."]

"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

"SpyDefense" = "C:\Program Files\Everest Labs\Spydefense\sdc.exe /service" ["Everest Labs"]

"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"ACTray" = "C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" ["Lenovo"]

"ACWLIcon" = "C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" ["Lenovo"]

"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]

"SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]

"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]

"OWS Setup CmdLine" = ""C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\40\bin\cfgwiz.exe" /pkg "Office 2000 Server Extensions"" [MS]

"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]

"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]

"Odkurzacz-MCD" = "C:\Program Files\Odkurzacz 10.1 Pro\odk_mcd.exe" ["FranmoSoft"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"

  -> {HKLM...CLSID} = "Display Panning CPL Extension"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"

  -> {HKLM...CLSID} = "YMailShellExt Class"

                   \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

  -> {HKLM...CLSID} = "Shell Search Band"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"

  -> {HKLM...CLSID} = "IEContextMenu Class"

                   \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"

  -> {HKLM...CLSID} = "YMailShellExt Class"

                   \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"

  -> {HKLM...CLSID} = "IEContextMenu Class"

                   \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is enabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp"


Active Desktop web content:


HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\

"FriendlyName" = ""

"Source" = ""

"SubscribedURL" = ""



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\


HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\1\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]



Enabled Scheduled Tasks:

------------------------


"Norton AntiVirus - Scan my computer - andrzej" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]

"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 14

%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"

  -> {HKLM...CLSID} = "Norton AntiVirus"

                   \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{85D1F590-48F4-11D9-9669-0800200C9A66}\

"MenuText" = "Uninstall BitDefender Online Scanner v8"

"Exec" = "%windir%\bdoscandel.exe" [null data]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Ac Profile Manager Service, AcPrfMgrSvc, "C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe" [null data]

Access Connections Main Service, AcSvc, "C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe" ["Lenovo"]

ACU Configuration Service, ACS, "C:\WINDOWS\system32\acs.exe" [null data]

Diskeeper, Diskeeper, ""C:\Program Files\Executive Software\DiskeeperLite\DKService.exe"" ["Executive Software International, Inc."]

EvtEng, EvtEng, "C:\Program Files\Intel\Wireless\Bin\EvtEng.exe" ["Intel Corporation"]

HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}

IBM PM Service, IBMPMSVC, "C:\WINDOWS\system32\ibmpmsvc.exe" [null data]

Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]

Norton AntiVirus Firewall Monitor Service, NPFMntor, ""C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"" ["Symantec Corporation"]

RegSrvc, RegSrvc, "C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe" ["Intel Corporation"]

Spectrum24 Event Monitor, S24EventMonitor, "C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe" ["Intel Corporation "]

Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]

Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]

Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]

Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]

Symantec SPBBCSvc, SPBBCSvc, ""C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

  use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 21 seconds, including 5 seconds for message boxes)

adam9870 · 11 Maj 2006 18:21

Jak na moje oko to ok

Bieniol · 11 Maj 2006 18:23

Otwórz notatnik i wklej w nim to:

Plik --> zapisz jako --> zmień rozszerzenie na wszystkie pliki --> zapisz pod nazwą FIX.REG

W trybie awaryjnym odpal plik FIX.REG i potwierdź dodanie do rejestru i reset kompa