Komunikaty z ZoneAlarm o plikach i mulenie komputera


(Dzanet523) #1

Od kilku dni ZoneAlarm zaraz po polaczeniu z internetem pokazuje komunikaty o plikach probujacych polaczyc sie z siecia (te dwa pliki nagminnie C:\WINDOWS\Temp\wblb1.exe, C:\WINDOWS\System32:wfecb.exe), na co ja odpowiadam "Deny"... Mam oprocz tego Avast home edition i skanowalam system ewido, ale nic mi nie wykrylo.. Oczywiscie muli mi komputer ...

Proszę bardzo bardzo o sprawdzenie loga z hijackthis i silentrunners...

Logfile of HijackThis v1.99.1

Scan saved at 16:44:28, on 8/30/2006

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ntvdm.exe

C:\WINDOWS\Temp\wblb1.exe

C:\WINDOWS\System32:wfecb.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\System32\ZoneLabs\vsmon.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\WScript.exe

C:\Documents and Settings\Administrator\Pulpit\wirusy\hijackthis\HijackThis.exe


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Lacza

R3 - Default URLSearchHook is missing

F3 - REG:win.ini: load=C:\YDPDict\watch.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [wblb1.exe] C:\WINDOWS\Temp\wblb1.exe

O4 - HKLM\..\Run: [wfecb.exe] C:\WINDOWS\System32:wfecb.exe

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [wfecb.exe] C:\WINDOWS\System32:wfecb.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Eventi COM avanzati (ecomoplus) - Unknown owner - C:\WINDOWS\Downlo~1\wmrep9s\0fyvu4.exe (file missing)

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

"Silent Runners.vbs", revision 46, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]

"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [file not found]

"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

"wfecb.exe" = "C:\WINDOWS\System32:wfecb.exe" [**WMI GetObject error**]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"IMJPMIG8.1" = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" [MS]

"MSPY2002" = "C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC" [null data]

"PHIME2002ASync" = "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]

"PHIME2002A" = "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]

"wblb1.exe" = "C:\WINDOWS\Temp\wblb1.exe" [null data]

"wfecb.exe" = "C:\WINDOWS\System32:wfecb.exe" [**WMI GetObject error**]

"Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"]

"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Google Toolbar Helper"

                   \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyswietlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyswietlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"

  -> {HKLM...CLSID} = "WinZip"

                   \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"

  -> {HKLM...CLSID} = "WinZip"

                   \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"

  -> {HKLM...CLSID} = "WinZip"

                   \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"

  -> {HKLM...CLSID} = "WinZip"

                   \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

  -> {HKLM...CLSID} = "Portable Media Devices"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

  -> {HKLM...CLSID} = "Portable Media Devices Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"

  -> {HKLM...CLSID} = "YMailShellExt Class"

                   \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

  -> {HKLM...CLSID} = "Microsoft Office Outlook"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

  -> {HKLM...CLSID} = "Estensione dell'icona del file di Outlook"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"

  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

                   \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]


HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\

INFECTION WARNING! "load" = "C:\YDPDict\watch.exe" [null data]


HKLM\Software\Classes\PROTOCOLS\Filter\

INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

  -> {HKLM...CLSID} = "CContextScan Object"

                   \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

  -> {HKLM...CLSID} = "WinZip"

                   \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"

  -> {HKLM...CLSID} = "YMailShellExt Class"

                   \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

  -> {HKLM...CLSID} = "CContextScan Object"

                   \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

  -> {HKLM...CLSID} = "WinZip"

                   \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

  -> {HKLM...CLSID} = "WinZip"

                   \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Startup items in "Administrator" & "All Users" startup folders:

---------------------------------------------------------------


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Acrobat Assistant" -> shortcut to: "C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe" ["Adobe Systems Inc."]

"Adobe Gamma Loader.exe" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe" [empty string]



Enabled Scheduled Tasks:

------------------------


"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]

"{1CE43C3B-C5CB-4259-93A1-6B0DAED454E8}_MICROSOF-4U405E_Administrator" -> launches: "C:\WINDOWS\system32\mobsync.exe /Schedule="{1CE43C3B-C5CB-4259-93A1-6B0DAED454E8}_MICROSOF-4U405E_Administrator"" [MS]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

"{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}"

  -> {HKLM...CLSID} = "My &Search Bar"

                   \InProcServer32\(Default) = "C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL" [file not found]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"

  -> {HKLM...CLSID} = "MSN"

                   \InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll" [file not found]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

  -> {HKLM...CLSID} = "&Google"

                   \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"

  -> {HKLM...CLSID} = "MSN"

                   \InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll" [file not found]

"{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}"

  -> {HKLM...CLSID} = "My &Search Bar"

                   \InProcServer32\(Default) = "C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL" [file not found]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

  -> {HKLM...CLSID} = "&Google"

                   \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"

  -> {HKLM...CLSID} = "MSN"

                   \InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll" [file not found]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)

  -> {HKLM...CLSID} = "&Google"

                   \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]


Explorer Bars


HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

{A3B90661-AF20-175C-931B-3914F4AA9EF0}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "JavaScript console"

                   \InProcServer32\(Default) = "C:\WINDOWS\inbcx1.dll" [file not found]


Dormant Explorer Bars in "View, Explorer Bar" menu


HKLM\Software\Classes\CLSID\{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}\(Default) = "My Search Bar Quick View"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]


HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Ricerche"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"


{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Ricerche"


{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]

avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]

avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]

PPPoE Service, PPPoEService, "C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe" [null data]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

PrimoMon\Driver = "Primomonnt.dll" [file not found]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 575 seconds.

+ The search for all Registry CLSIDs containing dormant Explorer Bars

  took 208 seconds.

---------- (total run time: 1673 seconds)

(Gutek) #2

Zastosuj się do tego Tematu i zmień tytuł na konkretny

Pozdrawiam Gutek2222

użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable. Po użyciu tego narzędzia wymagany jest reset sysa. W trybie awaryjnym usuń folder i pliki, wpisy HJT

Użyj RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177 albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

bo masz:


(Dzanet523) #3

Witam!

Dziekuje Gutek za "pouczenie" i przepraszam za brak dyscypliny (zazwyczaj czytam sobie na poczatku regulamin forum, a dalej to juz intuicyjnie leci... niestety).

Wracajac do mojego problemu, zastosowalam sie do wskazowek, ale np. pliku C:\WINDOWS\System32:wfecb.exe w ogole nie znalazlam, nawet przeszukujac ukryte.. Ubilam te procesy w HJT, ale ZoneAlarm dalej mnie informuje przy wlaczeniu kompa ze plik ten "is trying to access internet". Oprocz tego jakis inny, ktory chce "sledzic moje poczynania na komputerze etc", odpowiadam zawsze "deny". Wszystkie ptaszki w WWDC mam zielone...

Najgorsze jest, ze mam ZoneAlarm (ta wersje wczesniejsza ktora nie ma problemow z odpalaniem sie przy starcie systemu) i Avast i mimo wszystko te beznadziejne trojany itp sobie wija gniazdka na moim kompie, do tego stopnia, ze komputer co jakies 15 minut "zasypia sobie" na jakies 5 minut.. okropne! Aha, avast czasem wykrywa wirusa, ale jak klikam "wywal na dobre" to otrzymuje odpowiedz, ze niemozliwy dostep do pliku.

No i co - walka czy jednak format? :slight_smile:

Pozdrawiam


(Bbieniol) #4

Oczywiście, że walka :slight_smile:

Wrzuć nowy log z Hijacka + nowy log z Silenta :slight_smile:

Widzę, że masz EWIDO, więc przeskanuj nim dysk :slight_smile:

Dodatkowo przeskanuj komputer programami Ad-aware SE Personal 1.06 oraz Spybot Search & Destroy 1.4


(Dzanet523) #5

Zatem walczę.. :slight_smile:

Jesli chodzi o ewido, to był on do tej pory moja ostatnia deską ratunku. Jak mi avast wykrywał jakiś wirus, z którym sam sobie nie radził, ewido nie tylko go znajdywał, ale i ze wszystkim sobie radził. Teraz nawet ewido mnie zawodzi..Wykrywa tylko jakies pliczki typu TrackingCookie.xxx, ktore ocenia na medium risk.

Kolejne dane do diagnozy są następujące:

  1. Przeskanowałam kompa tym Ad-aware i wykrył ze 20 critical objects, które wywaliłam do kwarantanny.

  2. Niestety Spybot Search & Destroy 1.4 nie chce mi się zainstalować, tzn. wyskakuje błąd, jak na załączonym obrazku:

http://www.fotosik.pl/pokaz_obrazek/797 ... 4581f.html

  1. ZoneAlarm pokazuje mi komunikat nastepujący:

http://www.fotosik.pl/pokaz_obrazek/8f0 ... 47cad.html

  1. Ponadto, już od dłuższego czasu (jakos tak odkad zainstalowalam sobie ZoneAlarm) przy otwieraniu niektórych stron (np. hotmail) wyskakuje mi blad (tez na obrazku), po czym zamyka mi wszystkie okna explorera.

Do tej pory jakos to ignorowalam i włączałam sobie Mozille, ale to chyba nie powinno tak być..

http://www.fotosik.pl/pokaz_obrazek/69f ... b6488.html

  1. Obecny log z SilentRunners:

    "Silent Runners.vbs", revision 46, http://www.silentrunners.org/

    Operating System: Windows XP

    Output limited to non-default values, except where indicated by "{++}"

    Startup items buried in registry:


    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

    "Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"]

    "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

    -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]

    {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided)

    -> {HKLM...CLSID} = "Google Toolbar Helper"

                   \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyswietlania"

    -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyswietlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

    "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"

    -> {HKLM...CLSID} = "WinZip"

                   \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"

    -> {HKLM...CLSID} = "WinZip"

                   \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"

    -> {HKLM...CLSID} = "WinZip"

                   \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"

    -> {HKLM...CLSID} = "WinZip"

                   \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

    -> {HKLM...CLSID} = "Portable Media Devices"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

    -> {HKLM...CLSID} = "Portable Media Devices Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

    "{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"

    -> {HKLM...CLSID} = "YMailShellExt Class"

                   \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]

    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

    -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

    -> {HKLM...CLSID} = "Microsoft Office Outlook"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

    -> {HKLM...CLSID} = "Estensione dell'icona del file di Outlook"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

    -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

    "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

    -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

    INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"

    -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

                   \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

    HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\

    INFECTION WARNING! "load" = "C:\YDPDict\watch.exe" [null data]

    HKLM\Software\Classes\PROTOCOLS\Filter\

    INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

    -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

    HKLM\Software\Classes*\shellex\ContextMenuHandlers\

    avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

    -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

    ewido anti-spyware(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

    -> {HKLM...CLSID} = "CContextScan Object"

                   \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

    WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

    -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    WinZip(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

    -> {HKLM...CLSID} = "WinZip"

                   \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    Yahoo! Mail(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"

    -> {HKLM...CLSID} = "YMailShellExt Class"

                   \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

    ewido anti-spyware(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

    -> {HKLM...CLSID} = "CContextScan Object"

                   \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

    WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

    -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    WinZip(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

    -> {HKLM...CLSID} = "WinZip"

                   \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

    avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

    -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

    WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

    -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    WinZip(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

    -> {HKLM...CLSID} = "WinZip"

                   \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    Active Desktop and Wallpaper:


    Active Desktop is disabled at this entry:

    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    HKCU\Control Panel\Desktop\

    "Wallpaper" = "C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

    Enabled Scheduled Tasks:


    "Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]

    "{1CE43C3B-C5CB-4259-93A1-6B0DAED454E8}MICROSOF-4U405EAdministrator" -> launches: "C:\WINDOWS\system32\mobsync.exe /Schedule="{1CE43C3B-C5CB-4259-93A1-6B0DAED454E8}MICROSOF-4U405EAdministrator"" [MS]

    Winsock2 Service Provider DLLs:


    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17

    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

    Toolbars, Explorer Bars, Extensions:


    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

    "{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}"

    -> {HKLM...CLSID} = "My &Search Bar"

                   \InProcServer32\(Default) = "C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL" [file not found]

    "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"

    -> {HKLM...CLSID} = "MSN"

                   \InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll" [file not found]

    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

    -> {HKLM...CLSID} = "&Google"

                   \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

    "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"

    -> {HKLM...CLSID} = "MSN"

                   \InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll" [file not found]

    "{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}"

    -> {HKLM...CLSID} = "My &Search Bar"

                   \InProcServer32\(Default) = "C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL" [file not found]

    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

    -> {HKLM...CLSID} = "&Google"

                   \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\

    "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"

    -> {HKLM...CLSID} = "MSN"

                   \InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll" [file not found]

    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)

    -> {HKLM...CLSID} = "&Google"

                   \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

    Explorer Bars

    HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

    {A3B90661-AF20-175C-931B-3914F4AA9EF0}(Default) = (no title provided)

    -> {HKLM...CLSID} = "JavaScript console"

                   \InProcServer32\(Default) = "C:\WINDOWS\inbcx1.dll" [file not found]

    Dormant Explorer Bars in "View, Explorer Bar" menu

    HKLM\Software\Classes\CLSID{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}(Default) = "My Search Bar Quick View"

    Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]

    InProcServer32(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = "&Ricerche"

    Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]

    InProcServer32(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

    "MenuText" = "Sun Java Console"

    "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"

    {92780B25-18CC-41C8-B9BE-3C9C571A8263}\

    "ButtonText" = "Ricerche"

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\

    "ButtonText" = "Messenger"

    "MenuText" = "Windows Messenger"

    "Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]

    Running Services (Display Name, Service Name, Path {Service DLL}):


    avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]

    avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]

    avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]

    avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

    PPPoE Service, PPPoEService, "C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe" [null data]

    TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]

    Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]

    Print Monitors:


    HKLM\System\CurrentControlSet\Control\Print\Monitors\

    Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

    PrimoMon\Driver = "Primomonnt.dll" [file not found]


    • This report excludes default entries except where indicated.

    • To see everywhere the script checks and everything it finds,

    launch it from a command prompt or a shortcut with the -all parameter.

    • The search for DESKTOP.INI DLL launch points on all local fixed drives

    took 1341 seconds.

    • The search for all Registry CLSIDs containing dormant Explorer Bars

    took 338 seconds.

    ---------- (total run time: 3031 seconds)

  2. Obecny log z HJT:

    Logfile of HijackThis v1.99.1

    Scan saved at 14:56:09, on 8/31/2006

    Platform: Windows XP (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

    C:\Program Files\Alwil Software\Avast4\ashServ.exe

    C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\system32\ntvdm.exe

    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

    C:\WINDOWS\System32\ctfmon.exe

    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    C:\WINDOWS\system32\notepad.exe

    C:\Documents and Settings\Administrator\Pulpit\wirusy\hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Lacza

    F3 - REG:win.ini: load=C:\YDPDict\watch.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll (file missing)

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

    O4 - HKLM..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

    O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

    O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html

    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab

    O17 - HKLM\System\CCS\Services\Tcpip..{C881E750-6F77-4BF8-B26B-D5E07FDC725C}: NameServer = 85.37.17.5 85.38.28.77

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: Eventi COM avanzati (ecomoplus) - Unknown owner - C:\WINDOWS\Downlo~1\wmrep9s\0fyvu4.exe (file missing)

    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

    O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe

    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Nie wiem juz co robic, komputer zaczyna coraz bardziej mulić :frowning:


(Bbieniol) #6

Jak na moje oko, to logi są już czyste :slight_smile:

Widze kilka pustych wpisów w rejestrze, dlatego przeczyść rejestr (polecam do tego jv16 PowerTools 1.3.0.195)

Dodatkowo zrób defragmentację, oraz przejrzyj: Optymalizacja XP

Wejdź: Start --> uruchom --> msconfig i w zakładce uruchamianie odznacz (według Ciebie) niepotrzbne przy autostarcie programy :slight_smile:


(Dzanet523) #7

Ok, dzieki za pomoc i użyteczne linki !

Pozdrawiam