Witam serdecznie - proszę o pomoc w następującej sprawie…
od jakiegos czasu pojawiają mi się komunikaty “USŁUGA POSŁANIEC” informujące o wystepowaniu krytycznych bledów systemu Windows i odsyłających do różnych stron internetowych (np reproscan.net , fixreg.com )…straszą przy okazji, że zaniedbanie może prowadzić do “dramatic system failure”
wrzucam scan z HiJack:
Logfile of HijackThis v1.99.1 Scan saved at 20:24:47, on 2007-02-07 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: I:\WINDOWS\System32\smss.exe I:\WINDOWS\system32\winlogon.exe I:\WINDOWS\system32\services.exe I:\WINDOWS\system32\lsass.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\System32\svchost.exe I:\WINDOWS\system32\spoolsv.exe I:\WINDOWS\Explorer.EXE I:\Program Files\Eset\nod32kui.exe I:\WINDOWS\System32\ctfmon.exe I:\Program Files\Eset\nod32krn.exe I:\Program Files\Internet Explorer\IEXPLORE.EXE K:\Program Files\Gadu-Gadu\gg.exe K:\Program Files\Winamp\winampa.exe K:\Program Files\Winamp\winamp.exe K:\Program Files\bezpieczeństwo\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - I:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [nod32kui] “I:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [WinampAgent] K:\Program Files\Winamp\winampa.exe O4 - HKCU…\Run: [CTFMON.EXE] I:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “I:\Program Files\Messenger\msmsgs.exe” /background O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - I:\Program Files\Eset\nod32krn.exe
oraz SilentRunners
“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “I:\WINDOWS\System32\ctfmon.exe” [MS] “MSMSGS” = ““I:\Program Files\Messenger\msmsgs.exe” /background” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “nod32kui” = ““I:\Program Files\Eset\nod32kui.exe” /WAITSERVICE” ["Eset "] “WinampAgent” = “K:\Program Files\Winamp\winampa.exe” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “I:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “I:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “I:\Program Files\Microsoft Office\Office10\msohev.dll” [MS] “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” = “NOD32 Context Menu Shell Extension” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “I:\Program Files\Eset\nodshex.dll” [null data] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “I:\Program Files\Eset\nodshex.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “I:\Program Files\Eset\nodshex.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “I:\WINDOWS\web\wallpaper\Idylla.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “I:\Documents and Settings\a\Dane aplikacji\Microsoft\Internet Explorer\Tapeta programu Internet Explorer.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “I:\WINDOWS\System32\logon.scr” [MS] Startup items in “a” & “All Users” startup folders: --------------------------------------------------- I:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Microsoft Office” -> shortcut to: “I:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: I:\WINDOWS\System32\imon.dll ["Eset "], 01 - 05, 20 %SystemRoot%\system32\mswsock.dll [MS], 06 - 09, 12 - 19 %SystemRoot%\system32\rsvpsp.dll [MS], 10 - 11 Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ NOD32 Kernel Service, NOD32krn, ““I:\Program Files\Eset\nod32krn.exe”” ["Eset "] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 6 seconds. ---------- (total run time: 63 seconds)
będę bardzo wdzięczna za pomoc…
pozdrawiam
adam9870
(adam9870)
7 Luty 2007 19:44
#2
Logi są czyste.
Start => Uruchom => wpisz services.msc => zatrzymaj i wyłącz usługę Posłaniec.
Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jeżeli któryś z nich będzie na żółto to go zostaw). Po użyciu narzędzia wymagany jest restart.
Dodatkowo proponuję zainstalować dodatek Service Pack 2. Poprawia on bezpieczeństwo w systemie etc.