Do czego służy program ADS? (procesem odpowiedzialnym jest ADS.exe z katalogu “C:\Windows”) Ten programik startuje wraz z systemem od niedawna (chyba po zainstalowaniu programu GoD (p2p) ale ten GoD wcale nie jest aktywny) Pomoże mi ktoś? :shock:
adam9870
(adam9870)
16 Grudzień 2006 10:19
#2
Ostatnio zastanawia mnie właśnie ten plik. Eksperci na Forum SE mówią go usuwać.
Proponuję przeskanować go na stronie:
http://virusscan.jotti.org/
a jeśli okaże się syfem to ściągasz program KillBox , zaznaczasz Delete on reboot , w polu full path of file wklej ścieżkę:
C:\WINDOWS\ADS.exe
kliknij czerwonego iksa i zgódź się na restart.
Potem proszę wkleić na Forum logi - HijackThis i SilentRunners (do tego tematu)
http://forum.dobreprogramy.pl/viewtopic.php?t=36654
Bieniol
(Bbieniol)
16 Grudzień 2006 10:38
#4
Zrób tak, jak napisał Adam i usuń ten plik Po usunięciu wklej logi, o które prosił
rixx
(Edlib)
16 Grudzień 2006 10:58
#5
zauważyłem, że problem ads.exe pojawia się coraz częściej- jest
kilka programów, których plik wykonawczy nazywa się własnie
tak; jest też na nieszczęście znany trojan o dokładnie tej samej nazwie
trojan jest mały(150-180kb) i lokuje się najczęściej w system32
(łatwiej się tam ukryć - dużo więcej plików);bezpieczne pliki są dużo
większe(najmniejszy znany mi - 780kb) i umieszczone z reguły w
Windows - są to najczęściej programy do obsługi baz danych;jeśli ktoś nie ma pojęcia, skąd to się wzięło na dysku i plik nie przekracza 200kb
najlepiej natychmiast usunąć
Ja swój usunąłem (po internetowym skanie, którego wyniki podałem)
adam9870
(adam9870)
16 Grudzień 2006 11:09
#7
Proszę wkleić do tego tematu nowe logi.
adam9870
(adam9870)
16 Grudzień 2006 11:29
#9
Użyj szczepionki przeciwko jeefo: http://wirusy.antivirenkit.pl/pl/szczepionki/Jeefo.html
Start => uruchom => wpisz cmd i kliknij ok => wpisz:
W killboxie tym razem wklej ścieżkę:
C:\WINDOWS\svchost.exe
Usuń w hjt.
Po wykonaniu proszę wkleić nowe logi.
Szczepionką od Jeefo (tą samą) skanowałem już kilka razy, za każdym bez wyników. Nie wiem dlaczego każdy, kto sprawdza moje logi poleca ten skan…
HJT
Logfile of HijackThis v1.99.1 Scan saved at 13:26:40, on 2006-12-16 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\Avast!\aswUpdSv.exe D:\Avast!\ashServ.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\Explorer.EXE D:\Avast!\ashMaiSv.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE D:\Avast!\ashDisp.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe D:\Avast!\ashWebSv.exe D:\Spybot- Search n’ destroy\TeaTimer.exe D:\Gadu 7.6\gg.exe D:\Spamihilator\spamihilator.exe D:\WinRAR\WinRAR.exe D:\Proccess viewer\PrcView.exe C:\WINDOWS\system32\wuauclt.exe D:\Opera\Opera.exe C:\Documents and Settings\Patryk\Pulpit\HijackThis.exe D:\EDGE Dialer\Edge.exe D:\Avast!\setup\avast.setup R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\DAP\dapiebar.dll O4 - HKLM…\Run: [FaxCenterServer] “C:\Program Files\Lexmark Fax Solutions\fm3032.exe” /s O4 - HKLM…\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM…\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [avast!] D:\Avast!\ashDisp.exe O4 - HKCU…\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU…\Run: [spybotSD TeaTimer] D:\Spybot- Search n’ destroy\TeaTimer.exe O4 - HKCU…\Run: [Gadu-Gadu] “D:\Gadu 7.6\gg.exe” /tray O4 - HKCU…\Run: [spamihilator] “D:\Spamihilator\spamihilator.exe” O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Clean Traces - D:\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - D:\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - D:\DAP\dapextie2.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O17 - HKLM\System\CCS\Services\Tcpip…{A8CDA970-C832-4911-9D5F-EC6DD8B10103}: NameServer = 194.9.223.79 217.17.34.10 O18 - Protocol: bw+0 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {B3B2E126-B627-4798-B4EF-FDCABB127FDC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Avast!\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - D:\Avast!\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:\Avast!\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:\Avast!\ashWebSv.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
SR
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “LDM” = “C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe” [“Logitech”] “SpybotSD TeaTimer” = “D:\Spybot- Search n’ destroy\TeaTimer.exe” [“Safer Networking Limited”] “Gadu-Gadu” = ““D:\Gadu 7.6\gg.exe” /tray” [“Gadu-Gadu S.A.”] “Spamihilator” = ““D:\Spamihilator\spamihilator.exe”” [“Michel Krämer”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “FaxCenterServer” = ““C:\Program Files\Lexmark Fax Solutions\fm3032.exe” /s” [null data] “(Default)” = “(empty string)” [file not found] “zBrowser Launcher” = “C:\Program Files\Logitech\iTouch\iTouch.exe” ["Logitech Inc. "] “EM_EXEC” = “C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE” ["Logitech Inc. "] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS] “avast!” = “D:\Avast!\ashDisp.exe” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL” [MS] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\WinRAR\rarext.dll” [null data] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “D:\Avast!\ashShell.dll” [“ALWIL Software”] “{23170F69-40C1-278A-1000-000100020000}” = “7-Zip Shell Extension” -> {HKLM…CLSID} = “7-Zip Shell Extension” \InProcServer32(Default) = “D:\7-zip\7-zip.dll” [“Igor Pavlov”] “{ACBA0BA3-ACED-4E02-9221-794F7588DD9C}” = “All To MP3 Converter” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\All to mp3\MP3ShellExt.dll” [empty string] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <> “AppInit_DLLs” = “C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL” [“Google”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “D:\Acrobat Reader 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ 7-Zip(Default) = “{23170F69-40C1-278A-1000-000100020000}” -> {HKLM…CLSID} = “7-Zip Shell Extension” \InProcServer32(Default) = “D:\7-zip\7-zip.dll” [“Igor Pavlov”] avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “D:\Avast!\ashShell.dll” [“ALWIL Software”] DAP_Menu(Default) = “{BED4C38B-F765-45AC-8C56-613F76BBF43E}” -> {HKLM…CLSID} = “DAPMenuShellExt Class” \InProcServer32(Default) = “D:\DAP\PRIVAC~1\DAPCTX~1.DLL” [“Speedbit Ltd.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\WinRAR\rarext.dll” [null data] ZMP3ShellExt(Default) = “{ACBA0BA3-ACED-4E02-9221-794F7588DD9C}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\All to mp3\MP3ShellExt.dll” [empty string] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ 7-Zip(Default) = “{23170F69-40C1-278A-1000-000100020000}” -> {HKLM…CLSID} = “7-Zip Shell Extension” \InProcServer32(Default) = “D:\7-zip\7-zip.dll” [“Igor Pavlov”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\WinRAR\rarext.dll” [null data] ZMP3ShellExt(Default) = “{ACBA0BA3-ACED-4E02-9221-794F7588DD9C}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\All to mp3\MP3ShellExt.dll” [empty string] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “D:\Avast!\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Patryk\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “Patryk” & “All Users” startup folders: -------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS] “Adobe Gamma Loader” -> shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”] Enabled Scheduled Tasks: ------------------------ “AppleSoftwareUpdate” -> launches: “C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task” [“Apple Computer, Inc.”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{62999427-33FC-4BAF-9C9C-BCE6BD127F08}” = “DAP Bar” -> {HKLM…CLSID} = “DAP Bar” \InProcServer32(Default) = “D:\DAP\dapiebar.dll” [empty string] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.5.0_09” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_09” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll” [“Sun Microsystems, Inc.”] {B205A35E-1FC4-4CE3-818B-899DBBB3388C}\ {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““D:\Avast!\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““D:\Avast!\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““D:\Avast!\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““D:\Avast!\ashWebSv.exe” /service” [“ALWIL Software”] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] SecuROM User Access Service (V7), UserAccess7, “C:\WINDOWS\system32\UAService7.exe” [“Sony DADC Austria AG.”] SoundMAX Agent Service, SoundMAX Agent Service (default), “C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe” [“Analog Devices, Inc.”] Keyboard Driver Filters: ------------------------ HKLM\System\CurrentControlSet\Control\Class{4D36E96B-E325-11CE-BFC1-08002BE10318}\ “UpperFilters” = <> “Lkbdflt2” [“Logitech”] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Lexmark Network Port\Driver = “LEXLMPM.DLL” [“Lexmark International, Inc.”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 102 seconds. ---------- (total run time: 157 seconds)
Joan
(Joan Sunshine)
16 Grudzień 2006 12:53
#11
Dlatego, że wpis wskazuje na wirusa jeefo, a szczepionka jest po to, żeby go wykosić
Czysto.
Przeczyść rejestr – użyj do tego jv16 PowerTools 2006 1.5.2.344.
Pozatym przejrzyj: Lista zbędników w autostarcie oraz Optymalizacja XP.
Wejdź: Start > uruchom > msconfig i w zakładce „Uruchamianie” odznacz, niepotrzebne według Ciebie, programy w autostarcie.