Prosze o spraw.loga


(Tomh2o) #1

LOG

====================================

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.

Widziałeś ten komunikat Ważny komunikat dotyczący tytułowania tematów zastosuj sie do niego => inaczej temat poleci do śmietnika :evil:

Pozdrawiam kuz5


(Bbieniol) #2

Widziałeś ten komunikat Ważny komunikat dotyczący tytułowania tematów zastosuj sie do niego

Jak na moje oko, to log czysty :slight_smile:

Zainstaluj nowszą wersję Internet Explorer

Jaki problem?


(Tomh2o) #3

SORKI JUZ nie uzyje[prosze o spr.loga].ale dalem log poniewarz niektore skanery mi wykrywaja ze mam szpiega tylko darmowki nie usowaja ich.a zaczely sie moje podejzenia od odczytania poczty jak chce otworzyc jakas wiadomosc to slychac dzwiek[pum]i wiadomosc sie nie otwiera skanowalem panda 21 szpiegow pozniej adwards 13szpiegow cos jest nie tak mysle ze opisalem dokladnie co mi dolega .jest na to jakies lekarstwo.dzieki za wyrozumialosc


(Bbieniol) #4

Wrzuć jeszcze log z Silent Runners


(Tomh2o) #5

log

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/

Operating System: Windows Me (Millennium Edition)

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"LanLite" = "lanlite.exe" [","]

"Taskbar Display Controls" = "RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY" [MS]

"Gadu-Gadu" = ""C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray" ["sms-express.com"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Windows Millennium Edition Intro Video" = "C:\WINDOWS\Applic~1\Micros~1\Intro\content.hta" [file not found]

"SelfHostUtil" = "C:\WINDOWS\selfhost.exe /L" [MS]

"TaskMonitor" = "C:\WINDOWS\taskmon.exe" [MS]

"PCHealth" = "C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s" [MS]

"SystemTray" = "SysTray.Exe" [MS]

"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]

"CloneCDTray" = ""C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s" ["SlySoft, Inc."]

"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++}

"HiberMonitor" = "C:\WINDOWS\HCount.exe" [null data]

"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]

"SchedulingAgent" = "mstask.exe" [MS]

"SSDPSRV" = "C:\WINDOWS\SYSTEM\ssdpsrv.exe" [MS]

"*StateMgr" = "C:\WINDOWS\System\Restore\StateMgr.exe" [MS]

HKLM\Software\Microsoft\Active Setup\Installed Components\

PerUser_CVT_Inis(Default) = "Instalator systemu Windows — Konwerter FAT32"

\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf" [MS]

{44BBA840-CC51-11CF-AAFA-00AA00B6015C}(Default) = "Microsoft Outlook Express 5"

\StubPath = ""C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:WIN9X /user /uninstall" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = "Yahoo! Toolbar Helper" [from CLSID]

-> {CLSID}\InProcServer32(Default) = "C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL" ["Yahoo! Inc."]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = "SSVHelper Class" [from CLSID]

-> {CLSID}\InProcServer32(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices"

-> {CLSID}\InProcServer32(Default) = "C:\WINDOWS\SYSTEM\UPNPUI.DLL" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {CLSID}\InProcServer32(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {CLSID}\InProcServer32(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {CLSID}\InProcServer32(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {CLSID}\InProcServer32(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data]

Active Desktop and Wallpaper:


Active Desktop is enabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\Moje dokumenty\Moje obrazy\1024_wall_4.jpg"

WIN.INI & SYSTEM.INI launch points:


WIN.INI

[windows]

INFECTION WARNING! "load=ptsnoop.exe" [null data]

INFECTION WARNING! "run=C:\WINDOWS\SYSTEM\cmmpu.exe hpfsched" [null data], [null data]

Enabled Scheduled Tasks:


"XoftSpy" -> launches: "C:\PROGRAM FILES\XOFTSPY\XoftSpy.exe -t" ["ParetoLogic Inc."]

"Rozpoczęcie aplikacji dostrajania" -> launches: "walign" [MS]

"Harmonogram programu PCHealth dla zbierania danych" -> launches: "C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE -c" [MS]

Winsock2 Service Provider DLLs:


Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "C:\WINDOWS\SYSTEM\rnr20.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range:

C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1

C:\WINDOWS\SYSTEM\msafd.dll [MS], 2 - 4

C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 5 - 6

Toolbars, Explorer Bars, Extensions:


Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]

-> {CLSID}\InProcServer32(Default) = "C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLENAV.DLL" ["Google Inc."]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Toolbar" [from CLSID]

-> {CLSID}\InProcServer32(Default) = "C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL" ["Yahoo! Inc."]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]

-> {CLSID}\InProcServer32(Default) = "C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLENAV.DLL" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]

-> {CLSID}\InProcServer32(Default) = "C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLENAV.DLL" ["Google Inc."]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Toolbar" [from CLSID]

-> {CLSID}\InProcServer32(Default) = "C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL" ["Yahoo! Inc."]

Miscellaneous IE Hijack Points


HKLM\Software\Microsoft\Internet Explorer\Version = (invalid data)

The Internet Explorer version cannot be found!

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

The contents of IERESET.INF cannot be reliably checked!

Added lines (compared with English-language version):

Missing lines (compared with English-language version):

lines


  • This report excludes default entries except where indicated.

  • To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

  • To search all directories of local fixed drives for DESKTOP.INI

DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 45 seconds, including 6 seconds for message boxes)


(Monczkin) #6

tomh2o zostałeś poproszony o przestrzeganie pewnych zasad - proszę poprawić posty i poprawić błędy - na forum używamy polskiej pisowni


(Gblade) #7

Reszta loga ok


(Bbieniol) #8

Wygląda na to, że wszystko jest już dobrze... :slight_smile:

Przeskanuj jeszcze dysk: Ad-aware SE Personal 1.06 oraz Spybot Search & Destroy 1.4