Bakas
(Bartek Smolen)
7 Czerwiec 2006 15:41
#1
TUtaj moj log:
Logfile of HijackThis v1.99.1 Scan saved at 17:25:38, on 2006-03-19 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\program files\softwin\bitdefender9\bdswitch.exe C:\Program Files\Softwin\BitDefender9\bdoesrv.exe C:\program files\softwin\bitdefender9\bdnagent.exe C:\Program Files\KMaestro\KMaestro.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe C:\Program Files\Hamachi\hamachi.exe C:\WINDOWS\system32\RaConfig.exe C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe F:\Gadu-Gadu\gg.exe C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender9\vsserv.exe c:\program files\softwin\bitdefender9\bdmcon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\BitComet\BitComet.exe C:\Documents and Settings\Bartek\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM…\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [bDSwitchAgent] “c:\program files\softwin\bitdefender9\bdswitch.exe” O4 - HKLM…\Run: [bDOESRV] “C:\Program Files\Softwin\BitDefender9\bdoesrv.exe” O4 - HKLM…\Run: [bDNewsAgent] “c:\program files\softwin\bitdefender9\bdnagent.exe” O4 - HKLM…\Run: [bDMCon] “C:\Program Files\Softwin\BitDefender9\bdmcon.exe” O4 - HKLM…\Run: [btcMaestro] C:\Program Files\KMaestro\KMaestro.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [TuneUp MemOptimizer] “C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe” autostart O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe O4 - Startup: Y’z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe O4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O4 - Global Startup: RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing) O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing) O15 - Trusted Zone: http://bezpieczenstwo.onet.pl O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://bezpieczenstwo.onet.pl/skaner/ArcaOnline.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 8280687117 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip…{444AC584-B716-4C48-9616-DFBDC4F30748}: NameServer = 194.204.152.34,194.204.159.1 O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
jeśli jest coś niebezpiecznego -prosze o pomoc
Bieniol
(Bbieniol)
7 Czerwiec 2006 15:45
#2
Kosmetycznie usuń ten wpis:
Dodatkowo możesz usunąć resztki po FlashGecie:
Czy jest jakiś problem?
PS> Jak na moje oko, to masz dwa Antywirusy - odinstaluj jeden, bo się będą gryzły
Bakas
(Bartek Smolen)
7 Czerwiec 2006 15:55
#3
jak ma to usunąć to pierwsze:O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) -jak to mama zrobić.Nawet nie wiem w jakim folderze to jest! pomocy.
A jeszcze nie na temat: jaki to jest wirus ktory powoduje ze pulpit się nie chce załadować(wszystko ok.do momentu wpisywania hasła i ładowania pulpitu) poprostu sie nie łądują ikony-i już miałm w ciągu miesiąca kompa formatowanego!!!naprawde potrzebuje pomocy!
wiecie jaki to wirus?
Bieniol
(Bbieniol)
7 Czerwiec 2006 16:06
#4
Odpalasz Hijacka --> Do a system scan only i zaznaczasz ten wpis:
I klikasz na dole “fix checked”
Ale w czym masz problem?
Są różne wirusy tego typu :roll:
Bakas
(Bartek Smolen)
7 Czerwiec 2006 16:48
#5
chodzi o tego wira,ktory mi pierdzieli wszyskto w kompie(nie ładuje sie pulpit) bo nie chce płacic co miesiąc 50 zł.
jak nazywa sie ten wirus i czy BitDefender 9 Internet Security go usunie (wykryje)?
Bieniol
(Bbieniol)
7 Czerwiec 2006 17:00
#6
Log z Hijacka jest czysty, więc nie widac, żebyś miał zaśmiecony komputer :roll:
Wrzuć jeszcze log z Silent Runners
Po raz kolejny powtarzam, że różnie wirusy mają różne działania i nie łatwo okreslić po działaniu co to za wirus
Bakas
(Bartek Smolen)
7 Czerwiec 2006 17:54
#7
Bieniol robie tak jak mi kazales z tym logiem i dalej mam te logi z flash geta i ten 02
Bieniol
(Bbieniol)
7 Czerwiec 2006 17:56
#8
A czy przypadkiem nie masz zainstalowanego FlashGeta? Bo jeżeli masz, to nie usuwaj tych wpisów
Usuwanie jest proste:
Ponawiam prośbę:
Bakas
(Bartek Smolen)
7 Czerwiec 2006 18:06
#9
prosze log z Silent Runner:
“Silent Runners.vbs”, revision 45, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “TuneUp MemOptimizer” = ““C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe” autostart” [“TuneUp Software GmbH”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “PWRISOVM.EXE” = “C:\Program Files\PowerISO\PWRISOVM.EXE” [“PowerISO Computing, Inc.”] “DAEMON Tools” = ““C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”] “BDSwitchAgent” = ““c:\program files\softwin\bitdefender9\bdswitch.exe”” [null data] “BDOESRV” = ““C:\Program Files\Softwin\BitDefender9\bdoesrv.exe”” [“SOFTWIN SRL”] “BDNewsAgent” = ““c:\program files\softwin\bitdefender9\bdnagent.exe”” [“SOFTWIN S.R.L”] “BDMCon” = ““C:\Program Files\Softwin\BitDefender9\bdmcon.exe”” [“SOFTWIN S.R.L.”] “BtcMaestro” = “C:\Program Files\KMaestro\KMaestro.exe” [“BTC”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {A5366673-E8CA-11D3-9CD9-0090271D075B}(Default) = (no title provided) -> {HKLM…CLSID} = “IeCatch2 Class” \InProcServer32(Default) = “C:\PROGRA~1\FlashGet\jccatch.dll” [“Amaze Soft”] {C333CF63-767F-4831-94AC-E683D962C63C}(Default) = “TGTSoft Explorer Toolbar Changer” -> {HKLM…CLSID} = “CoTGT_BHO Class” \InProcServer32(Default) = “C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{57C51AF9-DEF7-11D3-A801-00C04F163490}” = “Ghost Shell Extension” -> {HKLM…CLSID} = “PropPage Class” \InProcServer32(Default) = “C:\Program Files\Symantec\Norton Ghost 2003\GhoShExt.dll” [“Symantec Corporation”] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{21569614-B795-46b1-85F4-E737A8DC09AD}” = “Shell Search Band” -> {HKLM…CLSID} = “Shell Search Band” \InProcServer32(Default) = “C:\WINDOWS\system32\browseui.dll” [MS] “{640167b4-59b0-47a6-b335-a6b3c0695aea}” = “Portable Media Devices” -> {HKLM…CLSID} = “Portable Media Devices” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” = “Shell Extension for Malware scanning” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{7A4097B2-6022-4670-995F-DA363EBF947F}” = “Custom shell context menu extension” -> {HKLM…CLSID} = “Custom shell context menu extension” \InProcServer32(Default) = “C:\WINDOWS\system32\shctxex.dll” [empty string] “{19F500E0-9964-11cf-B63D-08002B317C03}” = “Desktop Icon Layout” -> {HKLM…CLSID} = “Desktop Icon Layout” \InProcServer32(Default) = “Layout.dll” [file not found] “{e82a2d71-5b2f-43a0-97b8-81be15854de8}” = “ShellLink for Application References” -> {HKLM…CLSID} = “ShellLink for Application References” \InProcServer32(Default) = “C:\WINDOWS\system32\dfshim.dll” [MS] “{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}” = “Shell Icon Handler for Application References” -> {HKLM…CLSID} = “Shell Icon Handler for Application References” \InProcServer32(Default) = “C:\WINDOWS\system32\dfshim.dll” [MS] “{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}” = “TuneUp Shredder Shell Context Menu Extension” -> {HKLM…CLSID} = “TuneUp Shredder Shell Context Menu Extension” \InProcServer32(Default) = ““C:\Program Files\TuneUp Utilities 2004\sdshelex.dll”” [“TuneUp Software GmbH”] “{ABC70703-32AF-11d4-90C4-D483A70F4825}” = “CMenuExtender” -> {HKLM…CLSID} = “CMenuExtender” \InProcServer32(Default) = “C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll” [“Revenger inc.”] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ INFECTION WARNING! “AppInit_DLLs” = “sockspy.dll” [null data] HKLM\System\CurrentControlSet\Control\Session Manager\ INFECTION WARNING! “BootExecute” = “autocheck autochk * SsiEfr.e” [file not found], [MS], [file not found], [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] INFECTION WARNING! WRNotifier\DLLName = “WRLogonNTF.dll” [“Webroot Software, Inc.”] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Custom shell context menu extension(Default) = “{7A4097B2-6022-4670-995F-DA363EBF947F}” -> {HKLM…CLSID} = “Custom shell context menu extension” \InProcServer32(Default) = “C:\WINDOWS\system32\shctxex.dll” [empty string] FileEncrypt(Default) = “{90A07ACC-0331-4aee-9AAD-A854A9C37667}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Advanced System Optimizer\ShellExt.dll” [“Systweak Inc”] Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ CMenuExtender(Default) = “{ABC70703-32AF-11d4-90C4-D483A70F4825}” -> {HKLM…CLSID} = “CMenuExtender” \InProcServer32(Default) = “C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll” [“Revenger inc.”] Custom shell context menu extension(Default) = “{7A4097B2-6022-4670-995F-DA363EBF947F}” -> {HKLM…CLSID} = “Custom shell context menu extension” \InProcServer32(Default) = “C:\WINDOWS\system32\shctxex.dll” [empty string] FileEncrypt(Default) = “{90A07ACC-0331-4aee-9AAD-A854A9C37667}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Advanced System Optimizer\ShellExt.dll” [“Systweak Inc”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ IconLayout(Default) = “{19F500E0-9964-11cf-B63D-08002B317C03}” -> {HKLM…CLSID} = “Desktop Icon Layout” \InProcServer32(Default) = “Layout.dll” [file not found] Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Bartek\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS] Startup items in “Bartek” & “All Users” startup folders: -------------------------------------------------------- C:\Documents and Settings\Bartek\Menu Start\Programy\Autostart “Stardock ObjectDock” -> shortcut to: “C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe” [“Stardock”] “Y’z ToolBar” -> shortcut to: “C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe” [“Y’z@Home”] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “hamachi” -> shortcut to: “C:\Program Files\Hamachi\hamachi.exe” [“Applied Networking”] “RaConfig” -> shortcut to: “C:\WINDOWS\system32\RaConfig.exe” [“Ralink Technology, Corp.”] Enabled Scheduled Tasks: ------------------------ “1-Click Maintenance” -> launches: “C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe /schedulestart” [“TuneUp Software GmbH”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}” -> {HKLM…CLSID} = “Java Plug-in 1.5.0_01” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll” [“Sun Microsystems, Inc.”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ Missing lines (compared with English-language version): HIJACK WARNING! “TuneUp” = “file://C|/Documents and Settings/All Users/Dane aplikacji/TuneUp Software/Common/base.css” [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir PersonalEdition Classic Service, AntiVirService, “C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe” [“AVIRA GmbH”] AntiVir Scheduler, AntiVirScheduler, “C:\Program Files\AntiVir PersonalEdition Classic\sched.exe” [“Avira GmbH”] Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\system32\Ati2evxx.exe” [“ATI Technologies Inc.”] BitDefender Communicator, XCOMM, ““C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe” /service” [“Softwin”] BitDefender Desktop Update Service, LIVESRV, ““C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe” /service” [“SOFTWIN S.R.L.”] BitDefender Scan Server, bdss, ““C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe” /service” [null data] BitDefender Virus Shield, VSSERV, ““C:\Program Files\Softwin\BitDefender9\vsserv.exe” /service” [“SOFTWIN S.R.L.”] BlueSoleil Hid Service, BlueSoleil Hid Service, “C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe” [null data] GhostStartService, GhostStartService, “C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe” [“Symantec Corporation”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS] StyleXPService, StyleXPService, ““C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe”” [empty string] Webroot Spy Sweeper Engine, svcWRSSSDK, “C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe” [“Webroot Software, Inc.”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] Keyboard Driver Filters: ------------------------ HKLM\System\CurrentControlSet\Control\Class{4D36E96B-E325-11CE-BFC1-08002BE10318}\ “UpperFilters” = INFECTION WARNING! “KeyMaestro” [file not found] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer “No” at the first message box. ---------- (total run time: 42 seconds, including 18 seconds for message boxes)
kuz5
(Kuz5)
7 Czerwiec 2006 18:38
#10
Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE
Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.
Widziałeś ten komunikat Ważny komunikat dotyczący tytułowania tematów zastosuj sie do niego => inaczej temat poleci do śmietnika :evil:
Log jest czysty
Skad ta pewność że to w ogóle syf powoduje ten problem, logi mówia co innego mianowicie że komp nie jest zainfekowany
Druga sprawa instalujecie te nakładki na windowsa zmieniajace jego wyglad, a później jest ździwienie że nie ma ikon itp.
Wyskakuja jakieś komunikaty ??
Zobacz błędy w podgladzie zdarzeń
A w trybie awaryjnym sa ikony ??
Przeleć system Skanerami OnLine
Bakas
(Bartek Smolen)
7 Czerwiec 2006 19:19
#11
Dzieki wam wszystkim za pomoc -jesteście naprawde super!
pozdro