System nie może odnaleźć ibm00001.exe , komp wolno chodzi

Dla specjalistów Bezpieczeństwo
#1

za każdym włączeniem pokazuje się że system nie może odnaleźć ibm00001.exe do tego komputer od jakiegoś czasu wolniej chodzi oraz dość długo trzeba czekać na otworzenie się strony internetowej. Bede wdzięczna za jakąś pomoc. przesyłam wiec log

Logfile of HijackThis v1.99.1

Scan saved at 13:20:24, on 2006-09-07

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\autoclk.exe

C:\PROGRA~1\WANADOO\TaskbarIcon.exe

C:\program files\ssantydialer\ssantydialer.exe

C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

C:\WINDOWS\System32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\svcchost.exe

C:\WINDOWS\System32\w?aclt.exe

C:\Program Files\File Sharing Revolution\Shareaza.exe

C:\Program Files\Save\Save.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\DSLMON.exe

C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Wanadoo\ComComp.exe

C:\Program Files\Wanadoo\EspaceWanadoo.exe

C:\Program Files\Wanadoo\Watch.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Documents and Settings\Ewa\Ustawienia lokalne\Temp\Katalog tymczasowy 2 dla hijackthis.zip\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"

O2 - BHO: (no name) - {0634A1E8-2B3F-30C8-0681-30B8FBC0A4FC} - C:\WINDOWS\System32\zvwlm.dll

O2 - BHO: (no name) - {117520BD-F935-B1C1-00C1-E4D5BDA6B3FA} - C:\WINDOWS\System32\etzoun.dll (file missing)

O2 - BHO: (no name) - {19E83753-EEDB-FD72-EAFF-F7642659BDFE} - C:\WINDOWS\System32\bejqb.dll (file missing)

O2 - BHO: (no name) - {25545FDA-D100-9CA6-6F77-9F02C0D181AF} - C:\WINDOWS\System32\hejmfms.dll (file missing)

O2 - BHO: (no name) - {2CF1CBBA-1C6B-0D99-0441-0C9B397D8FAB} - C:\WINDOWS\System32\tlecpwyi.dll (file missing)

O2 - BHO: (no name) - {331991E8-060C-05FC-2BB1-0095CBF089CC} - C:\WINDOWS\System32\zvwlm.dll

O2 - BHO: (no name) - {361993E8-060F-73FC-2BB5-7695CF8689C9} - C:\WINDOWS\System32\zvwlm.dll

O2 - BHO: (no name) - {5362AFE9-743F-61CA-0681-30B8FBC0A4FD} - C:\WINDOWS\System32\zvwlm.dll

O2 - BHO: (no name) - {634F9DE9-590F-22FE-2BB5-7695CF8689C8} - C:\WINDOWS\System32\zvwlm.dll

O2 - BHO: (no name) - {664F9FE9-590C-54FE-2BB1-0095CBF089CD} - C:\WINDOWS\System32\zvwlm.dll

O2 - BHO: (no name) - {9FC3BAE3-3E35-7E96-5A64-7EEC5E6160FA} - C:\WINDOWS\System32\kzn.dll (file missing)

O2 - BHO: (no name) - {A3222D4C-FD9D-BF3E-F43E-BB80E88B0CF4} - C:\WINDOWS\System32\vuejwqjq.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll

O2 - BHO: (no name) - {C8797F42-AD98-EF61-FE7E-BF30B37168F7} - C:\WINDOWS\System32\zsrene.dll (file missing)

O2 - BHO: (no name) - {D336A271-73F7-6651-CCED-66EDFEA671A4} - C:\WINDOWS\System32\xrlga.dll (file missing)

O2 - BHO: (no name) - {DB8694A3-407C-0F8A-4535-5B9E198925F7} - C:\WINDOWS\System32\afyzhk.dll (file missing)

O2 - BHO: (no name) - {F58685CD-044E-45B4-73F6-47EF4ED002A3} - C:\WINDOWS\System32\aeyc.dll (file missing)

O2 - BHO: (no name) - {FBF0A3AA-7025-31D3-4BF5-3788685B08A3} - C:\WINDOWS\System32\ybfhbi.dll (file missing)

O3 - Toolbar: iCompanion - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRA~1\ICOMPA~1\TOOLBAR.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [autoclk] autoclk.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe

O4 - HKLM\..\Run: [SSAntyDialer] "c:\program files\ssantydialer\ssantydialer.exe" tray

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\SYSTEM\Kernel32.dll

O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O5 "LPT1:" /M "Stylus C64"

O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\xuodeszm.exe

O4 - HKLM\..\Run: [Msn Patch] msndp.exe

O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [msconfig38] mssvcc.exe

O4 - HKLM\..\Run: [secures23] mssecure.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [msvcc25] svcchost.exe

O4 - HKLM\..\RunServices: [Msn Patch] msndp.exe

O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe

O4 - HKLM\..\RunServices: [secures23] mssecure.exe

O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe

O4 - HKCU\..\Run: [Kaoy] C:\WINDOWS\System32\w?aclt.exe

O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\File Sharing Revolution\Shareaza.exe" -tray

O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\DSLMON.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &RSDN Search - res://C:\PROGRA~1\ICOMPA~1\TOOLBAR.DLL/GoRSDN.dll.htm

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O15 - Trusted Zone: *.gateone.ath.cx

O15 - Trusted Zone: *.loudcash.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.zangocash.com

O15 - Trusted Zone: *.gateone.ath.cx (HKLM)

O15 - Trusted Zone: *.loudcash.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted Zone: *.zangocash.com (HKLM)

O16 - DPF: Win32 Classes - 

O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab

O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://C:\nosuch.mht!http://62.111.159.90/sc12/x.chm::/open.exe

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicUnlimited/ie/bridge-c5.cab

O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab

O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab

O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab

O16 - DPF: {42B1C70D-9823-41F7-810A-682DA294D868} - ms-its:mhtml:file://c:\nosuxxx.mht!http://kazaalite.pl/stats/pt.chm::/toolbar.exe

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.modgik.lodz.pl/Mapa/mgaxctrl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127651454577

O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab

O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masminutos.com/laaplicacion.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - ms-its:mhtml:file://c:\nosuxxx.mht!http://kazaalite.pl/stats/mt.chm::/MediaTicketsInstaller.cab

O16 - DPF: {DA694446-E25F-11D5-8FF6-0001021C7D4C} (Modem Access) - ms-its:mhtml:file://c:\nosuxxx.mht!http://kazaalite.pl/stats/kgr.chm::/accessmul.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{14CF9ADA-A5F2-4029-B558-60B91D8F23E6}: NameServer = 194.204.152.34 217.98.63.164

O17 - HKLM\System\CS1\Services\Tcpip\..\{14CF9ADA-A5F2-4029-B558-60B91D8F23E6}: NameServer = 194.204.152.34 217.98.63.164

O18 - Protocol: bw+0 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {EDD512B5-E382-476D-9B74-DF47E9A5B1CC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\System32\textwareilluminatorbaseProtocol.dll

O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)
#2

masz wirusa;

Koń trojański wykradający informacje z zainfekowanego komputera.

Uruchomiony, tworzy w folderze C:\Program Files\Common Files\Microsoft Shared\Web Folders pliki:

ibm00003.dll,

ibm00001.exe,

ibm00004.dll.

By uruchamiać się z każdym startem systemu, w rejestrze tworzy wpis:

“Shell” = “ibm00001.exe”

w lokalizacji:

HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Run

modyfikuje również wpis “Shell” w lokalizacji:

HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\ Winlogon

dodając do niego plik ibm00001.exe, poprzedzając go dużą ilością spacji, tak by nie było widać że wpis został zmodyfikowany.

pousuwaj wszystkie ibm 0000x i skasuj wpisy w rejestrze

#3

Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (jeżeli jakieś znaczki są żółte, to niech takie zostaną). Po użyciu tego narzędzia wymagany jest reset sysa.

Start --> uruchom --> services.msc --> zatrzymaj i wyłącz usługe Win32Sr

W trybie awaryjnym z wyłączonym przywracaniem systemu usuwasz (wpisy Hijackiem, pliki/foldery na czerwono ręcznie z dysku):

Możesz odinstalować Desktop Messenger od logitecha :slight_smile:

Skan EWIDO po update :slight_smile:

Po zabiegach nowy log z Hijacka + log z Silent Runners

#4

mogę prosić o bardziej szczegółowe informacje w zwiazku z przywracaniem systemu w trybie awaryjnym (czyli jak i co trzeba zrobić)… z góry dziekuje

#5

Wyłączasz przywracanie systemu:

Włączasz tryb awaryjny:

Następnie robisz wszystko tak, jak napisałem :slight_smile: