Złapałem jakieś dziadostwo i sam sobie z tym nie poradzę, dlatego prosiłbym o pomoc.
Oto skan z Nod’a32 (całego nie wklejałem, tylko wykryte infekcje):
Skan z HiJackThis:
Logfile of HijackThis v1.99.1 Scan saved at 19:29:27, on 2007-01-25 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\SOUNDMAN.EXE D:\Programy\PowerDVD\PDVDServ.exe D:\Programy\Ad-Aware SE Professional\Ad-Watch.exe C:\Program Files\Creative\Mouse Optical\mouse_2k.exe D:\Programy\Eset\nod32kui.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\alg.exe d:\Programy\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Cyberlink\Shared files\RichVideo.exe d:\Programy\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe D:\Programy\Firefox\firefox.exe D:\Programy\Gadu-Gadu\gg.exe C:\Documents and Settings\Grzesiek\Pulpit\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F3 - REG:win.ini: load=d:\programy\YDPDict\watch.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programy\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [RemoteControl] d:\Programy\PowerDVD\PDVDServ.exe O4 - HKLM…\Run: [LanguageShortcut] d:\Programy\PowerDVD\Language\Language.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [PCSuiteTrayApplication] D:\Programy\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM…\Run: [AWMON] “D:\Programy\Ad-Aware SE Professional\Ad-Watch.exe” O4 - HKLM…\Run: [CreativeMouse] C:\Program Files\Creative\Mouse Optical\mouse_2k.exe O4 - HKLM…\Run: [nod32kui] “d:\Programy\Eset\nod32kui.exe” /WAITSERVICE O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [bitTorrent] “d:\Programy\BitTorrent\bittorrent.exe” --force_start_minimized O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Programy\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - d:\Programy\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - d:\Programy\Spyware Doctor\sdhelp.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: Windows Messenger - Unknown owner - C:\WINDOWS\msnmsgr.exe (file missing)
i Sillent Runners:
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS] “BitTorrent” = ““d:\Programy\BitTorrent\bittorrent.exe” --force_start_minimized” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” [MS] “RemoteControl” = “d:\Programy\PowerDVD\PDVDServ.exe” [“Cyberlink Corp.”] “LanguageShortcut” = “d:\Programy\PowerDVD\Language\Language.exe” [null data] “NWEReboot” = “(empty string)” [file not found] “NeroFilterCheck” = “C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [“Nero AG”] “PCSuiteTrayApplication” = “D:\Programy\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup” [“Nokia”] “AWMON” = ““D:\Programy\Ad-Aware SE Professional\Ad-Watch.exe”” [“Lavasoft Sweden”] “CreativeMouse” = “C:\Program Files\Creative\Mouse Optical\mouse_2k.exe” [empty string] “nod32kui” = ““d:\Programy\Eset\nod32kui.exe” /WAITSERVICE” ["Eset "] HKLM\Software\Microsoft\Active Setup\Installed Components\ >{26923b43-4d38-484f-9b9e-de460746276c}(Default) = “Internet Explorer” \StubPath = “C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “D:\Programy\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “d:\Programy\WinRAR\rarext.dll” [null data] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “D:\Programy\ALCOHO~1\ALCOHO~1\AXShlEx.dll” [“Alcohol Soft Development Team”] “{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}” = “PhoneBrowser” -> {HKLM…CLSID} = “Nokia Phone Browser” \InProcServer32(Default) = “D:\Programy\Nokia\Nokia PC Suite 6\PhoneBrowser.dll” [“Nokia”] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS] “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” = “NOD32 Context Menu Shell Extension” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “d:\Programy\Eset\nodshex.dll” [null data] HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <> “load” = “d:\programy\YDPDict\watch.exe” [null data] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “D:\Programy\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “d:\Programy\Eset\nodshex.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “d:\Programy\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “d:\Programy\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “d:\Programy\Eset\nodshex.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “d:\Programy\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp” Startup items in “Grzesiek” & “All Users” startup folders: ---------------------------------------------------------- C:\Documents and Settings\Grzesiek\Menu Start\Programy\Autostart “Adobe Gamma” -> shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Reader Speed Launch” -> shortcut to: “D:\Programy\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\System32\imon.dll ["Eset "], 01 - 05, 12 %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11, 13 - 26 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_06” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Cyberlink RichVideo Service(CRVS), RichVideo, ““C:\Program Files\Cyberlink\Shared files\RichVideo.exe”” [empty string] NOD32 Kernel Service, NOD32krn, ““d:\Programy\Eset\nod32krn.exe”” ["Eset "] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”] PC Tools Spyware Doctor, SDhelper, “d:\Programy\Spyware Doctor\sdhelp.exe” [“PC Tools Research Pty Ltd”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\System32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt09\Driver = “hpzsnt09.dll” [“HP”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 52 seconds. ---------- (total run time: 295 seconds)
adam9870
(adam9870)
25 Styczeń 2007 19:35
#2
Przeskanuj plik na stronie http://virusscan.jotti.org/ , a jeśli okaże się szkodnikiem to start >>> uruchom >>> services.msc => zatrzymaj i wyłącz usługę Windows Messenger. Następnie plik skasuj ręcznie z dysku będąc w trybie awaryjnym, a wpisy HJT.
Spyware Doctor jest programem wątpliwej reputacji dlatego proponuję go usunąć. Sposób usunięcia jest podany tutaj:
http://forum.dobreprogramy.pl/viewtopic … 332#791332
Możesz wrzucić jeszcze log z ComboFix , ponieważ mogą być jeszcze jakieś pliki z losową nazwą podobne do tych wykrytych przez NOD’a. Aby zrobić w nim log należy go uruchomić => nacisnąć klawisz Y => czekać cierpliwie i log powinien być w formie pliku .txt o nazwie combofix na partycji C.
adam9870:
Cytat: O23 - Service: Windows Messenger - Unknown owner - C:\WINDOWS\msnmsgr.exe (file missing) Przeskanuj plik na stronie http://virusscan.jotti.org/ , a jeśli okaże się szkodnikiem to start >>> uruchom >>> services.msc => zatrzymaj i wyłącz usługę Windows Messenger. Następnie plik skasuj ręcznie z dysku będąc w trybie awaryjnym, a wpisy HJT.
Nie mogę go przeskanować ponieważ “(file missing)” <- nie ma go!!
A tutaj skany:
NOD32
Czysto (trochę nim poskanowałem, poleczyłem i jest OK narazie).
HJT
Logfile of HijackThis v1.99.1 Scan saved at 21:52:40, on 2007-01-25 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\SOUNDMAN.EXE D:\Programy\PowerDVD\PDVDServ.exe D:\Programy\Ad-Aware SE Professional\Ad-Watch.exe C:\Program Files\Creative\Mouse Optical\mouse_2k.exe D:\Programy\Eset\nod32kui.exe C:\WINDOWS\System32\ctfmon.exe d:\Programy\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Cyberlink\Shared files\RichVideo.exe C:\WINDOWS\System32\svchost.exe D:\Programy\Firefox\firefox.exe D:\Programy\Eset\nod32.exe C:\Documents and Settings\Grzesiek\Pulpit\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F3 - REG:win.ini: load=d:\programy\YDPDict\watch.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programy\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [RemoteControl] d:\Programy\PowerDVD\PDVDServ.exe O4 - HKLM…\Run: [LanguageShortcut] d:\Programy\PowerDVD\Language\Language.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [PCSuiteTrayApplication] D:\Programy\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM…\Run: [AWMON] “D:\Programy\Ad-Aware SE Professional\Ad-Watch.exe” O4 - HKLM…\Run: [CreativeMouse] C:\Program Files\Creative\Mouse Optical\mouse_2k.exe O4 - HKLM…\Run: [nod32kui] “d:\Programy\Eset\nod32kui.exe” /WAITSERVICE O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [bitTorrent] “d:\Programy\BitTorrent\bittorrent.exe” --force_start_minimized O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Programy\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - d:\Programy\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Silent Runners
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS] “BitTorrent” = ““d:\Programy\BitTorrent\bittorrent.exe” --force_start_minimized” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” [MS] “RemoteControl” = “d:\Programy\PowerDVD\PDVDServ.exe” [“Cyberlink Corp.”] “LanguageShortcut” = “d:\Programy\PowerDVD\Language\Language.exe” [null data] “NWEReboot” = “(empty string)” [file not found] “NeroFilterCheck” = “C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [“Nero AG”] “PCSuiteTrayApplication” = “D:\Programy\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup” [“Nokia”] “AWMON” = ““D:\Programy\Ad-Aware SE Professional\Ad-Watch.exe”” [“Lavasoft Sweden”] “CreativeMouse” = “C:\Program Files\Creative\Mouse Optical\mouse_2k.exe” [empty string] “nod32kui” = ““d:\Programy\Eset\nod32kui.exe” /WAITSERVICE” ["Eset "] HKLM\Software\Microsoft\Active Setup\Installed Components\ >{26923b43-4d38-484f-9b9e-de460746276c}(Default) = “Internet Explorer” \StubPath = “C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “D:\Programy\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “d:\Programy\WinRAR\rarext.dll” [null data] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “D:\Programy\ALCOHO~1\ALCOHO~1\AXShlEx.dll” [“Alcohol Soft Development Team”] “{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}” = “PhoneBrowser” -> {HKLM…CLSID} = “Nokia Phone Browser” \InProcServer32(Default) = “D:\Programy\Nokia\Nokia PC Suite 6\PhoneBrowser.dll” [“Nokia”] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS] “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” = “NOD32 Context Menu Shell Extension” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “d:\Programy\Eset\nodshex.dll” [null data] HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <> “load” = “d:\programy\YDPDict\watch.exe” [null data] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “D:\Programy\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “d:\Programy\Eset\nodshex.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “d:\Programy\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “d:\Programy\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “d:\Programy\Eset\nodshex.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “d:\Programy\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp” Startup items in “Grzesiek” & “All Users” startup folders: ---------------------------------------------------------- C:\Documents and Settings\Grzesiek\Menu Start\Programy\Autostart “Adobe Gamma” -> shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Reader Speed Launch” -> shortcut to: “D:\Programy\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\System32\imon.dll ["Eset "], 01 - 05, 12 %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11, 13 - 26 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_06” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Cyberlink RichVideo Service(CRVS), RichVideo, ““C:\Program Files\Cyberlink\Shared files\RichVideo.exe”” [empty string] NOD32 Kernel Service, NOD32krn, ““d:\Programy\Eset\nod32krn.exe”” ["Eset "] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\System32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt09\Driver = “hpzsnt09.dll” [“HP”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 224 seconds, including 3 seconds for message boxes)
Combofix
“Grzesiek” - 07-01-25 21:58:22 Dodatek Service Pack. 1 ComboFix 07-01-25 - Running from: “C:\Documents and Settings\Grzesiek\Pulpit\HijackThis” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32~.exe ((((((((((((((((((((((((((((((( Files Created from 2006-12-25 to 2007-01-25 )))))))))))))))))))))))))))))))))) 2007-01-25 21:09 2007-01-25 19:23 2007-01-19 22:39 2007-01-19 22:39 2007-01-18 22:05 2007-01-18 22:05 2007-01-18 22:03 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll 2007-01-18 22:03 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2007-01-18 22:03 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll 2007-01-18 21:58 286,720 --a------ C:\WINDOWS\iun507.exe 2007-01-10 16:35 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-01-10 16:35 270,336 --a------ C:\WINDOWS\system32\imon.dll 2007-01-07 16:41 65,536 --a------ C:\WINDOWS\system32\BitSys.dll 2007-01-07 16:04 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-01-07 16:04 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-01-23 17:22 -------- d-------- C:\DOCUME~1\Grzesiek\Dane aplikacji\skype 2007-01-21 19:57 -------- d—s---- C:\DOCUME~1\Grzesiek\Dane aplikacji\microsoft 2007-01-15 21:11 -------- d-------- C:\Program Files\hero editor 2007-01-07 16:43 73216 --a------ C:\WINDOWS\st6unst.exe 2006-12-05 23:06 249856 --------- C:\WINDOWS\setup1.exe 2006-12-04 01:21 43520 --a------ C:\WINDOWS\system32\cmdlineext03.dll 2006-12-04 01:18 21840 --a----t- C:\WINDOWS\system32\sintfnt.dll 2006-12-04 01:18 17212 --a----t- C:\WINDOWS\system32\sintf32.dll 2006-12-04 01:18 12067 --a----t- C:\WINDOWS\system32\sintf16.dll 2006-12-04 01:17 2829 --a------ C:\WINDOWS\diiunin.pif 2006-12-04 01:17 106496 --a------ C:\WINDOWS\diiunin.exe 2006-12-03 21:00 -------- d-------- C:\DOCUME~1\Grzesiek\Dane aplikacji\adobe 2006-12-03 18:25 -------- d-------- C:\DOCUME~1\Grzesiek\Dane aplikacji\nokia multimedia player 2006-12-02 21:15 17216 --a------ C:\DOCUME~1\Grzesiek\Dane aplikacji\gdipfontcachev1.dat 2006-11-30 17:07 -------- d-------- C:\DOCUME~1\Grzesiek\Dane aplikacji\identities 2006-11-30 15:47 -------- d-------- C:\Program Files\Common Files\adobe 2006-11-30 15:43 -------- d-------- C:\Program Files\Common Files\adobe systems shared 2006-11-21 22:30 65536 --a------ C:\WINDOWS\dtdraw.dll 2006-10-31 19:28 60416 --a------ C:\WINDOWS\alcfdrtm.exe 2006-10-31 19:15 0 -rahs---- C:\MSDOS.SYS 2006-10-31 19:15 0 -rahs---- C:\IO.SYS 2006-10-31 19:15 0 --a------ C:\CONFIG.SYS 2006-10-31 19:15 0 --a------ C:\AUTOEXEC.BAT 2006-10-31 18:53 62 --ahs---- C:\DOCUME~1\Grzesiek\Dane aplikacji\desktop.ini (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” “BitTorrent”="“d:\Programy\BitTorrent\bittorrent.exe” --force_start_minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “SoundMan”=“SOUNDMAN.EXE” “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” “nwiz”=“nwiz.exe /install” “NvMediaCenter”=“RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” “RemoteControl”=“d:\Programy\PowerDVD\PDVDServ.exe” “LanguageShortcut”=“d:\Programy\PowerDVD\Language\Language.exe” “NWEReboot”="" “NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” “PCSuiteTrayApplication”=“D:\Programy\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup” “AWMON”="“D:\Programy\Ad-Aware SE Professional\Ad-Watch.exe”" “CreativeMouse”=“C:\Program Files\Creative\Mouse Optical\mouse_2k.exe” “nod32kui”="“d:\Programy\Eset\nod32kui.exe” /WAITSERVICE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 Completion time: 07-01-25 21:58:59
adam9870
(adam9870)
25 Styczeń 2007 21:13
#4
W tej wersji hijacka jest błąd polegający na tym, że wpisy O23 mimo, że są to pokazuje je jako (file missing).
Usuń folder ręcznie z dysku.
Poza tym w logu ComboFix widzę:
przeskanuj je na stronie http://www.virustotal.com/ lub http://virusscan.jotti.org/ i te, które okażą się szkodnikami - usuń ręcznie w trybie awaryjnym i pokaż nowy log.
Jednak nie potrafię znaleźć takiego pliku tam gdzie pokazuje HJT i w żadnym innym miejscu może jednak go nie ma.
Usunięte
Wykazało że pliki nieszkodliwe (są to niby pliki z DiabloII uninstall) ale wywaliłem.
A teraz logi:
NOD32
HJT
Logfile of HijackThis v1.99.1 Scan saved at 22:51:16, on 2007-01-25 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\SOUNDMAN.EXE D:\Programy\PowerDVD\PDVDServ.exe D:\Programy\Ad-Aware SE Professional\Ad-Watch.exe C:\Program Files\Creative\Mouse Optical\mouse_2k.exe D:\Programy\Eset\nod32kui.exe C:\WINDOWS\System32\ctfmon.exe d:\Programy\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Cyberlink\Shared files\RichVideo.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe D:\Programy\Winamp\winamp.exe D:\Programy\Gadu-Gadu\gg.exe D:\Programy\Firefox\firefox.exe D:\Programy\Eset\nod32.exe C:\Documents and Settings\Grzesiek\Pulpit\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programy\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [RemoteControl] d:\Programy\PowerDVD\PDVDServ.exe O4 - HKLM…\Run: [LanguageShortcut] d:\Programy\PowerDVD\Language\Language.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [PCSuiteTrayApplication] D:\Programy\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM…\Run: [AWMON] “D:\Programy\Ad-Aware SE Professional\Ad-Watch.exe” O4 - HKLM…\Run: [CreativeMouse] C:\Program Files\Creative\Mouse Optical\mouse_2k.exe O4 - HKLM…\Run: [nod32kui] “d:\Programy\Eset\nod32kui.exe” /WAITSERVICE O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [bitTorrent] “d:\Programy\BitTorrent\bittorrent.exe” --force_start_minimized O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Programy\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - d:\Programy\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Silent Runners
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS] “BitTorrent” = ““d:\Programy\BitTorrent\bittorrent.exe” --force_start_minimized” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” [MS] “RemoteControl” = “d:\Programy\PowerDVD\PDVDServ.exe” [“Cyberlink Corp.”] “LanguageShortcut” = “d:\Programy\PowerDVD\Language\Language.exe” [null data] “NWEReboot” = “(empty string)” [file not found] “NeroFilterCheck” = “C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [“Nero AG”] “PCSuiteTrayApplication” = “D:\Programy\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup” [“Nokia”] “AWMON” = ““D:\Programy\Ad-Aware SE Professional\Ad-Watch.exe”” [“Lavasoft Sweden”] “CreativeMouse” = “C:\Program Files\Creative\Mouse Optical\mouse_2k.exe” [empty string] “nod32kui” = ““d:\Programy\Eset\nod32kui.exe” /WAITSERVICE” ["Eset "] HKLM\Software\Microsoft\Active Setup\Installed Components\ >{26923b43-4d38-484f-9b9e-de460746276c}(Default) = “Internet Explorer” \StubPath = “C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “D:\Programy\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “d:\Programy\WinRAR\rarext.dll” [null data] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “D:\Programy\ALCOHO~1\ALCOHO~1\AXShlEx.dll” [“Alcohol Soft Development Team”] “{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}” = “PhoneBrowser” -> {HKLM…CLSID} = “Nokia Phone Browser” \InProcServer32(Default) = “D:\Programy\Nokia\Nokia PC Suite 6\PhoneBrowser.dll” [“Nokia”] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS] “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” = “NOD32 Context Menu Shell Extension” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “d:\Programy\Eset\nodshex.dll” [null data] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “D:\Programy\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “d:\Programy\Eset\nodshex.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “d:\Programy\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “d:\Programy\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “d:\Programy\Eset\nodshex.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “d:\Programy\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp” Startup items in “Grzesiek” & “All Users” startup folders: ---------------------------------------------------------- C:\Documents and Settings\Grzesiek\Menu Start\Programy\Autostart “Adobe Gamma” -> shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Reader Speed Launch” -> shortcut to: “D:\Programy\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\System32\imon.dll ["Eset "], 01 - 05, 12 %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11, 13 - 26 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_06” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Cyberlink RichVideo Service(CRVS), RichVideo, ““C:\Program Files\Cyberlink\Shared files\RichVideo.exe”” [empty string] NOD32 Kernel Service, NOD32krn, ““d:\Programy\Eset\nod32krn.exe”” ["Eset "] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\System32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt09\Driver = “hpzsnt09.dll” [“HP”] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 516 seconds, including 5 seconds for message boxes)
Combofix
“Grzesiek” - 07-01-25 23:01:55 Dodatek Service Pack. 1 ComboFix 07-01-25 - Running from: “C:\Documents and Settings\Grzesiek\Pulpit\HijackThis” ((((((((((((((((((((((((((((((( Files Created from 2006-12-25 to 2007-01-25 )))))))))))))))))))))))))))))))))) 2007-01-25 21:09 2007-01-19 22:39 2007-01-19 22:39 2007-01-18 22:05 2007-01-18 22:05 2007-01-18 22:03 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll 2007-01-18 22:03 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2007-01-18 22:03 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll 2007-01-18 21:58 286,720 --a------ C:\WINDOWS\iun507.exe 2007-01-10 16:35 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-01-10 16:35 270,336 --a------ C:\WINDOWS\system32\imon.dll 2007-01-07 16:41 65,536 --a------ C:\WINDOWS\system32\BitSys.dll 2007-01-07 16:04 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-01-07 16:04 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-01-23 17:22 -------- d-------- C:\DOCUME~1\Grzesiek\Dane aplikacji\skype 2007-01-21 19:57 -------- d—s---- C:\DOCUME~1\Grzesiek\Dane aplikacji\microsoft 2007-01-15 21:11 -------- d-------- C:\Program Files\hero editor 2007-01-07 16:43 73216 --a------ C:\WINDOWS\st6unst.exe 2006-12-05 23:06 249856 --------- C:\WINDOWS\setup1.exe 2006-12-04 01:21 43520 --a------ C:\WINDOWS\system32\cmdlineext03.dll 2006-12-04 01:18 21840 --a----t- C:\WINDOWS\system32\sintfnt.dll 2006-12-04 01:18 17212 --a----t- C:\WINDOWS\system32\sintf32.dll 2006-12-04 01:18 12067 --a----t- C:\WINDOWS\system32\sintf16.dll 2006-12-03 21:00 -------- d-------- C:\DOCUME~1\Grzesiek\Dane aplikacji\adobe 2006-12-03 18:25 -------- d-------- C:\DOCUME~1\Grzesiek\Dane aplikacji\nokia multimedia player 2006-12-02 21:15 17216 --a------ C:\DOCUME~1\Grzesiek\Dane aplikacji\gdipfontcachev1.dat 2006-11-30 17:07 -------- d-------- C:\DOCUME~1\Grzesiek\Dane aplikacji\identities 2006-11-30 15:47 -------- d-------- C:\Program Files\Common Files\adobe 2006-11-30 15:43 -------- d-------- C:\Program Files\Common Files\adobe systems shared 2006-11-21 22:30 65536 --a------ C:\WINDOWS\dtdraw.dll 2006-10-31 19:28 60416 --a------ C:\WINDOWS\alcfdrtm.exe 2006-10-31 19:15 0 -rahs---- C:\MSDOS.SYS 2006-10-31 19:15 0 -rahs---- C:\IO.SYS 2006-10-31 19:15 0 --a------ C:\CONFIG.SYS 2006-10-31 19:15 0 --a------ C:\AUTOEXEC.BAT 2006-10-31 18:53 62 --ahs---- C:\DOCUME~1\Grzesiek\Dane aplikacji\desktop.ini (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” “BitTorrent”="“d:\Programy\BitTorrent\bittorrent.exe” --force_start_minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “SoundMan”=“SOUNDMAN.EXE” “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” “nwiz”=“nwiz.exe /install” “NvMediaCenter”=“RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” “RemoteControl”=“d:\Programy\PowerDVD\PDVDServ.exe” “LanguageShortcut”=“d:\Programy\PowerDVD\Language\Language.exe” “NWEReboot”="" “NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” “PCSuiteTrayApplication”=“D:\Programy\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup” “AWMON”="“D:\Programy\Ad-Aware SE Professional\Ad-Watch.exe”" “CreativeMouse”=“C:\Program Files\Creative\Mouse Optical\mouse_2k.exe” “nod32kui”="“d:\Programy\Eset\nod32kui.exe” /WAITSERVICE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 Completion time: 07-01-25 23:02:35
A teraz taka mała dygresja.
Czy Windows jest systemem dla każdego?? Wielu ludzi twierdzi że to Linux sprawia wiele problemów, trudności itp. Gdybym miał przeliczyć czas i nerwy jakie straciłem przy Windowsie to byłoby tego naprawdę sporo Czasami świerzo po instalacji systemu wwala się masa jakiegoś robactwa (nawet sterowników nie zdążę poinstalować ) i niech mi nikt nie mówi że przeciętny użytkownik sobie z tym poradzi Do tego dosyć częste krótkie zwisy (bez skojarzeń) i wiele innych. Windows nie jest systemem dla przysłowiowego Kowalskiego (chyba że ma on kupę kasy na servis w najbliższym komputerowym lub dobrego znajomego, który się już poznał na produkcie MS).
Na drugim HD mam Kubuntu, nigdy mi się nie zawiesił, żadnych problemów z wirusami, trojanami i innym robactwem (ale pewnie to jest tylko kwestia czasu). Doprowadziłem go do stanu w którym miałem wszystko to co na windzie prócz drukarki (jakoś nie chciała załapać ale wiem że działa) i oczywiście wszelkiego rodzaju software’u robionego pod Windowsa (większość działa przez emulatora ). Miejmy tylko nadzieję że w przyszłości wszelkiego rodzaju programy i gry będą robione także pod Pingwina.
Może trochę przesadziłem
Z góry WIELKIE dzięki za pomoc.
P.S. Sorki za błędy, brak składu i ładu.
adam9870
(adam9870)
25 Styczeń 2007 22:52
#6
Logi są ok.
Poruszyłeś bardzo dyskusyjny temat dotyczący wyboru systemu operacyjnego - Windows czy Linux? Cóż, moim zdaniem Windows jest jednak systemem dla przeciętnego Kowalskiego ale jeśli umie wykonywać podstawowe czynności w systemie etc. Czyli wie jak np. tworzy się foldery, tworzy się różnego rodzaju pliki, umie instalować nowe programy i zna ogólne zasady korzystania z internetu i komputera. Do takich czynności Windows powinien wystarczyć i nie sprawiać wielu problemów ale co innego jeśli chodzi o bezpieczeństwo, ponieważ o to trzeba już osobiście zadbać i odpowiednio zainstalować system (wtyczka od kabelka telefonicznego od internetu z gniazdka), na bieżąco instalować wszelkie wydawane przez producenta systemu - Microsoft poprawki bezpieczeństwa, pozamykać porty robakom, a nawet czasami samemu powalczyć z syfem. Oczywiście w Linuxie można mieć to samo, ale niestety tam jest nieco gorzej z profesjonalnymi programami graficznymi jak np. Adobe Photoshop czy Corel Paint Shop Pro… Ale do wykonywania podstawowych czynności oba systemy moim zdaniem nadają się mniej więcej tak samo dobre.