Z mojego kompa rozsyłany jest spam?! Pomocy: jak TO wyrzucić

gaba · 28 Czerwiec 2006 06:34

Witam

Proszę o pomoc, bo ostatnio mój operator internetowy zgłosił mi, że z mojego kompa rozsyłany jest spam. Chyba coś się zagnieździło a ja nie potrafię tego znaleźć. Od jakiegoś czasu otrzymuję pocztą jakieś dziwne maile, których nigdy nie otwierałam i od razu wyrzucałam. Jeszcze niedawno używałam nortona antywirusa. Teraz mam avast. Ani poprzedni ani ten ten aktualnie zainstalowany program antywirusowy nic nie znajdują.

Proszę o jakieś sugestie. Tylko proszę jak krowie na miedzy, bo jestem księgową i na podatkach się znam, ale na komputerach to już mocno średnio, czyli totalna amatorszczyzna.

Pozdrawiam

Monczkin · 28 Czerwiec 2006 06:36

gaba na początek przeczytaj ten temat http://forum.dobreprogramy.pl/viewtopic.php?t=36654 i wklej loga

gaba · 28 Czerwiec 2006 06:54

Wklejam loga (mam nadzieję, że nic nie spartoliłam, ale naprawdę się starałam robić wszystko zgodnie ze wskazówkami):

Logfile of HijackThis v1.99.1 Scan saved at 08:54:29, on 2006-06-28 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ltmoh\Ltmoh.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\acer\epm\epm-dm.exe C:\PROGRA~1\LAUNCH~1\LManager.EXE C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Tlen.pl\tlen.exe C:\Program Files\Spamihilator\spamihilator.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\PDFSaver.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\WINDOWS\system32\hpzipm12.exe C:\WINDOWS\system32\svchost.exe C:\Symfonia\HkServer.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Symfonia\Amfk.exe C:\Symfonia\W32MKDE.EXE C:\Program Files\Alwil Software\Avast4\ashSimpl.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\GABA\USTAWI~1\Temp\Katalog tymczasowy 2 dla hijackthis[1].zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infor.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM…\Run: [LaunchApp] Alaunch O4 - HKLM…\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM…\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM…\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [iMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32 O4 - HKLM…\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM…\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM…\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM…\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM…\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.EXE O4 - HKLM…\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM…\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM…\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM…\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM…\Run: [statusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM…\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKLM…\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [OpwareSE2] “C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe” O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Komunikator] “C:\Program Files\Tlen.pl\tlen.exe” --confdir=home O4 - HKCU…\Run: [spamihilator] “C:\Program Files\Spamihilator\spamihilator.exe” O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Symfonia® PDF.lnk = C:\WINDOWS\system32\PDFSaver.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip…{A8D7FC74-2538-46C7-BC07-7C00AD8F36CD}: NameServer = 192.168.50.254,81.219.100.1 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe O23 - Service: SYMFONIA® Serwer Kluczy Sprzętowych (SymfoniaNetKey) - Sage Symfonia sp. z o.o. - C:\Symfonia\HkServer.exe

Gutek · 28 Czerwiec 2006 07:37

tego nie znam co to za program?

filuniu · 28 Czerwiec 2006 08:10

to pakiet programów księgowych / kasowych

gaba · 28 Czerwiec 2006 08:11

To jest klucz do wprowadzania kodu aktywacyjnego programu ksiegowego Symfonia

Gutek · 28 Czerwiec 2006 08:16

gaba nic nie iwdać, daj log z Silenta oraz użyj skanerów online - Skanery do wyboru

gaba · 28 Czerwiec 2006 08:30

Log z Silenta

“Silent Runners.vbs”, revision 46, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] “Komunikator” = ““C:\Program Files\Tlen.pl\tlen.exe” --confdir=home” [“o2.pl Sp. z o.o.”] “Spamihilator” = ““C:\Program Files\Spamihilator\spamihilator.exe”” [“Michel Krämer”] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “LaunchApp” = “Alaunch” [“Acer Inc.”] “IgfxTray” = “C:\WINDOWS\system32\igfxtray.exe” [“Intel Corporation”] “HotKeysCmds” = “C:\WINDOWS\system32\hkcmd.exe” [“Intel Corporation”] “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “AGRSMMSG” = “AGRSMMSG.exe” [“Agere Systems”] “LtMoh” = “C:\Program Files\ltmoh\Ltmoh.exe” [“Agere Systems”] “SynTPLpr” = “C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [“Synaptics, Inc.”] “SynTPEnh” = “C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [“Synaptics, Inc.”] “RemoteControl” = ““C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”” [“Cyberlink Corp.”] “IMJPMIG8.1” = ““C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32” [MS] “MSPY2002” = “C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC” [null data] “PHIME2002ASync” = “C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC” [MS] “PHIME2002A” = “C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName” [MS] “EPM-DM” = “c:\acer\epm\epm-dm.exe” [“Acer Inc”] “ePowerManagement” = “C:\Acer\ePM\ePM.exe boot” [“Acer Value Labs, Taiwan”] “LManager” = “C:\PROGRA~1\LAUNCH~1\LManager.EXE” [“Dritek System Inc.”] “zBrowser Launcher” = “C:\Program Files\Logitech\iTouch\iTouch.exe” [“Logitech Inc.”] “Logitech Utility” = “Logi_MwX.Exe” [“Logitech Inc.”] “mmtask” = “c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe” ["TODO: "] “MMTray” = “C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe” [“MUSICMATCH, Inc.”] “StatusClient 2.6” = “C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto” [“Hewlett-Packard”] “TomcatStartup 2.5” = “C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe” [“Hewlett-Packard”] “OrderReminder” = “C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe” [“Hewlett-Packard”] “HP Software Update” = “C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe” [“Hewlett-Packard Co.”] “OpwareSE2” = ““C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe”” [“ScanSoft, Inc.”] “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx” [empty string] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided) -> {HKLM…CLSID} = “Google Toolbar Helper” \InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]

adam9870 · 28 Czerwiec 2006 08:31

Log jest ucięty. Poczekaj aż program skończy go robić. Poinforumje wtedy odpowiednim komunikatem i dopiero wtedy wklej go na forum.

gaba · 28 Czerwiec 2006 08:43

Wydaje mi się, że coś jednak musi w moim kompie “siedzieć”, bo juz dwa razy miałam komunikat od dostawcy internetowego, że z mojego kompa rozsyłany jest spam szkodliwy dla innych użytkowników. Pierwszy raz było to ponad miesiąc temu. Potem był przez miesiac spokój i wczoraj znów miałam czasowo zablokowany dostęp do netu z komunikatem ostrzegającym.

Jedynymi niepokojącymi sygnałami poza tym, to były te dziwne maile w j. angielskim. Raz dziennie przychodził co najmniej jeden. Wszystkich adresatów blokowałam i usuwałam maile. Myślę, że to może mieć związek z moim problemem, bo pierwsze ostrzeżenie przyszlo w tym samym czasie, gdy pojawiłay się te dziwne maile. A potem moi znajomi, którym wysyłałam pocztę też zaczęli otzrzymywać podobne dziwne maile. Jedna osoba, która ma zainstalowany avast mówiła mi, że otrzymywała komunikat, że moja poczta jest zainfekowana. Dlaczego więc “mój” avast nic nie znajduje

Złączono Posta : 28.06.2006 (Sro) 10:45

Muszę jeszcze raz zainstalować Silenta, bo pojawia mi się komunikat z błędem. Pewnie dlatego ucina

Myszak · 28 Czerwiec 2006 08:51

Podaj go tutaj

gaba · 28 Czerwiec 2006 08:55

“Silent Runners.vbs”, revision 46, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] “Komunikator” = ““C:\Program Files\Tlen.pl\tlen.exe” --confdir=home” [“o2.pl Sp. z o.o.”] “Spamihilator” = ““C:\Program Files\Spamihilator\spamihilator.exe”” [“Michel Krämer”] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “LaunchApp” = “Alaunch” [“Acer Inc.”] “IgfxTray” = “C:\WINDOWS\system32\igfxtray.exe” [“Intel Corporation”] “HotKeysCmds” = “C:\WINDOWS\system32\hkcmd.exe” [“Intel Corporation”] “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “AGRSMMSG” = “AGRSMMSG.exe” [“Agere Systems”] “LtMoh” = “C:\Program Files\ltmoh\Ltmoh.exe” [“Agere Systems”] “SynTPLpr” = “C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [“Synaptics, Inc.”] “SynTPEnh” = “C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [“Synaptics, Inc.”] “RemoteControl” = ““C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”” [“Cyberlink Corp.”] “IMJPMIG8.1” = ““C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32” [MS] “MSPY2002” = “C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC” [null data] “PHIME2002ASync” = “C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC” [MS] “PHIME2002A” = “C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName” [MS] “EPM-DM” = “c:\acer\epm\epm-dm.exe” [“Acer Inc”] “ePowerManagement” = “C:\Acer\ePM\ePM.exe boot” [“Acer Value Labs, Taiwan”] “LManager” = “C:\PROGRA~1\LAUNCH~1\LManager.EXE” [“Dritek System Inc.”] “zBrowser Launcher” = “C:\Program Files\Logitech\iTouch\iTouch.exe” [“Logitech Inc.”] “Logitech Utility” = “Logi_MwX.Exe” [“Logitech Inc.”] “mmtask” = “c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe” ["TODO: "] “MMTray” = “C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe” [“MUSICMATCH, Inc.”] “StatusClient 2.6” = “C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto” [“Hewlett-Packard”] “TomcatStartup 2.5” = “C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe” [“Hewlett-Packard”] “OrderReminder” = “C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe” [“Hewlett-Packard”] “HP Software Update” = “C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe” [“Hewlett-Packard Co.”] “OpwareSE2” = ““C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe”” [“ScanSoft, Inc.”] “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx” [empty string] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided) -> {HKLM…CLSID} = “Google Toolbar Helper” \InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{2F603045-309F-11CF-9774-0020AFD0CFF6}” = “Synaptics Control Panel” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Synaptics\SynTP\SynTPCpl.dll” [“Synaptics, Inc.”] “{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0}” = “EPM-PO Shell Extension” -> {HKLM…CLSID} = “EPM-PO Shell Extensions” \InProcServer32(Default) = “epm-po.dll” [“Acer Labs USA”] “{59850401-6664-101B-B21C-00AA004BA90B}” = “Microsoft Office Binder Unbind” -> {HKLM…CLSID} = “Microsoft Office Binder Unbind” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~3\Office\1045\UNBIND.DLL” [MS] “{21569614-B795-46b1-85F4-E737A8DC09AD}” = “Shell Search Band” -> {HKLM…CLSID} = “Shell Search Band” \InProcServer32(Default) = “C:\WINDOWS\system32\browseui.dll” [MS] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! igfxcui\DLLName = “igfxsrvc.dll” [“Intel Corporation”] INFECTION WARNING! WgaLogon\DLLName = “WgaLogon.dll” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “c:\windows\web\wallpaper\acer.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\system32\ssstars.scr” [MS] Startup items in “GABA” & “All Users” startup folders: ------------------------------------------------------ C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS] “Symfonia® PDF” -> shortcut to: “C:\WINDOWS\system32\PDFSaver.exe” [“Tracker Software Products”] “Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 12 %SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided) -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] Notebook Manager Service, anbmService, “C:\Acer\eManager\anbmServ.exe” [“OSA Technologies Inc.”] Pml Driver HPZ12, Pml Driver HPZ12, “C:\WINDOWS\system32\hpzipm12.exe” [“HP”] SYMFONIA® Serwer Kluczy Sprzętowych, SymfoniaNetKey, “C:\Symfonia\HkServer.exe” [“Sage Symfonia sp. z o.o.”] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ HP Capture Driver Monitor BFI\Driver = “hppcappm.dll” [“Hewlett-Packard”] HP Master Monitor\Driver = “HPBMMON.DLL” [“Hewlett-Packard”] Microsoft Shared Fax Monitor\Driver = “FXSMON.DLL” [MS] PDF-XChange\Driver = “pxc25pm.dll” [“Tracker Software”] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer “No” at the first message box. ---------- (total run time: 32 seconds, including 18 seconds for message boxes)

Gutek · 28 Czerwiec 2006 09:20

Nic nie widać w log-u.

Scan EWIDO po update

gaba · 28 Czerwiec 2006 10:16

Zeskanowałam i ewido wyrzucił 62 zainfekowane pliki: 1 typu adware a reszta trecking. Mam nadzieję, że to koniec moich kłopotów.

Wielkie dzięki! Gdybyście kiedyś potrzebowali porady ws podatków służę pomocą.

Pozdro