Zainfekowany komp ,-wrrr

Dla specjalistów Bezpieczeństwo
#1

Jak duza liczba uzytkownikow mam prosbe do kogos kto moglby rzucic na to okiem (komp chodzi mi wolo, zmienia strone startowa a ad-aware wciaz znajduje rzeczy typu tradedoubler ,mediaplex,trojan.win32.agent.tz, no i pojawil sie tez need2find i virusburst) PLEASE HELP

:Logfile of HijackThis v1.99.1

Scan saved at 13:47:54, on 2006-11-27

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HijackThis\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM…\Run: [KAVWks50] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe” /minimize /chkas

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe

#2

Proszę poprawić błędy i poprawić posta zgodnie z tematami, w tym dziale, o prawidłowym wklejaniu logów na forum.

#3

Usuń Hijackiem ten wpis:

Zrób skan AVG AntySpyware 7.5 po update :slight_smile:

Przeskanuj komputer programami Ad-aware SE Personal 1.06 oraz Spybot Search & Destroy 1.4

Wrzuć jeszcze log z Silent Runners

#4

Ad-Aware SE Build 1.06r1

Logfile Created on:27 November 2006 14:41:42

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R135 27.11.2006

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MRU List(TAC index:0):13 total references

Tracking Cookie(TAC index:3):1 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Search for low-risk threats

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan within archives

Set : Scan my Hosts file

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

2006-11-27 14:41:42 - Scan started. (Full System Scan)

MRU List Object Recognized!

Location: : C:\Documents and Settings\john\recent

Description : list of recently opened documents

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

MRU List Object Recognized!

Location: : S-1-5-21-1275210071-1614895754-1801674531-1003\software\microsoft\internet explorer

Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!

Location: : S-1-5-21-1275210071-1614895754-1801674531-1003\software\microsoft\mediaplayer\player\recentfilelist

Description : list of recently used files in microsoft windows media player

MRU List Object Recognized!

Location: : S-1-5-21-1275210071-1614895754-1801674531-1003\software\microsoft\microsoft management console\recent file list

Description : list of recent snap-ins used in the microsoft management console

MRU List Object Recognized!

Location: : S-1-5-21-1275210071-1614895754-1801674531-1003\software\microsoft\search assistant\acmru

Description : list of recent search terms used with the search assistant

MRU List Object Recognized!

Location: : S-1-5-21-1275210071-1614895754-1801674531-1003\software\microsoft\windows\currentversion\applets\regedit

Description : last key accessed using the microsoft registry editor

MRU List Object Recognized!

Location: : S-1-5-21-1275210071-1614895754-1801674531-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

MRU List Object Recognized!

Location: : S-1-5-21-1275210071-1614895754-1801674531-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!

Location: : S-1-5-21-1275210071-1614895754-1801674531-1003\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

MRU List Object Recognized!

Location: : S-1-5-21-1275210071-1614895754-1801674531-1003\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 624

ThreadCreationTime : 2006-11-27 12:52:55

BasePriority : Normal

#:2 [csrss.exe]

FilePath : ??\C:\WINDOWS\system32\

ProcessID : 680

ThreadCreationTime : 2006-11-27 12:52:58

BasePriority : Normal

#:3 [winlogon.exe]

FilePath : ??\C:\WINDOWS\system32\

ProcessID : 704

ThreadCreationTime : 2006-11-27 12:53:00

BasePriority : High

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 752

ThreadCreationTime : 2006-11-27 12:53:03

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 764

ThreadCreationTime : 2006-11-27 12:53:03

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 912

ThreadCreationTime : 2006-11-27 12:53:06

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1020

ThreadCreationTime : 2006-11-27 12:53:08

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:8 [msmpeng.exe]

FilePath : C:\Program Files\Windows Defender\

ProcessID : 1120

ThreadCreationTime : 2006-11-27 12:53:09

BasePriority : Normal

FileVersion : 1.1.1347.0

ProductVersion : 1.1.1347.0

ProductName : Windows Defender

CompanyName : Microsoft Corporation

FileDescription : Service Executable

InternalName : MsMpEng.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : MsMpEng.exe

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1176

ThreadCreationTime : 2006-11-27 12:53:10

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:10 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1272

ThreadCreationTime : 2006-11-27 12:53:10

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:11 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1384

ThreadCreationTime : 2006-11-27 12:53:13

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:12 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 1660

ThreadCreationTime : 2006-11-27 12:53:19

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

#:13 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1688

ThreadCreationTime : 2006-11-27 12:53:20

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

#:14 [guard.exe]

FilePath : C:\Program Files\ewido anti-spyware 4.0\

ProcessID : 1972

ThreadCreationTime : 2006-11-27 12:53:28

BasePriority : Normal

FileVersion : 4, 0, 0, 172

ProductVersion : 4, 0, 0, 172

ProductName : ewido anti-spyware

CompanyName : Anti-Malware Development a.s.

FileDescription : ewido anti-spyware guard

InternalName : ewido anti-spywareguard

LegalCopyright : Copyright © 2005 Anti-Malware Development a.s.

OriginalFilename : guard.exe

#:15 [alg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1100

ThreadCreationTime : 2006-11-27 12:53:42

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

#:16 [ctfmon.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 164

ThreadCreationTime : 2006-11-27 12:54:03

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : CTFMON.EXE

#:17 [iexplore.exe]

FilePath : C:\Program Files\Internet Explorer\

ProcessID : 3032

ThreadCreationTime : 2006-11-27 13:57:19

BasePriority : Normal

FileVersion : 7.00.5730.11 (winmain(wmbla).061017-1135)

ProductVersion : 7.00.5730.11

ProductName : Windows® Internet Explorer

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : IEXPLORE.EXE

#:18 [tlen.exe]

FilePath : C:\Program Files\Tlen.pl\

ProcessID : 3676

ThreadCreationTime : 2006-11-27 13:59:01

BasePriority : Normal

FileVersion : 6.0.1.6

ProductVersion : 6.0.1.6

ProductName : Komunikator Tlen.pl

CompanyName : o2.pl Sp. z o.o.

FileDescription : Komunikator Tlen.pl

LegalCopyright : © 1999-2006 o2.pl Sp. z o.o.

LegalTrademarks : Tlen jest znakiem towarowym prawnie chronionym

OriginalFilename : Tlen.exe

#:19 [winamp.exe]

FilePath : C:\Program Files\Winamp\

ProcessID : 3316

ThreadCreationTime : 2006-11-27 13:59:26

BasePriority : Normal

FileVersion : 5,2,4,703

ProductVersion : 5.2.4.703

ProductName : Winamp

CompanyName : Nullsoft

FileDescription : Winamp

InternalName : WINAMP

LegalCopyright : Copyright © 1997-2006, Nullsoft

LegalTrademarks : Nullsoft and Winamp are trademarks of Nullsoft, Inc.

OriginalFilename : Winamp.exe

Comments : Visit http://www.winamp.com/ for updates.

#:20 [msnmsgr.exe]

FilePath : C:\Program Files\MSN Messenger\

ProcessID : 520

ThreadCreationTime : 2006-11-27 14:01:28

BasePriority : Normal

FileVersion : 7.5.0324

ProductVersion : 7.5.0324

ProductName : MSN Messenger

CompanyName : Microsoft Corporation

FileDescription : MSN Messenger

InternalName : msnmsgr

LegalCopyright : Copyright © Microsoft Corporation 1997-2004

LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msnmsgr.exe

#:21 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\

ProcessID : 3868

ThreadCreationTime : 2006-11-27 14:41:21

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 13

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 13

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 13

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : john@adserver.o2[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:john@adserver.o2.pl/

Expires : 2009-07-26 19:20:14

LastSync : Hits:1

UseCount : 0

Hits : 1

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 1

Objects found so far: 14

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 14

Scanning Hosts file…

Hosts file location:“C:\WINDOWS\system32\drivers\etc\hosts”.

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

4546 entries scanned.

New critical objects:0

Objects found so far: 14

Performing conditional scans…

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 14

14:50:24 Scan Complete

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:08:41.484

Objects scanned:118380

Objects identified:1

Objects ignored:0

New critical objects:1

#5

Gdzie log z Silenta?

#6

z silenta juz sie bedzie robil - 27.11.2006 15:07:37 - ##### check started #####

27.11.2006 15:07:37 - ### Version: 1.4

27.11.2006 15:07:37 - ### Date: 2006-11-27 15:07:37

27.11.2006 15:07:38 - ##### checking bots #####

27.11.2006 15:14:06 - found: Microsoft.WindowsSecurityCenter.AntiVirusOverride Ustawienia

27.11.2006 15:18:30 - ##### checking usage tracking #####

27.11.2006 15:18:30 - found: Common Dialogs History 4 files

27.11.2006 15:18:31 - found: Log Activity: SchedLgU.Txt SchedLgU.Txt

27.11.2006 15:18:31 - found: Log Shutdown: System32\wbem\logs\wbemess.log System32\wbem\logs\wbemess.log

27.11.2006 15:18:31 - found: Log Shutdown: System32\wbem\logs\wbemprox.log System32\wbem\logs\wbemprox.log

27.11.2006 15:18:31 - found: Log Shutdown: System32\wbem\logs\wmiprov.log System32\wbem\logs\wmiprov.log

27.11.2006 15:18:31 - found: Ahead Nero Burning Rom Browser directory

27.11.2006 15:18:31 - found: Ahead Nero Burning Rom Working directory

27.11.2006 15:18:31 - found: Ahead Nero Burning Rom Last ISO directory

27.11.2006 15:18:32 - found: Internet Explorer Download directory

27.11.2006 15:18:32 - found: MS Management Console Recent command list 1 plików

27.11.2006 15:18:32 - found: MS Media Player Recent file list 1 plików

27.11.2006 15:18:33 - found: MS Media Player Anonymous ID

27.11.2006 15:18:33 - found: MS Direct3D Most recent application

27.11.2006 15:18:33 - found: MS DirectDraw Most recent application

27.11.2006 15:18:34 - found: MS Office 11.0 (Excel) Recent file list 1 plików

27.11.2006 15:18:34 - found: MS Office 11.0 (Word) Recent file list

27.11.2006 15:18:34 - found: MS Regedit Recent open key

27.11.2006 15:18:34 - found: MS Search Assistant Typed search terms history

27.11.2006 15:18:35 - found: Windows.OpenWith Open with list - .BMP extension 4 plików

27.11.2006 15:18:35 - found: Windows Explorer Recent wallpaper list 501 plików

27.11.2006 15:18:35 - found: Windows Explorer Stream history 4 plików

27.11.2006 15:18:35 - found: Windows Explorer User Assistant history IE 6 plików

27.11.2006 15:18:35 - found: Windows Explorer User Assistant history files 64 plików

27.11.2006 15:18:36 - found: Windows Explorer Last visited history 2 plików

27.11.2006 15:18:36 - found: Windows Explorer Recent file global history

27.11.2006 15:18:36 - found: Windows Media SDK Computer name

27.11.2006 15:18:36 - found: Windows Media SDK Computer name

27.11.2006 15:18:36 - found: Windows Media SDK Computer name

27.11.2006 15:18:36 - found: Windows Media SDK Unique ID

27.11.2006 15:18:36 - found: Windows Media SDK Volume serial number

27.11.2006 15:18:36 - found: WinRAR Last used directory

27.11.2006 15:18:36 - found: Cookie Cookie (23)

27.11.2006 15:18:36 - found: Cache Bufor (950)

27.11.2006 15:18:37 - ##### check finished #####

— Report generated: 2006-11-27 15:18 —

Microsoft.WindowsSecurityCenter.AntiVirusOverride: Ustawienia (Zmiany w rejestrze, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0

Common Dialogs: History (4 files) (Klucz rejestru, nothing done)

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Log: Activity: SchedLgU.Txt (Plik kopii zapasowej, nothing done)

C:\WINDOWS\SchedLgU.Txt

Log: Shutdown: System32\wbem\logs\wbemess.log (Plik kopii zapasowej, nothing done)

C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\wbemprox.log (Plik kopii zapasowej, nothing done)

C:\WINDOWS\System32\wbem\logs\wbemprox.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Plik kopii zapasowej, nothing done)

C:\WINDOWS\System32\wbem\logs\wmiprov.log

Ahead Nero Burning Rom: Browser directory (Zmiany w rejestrze, nothing done)

HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Ahead\Nero - Burning Rom\Settings\BrowserDir!=

Ahead Nero Burning Rom: Working directory (Zmiany w rejestrze, nothing done)

HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Ahead\Nero - Burning Rom\Settings\WorkingDir!=

Ahead Nero Burning Rom: Last ISO directory (Zmiany w rejestrze, nothing done)

HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\ahead\Nero - Burning Rom\General\OFDLastISODir!=

Internet Explorer: Download directory (Zmiany w rejestrze, nothing done)

HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\Internet Explorer\Download Directory!=

MS Management Console: Recent command list (1 plików) (Klucz rejestru, nothing done)

HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\Microsoft Management Console\Recent File List

MS Media Player: Recent file list (1 plików) (Klucz rejestru, nothing done)

HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\MediaPlayer\Player\RecentFileList

MS Media Player: Anonymous ID (Zmiany w rejestrze, nothing done)

HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0

MS Direct3D: Most recent application (Zmiany w rejestrze, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name!=

MS DirectDraw: Most recent application (Zmiany w rejestrze, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=

MS Office 11.0 (Excel): Recent file list (1 plików) (Klucz rejestru, nothing done)

HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\Office\11.0\Excel\Recent Files

MS Office 11.0 (Word): Recent file list (Wartość rejestru, nothing done)

HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\Office\11.0\Word\Data\Settings

MS Regedit: Recent open key (Zmiany w rejestrze, nothing done)

HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey!=

MS Search Assistant: Typed search terms history (Klucz rejestru, nothing done)

HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\Search Assistant\ACMru

Windows.OpenWith: Open with list - .BMP extension (4 plików) (Klucz rejestru, nothing done)

HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts.BMP\OpenWithList

Windows Explorer: Recent wallpaper list (501 plików) (Klucz rejestru, nothing done)

HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

Windows Explorer: Stream history (4 plików) (Klucz rejestru, nothing done)

HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: User Assistant history IE (6 plików) (Klucz rejestru, nothing done)

HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: User Assistant history files (64 plików) (Klucz rejestru, nothing done)

HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: Last visited history (2 plików) (Klucz rejestru, nothing done)

HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: Recent file global history (Klucz rejestru, nothing done)

HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: Computer name (Zmiany w rejestrze, nothing done)

HKEY_USERS.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Computer name (Zmiany w rejestrze, nothing done)

HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Computer name (Zmiany w rejestrze, nothing done)

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Unique ID (Zmiany w rejestrze, nothing done)

HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Volume serial number (Wartość rejestru, nothing done)

HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

WinRAR: Last used directory (Zmiany w rejestrze, nothing done)

HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\WinRAR\General\LastFolder!=

Cookie: Cookie (23) (Cookie, nothing done)

Cache: Bufor (950) (Bufor, nothing done)

— Spybot - Search & Destroy version: 1.4 (build: 20050523) —

2005-05-31 blindman.exe (1.0.0.1)

2005-05-31 SpybotSD.exe (1.4.0.3)

2005-05-31 TeaTimer.exe (1.4.0.2)

2006-09-06 unins000.exe (51.41.0.0)

2005-05-31 Update.exe (1.4.0.0)

2006-02-06 advcheck.dll (1.0.2.0)

2005-05-31 aports.dll (2.1.0.0)

2005-05-31 borlndmm.dll (7.0.4.453)

2005-05-31 delphimm.dll (7.0.4.453)

2005-05-31 SDHelper.dll (1.4.0.0)

2006-02-20 Tools.dll (2.0.0.2)

2005-05-31 UnzDll.dll (1.73.1.1)

2005-05-31 ZipDll.dll (1.73.2.0)

2006-11-24 Includes\Cookies.sbi (*)

2006-10-13 Includes\Dialer.sbi (*)

2006-11-24 Includes\DialerC.sbi (*)

2006-11-24 Includes\Hijackers.sbi (*)

2006-11-24 Includes\HijackersC.sbi (*)

2006-10-27 Includes\Keyloggers.sbi (*)

2006-11-24 Includes\KeyloggersC.sbi (*)

2004-11-29 Includes\LSP.sbi (*)

2006-10-13 Includes\Malware.sbi (*)

2006-11-24 Includes\MalwareC.sbi (*)

2006-10-20 Includes\PUPS.sbi (*)

2006-11-24 Includes\PUPSC.sbi (*)

2006-11-24 Includes\Revision.sbi (*)

2006-10-13 Includes\Security.sbi (*)

2006-11-24 Includes\SecurityC.sbi (*)

2006-10-13 Includes\Spybots.sbi (*)

2006-11-24 Includes\SpybotsC.sbi (*)

2005-02-17 Includes\Tracks.uti (*)

2006-11-24 Includes\Trojans.sbi (*)

2006-11-24 Includes\TrojansC.sbi (*)

Złączono Posta : 27.11.2006 (Pon) 16:29

“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS]

“Windows Registry Repair Pro” = “C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4” [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“KAVWks50” = ““C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe” /minimize /chkas” [“Kaspersky Lab”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM…CLSID} = “AcroIEHlprObj Class”

\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)

-> {HKLM…CLSID} = “SSVHelper Class”

\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Display Panning CPL Extension”

-> {HKLM…CLSID} = “Display Panning CPL Extension”

\InProcServer32(Default) = “deskpan.dll” [file not found]

“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “HyperTerminal Icon Ext”

-> {HKLM…CLSID} = “HyperTerminal Icon Ext”

\InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]

“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS]

“{e57ce731-33e8-4c51-8354-bb4de9d215d1}” = “Universal Plug and Play Devices”

-> {HKLM…CLSID} = “Universal Plug and Play Devices”

\InProcServer32(Default) = “C:\WINDOWS\system32\upnpui.dll” [MS]

“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [file not found]

“{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu”

-> {HKLM…CLSID} = “Portable Media Devices Menu”

\InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<> “{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}” = “Microsoft AntiMalware ShellExecuteHook”

-> {HKLM…CLSID} = “Microsoft AntiMalware ShellExecuteHook”

\InProcServer32(Default) = “C:\PROGRA~1\WIFD1F~1\MpShHook.dll” [MS]

<> “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “ewido anti-spyware 4.0”

-> {HKLM…CLSID} = “CShellExecuteHookImpl Object”

\InProcServer32(Default) = “C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll” [“Anti-Malware Development a.s.”]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

“WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}”

-> {HKLM…CLSID} = “WPDShServiceObj Class”

\InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS]

HKLM\Software\Classes\PROTOCOLS\Filter\

<> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info”

-> {HKLM…CLSID} = “PDF Shell Extension”

\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

ewido anti-spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}”

-> {HKLM…CLSID} = “CContextScan Object”

\InProcServer32(Default) = “C:\Program Files\ewido anti-spyware 4.0\context.dll” [“Anti-Malware Development a.s.”]

Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\shellex.dll” [“Kaspersky Lab”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [file not found]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

ewido anti-spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}”

-> {HKLM…CLSID} = “CContextScan Object”

\InProcServer32(Default) = “C:\Program Files\ewido anti-spyware 4.0\context.dll” [“Anti-Malware Development a.s.”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [file not found]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\shellex.dll” [“Kaspersky Lab”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [file not found]

Group Policies {GPedit.msc branch and setting}:

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

“ClearRecentDocsOnExit” = (REG_DWORD) hex:0x00000001

{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

Złączono Posta : 27.11.2006 (Pon) 16:45

No i przepraszam za dlugi czas wysylania tych logow. Niestety ale moj pc strasznie sie tym zmeczyl. Z tego co zauwazylem i Ad Aware se personal jak i Ewido anti-spyware wciaz co drugi dzien pokazuje jeszcze zainfekowanie przez pliki jak : tradedoubler, mediaplex, trojan.win32.tz no i sporadycznie (juz dwa razy w pzreciagu ostatnich dwoch tygodni) wyszukuje need2find i virusbursta.

Dzieki za ewentualna pomoc i jak cos to gdzie wysylac dobrowolne datki za okazana pomoc :slight_smile:

Złączono Posta : 27.11.2006 (Pon) 17:48

ewido anti-spyware - Scan Report

  • Created at: 16:49:53 2006-11-27

  • Scan result:

C:\Documents and Settings\john\Cookies\john@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.

::Report end

Złączono Posta : 27.11.2006 (Pon) 21:41

Wiec moj komputer bedzie chodzil normalnie czy nie ma juz szans by cos z nim zrobic ?

Czym mam go jeszcze zeskanowac by ktos powiedzial co robic ?

#7

Zafixuj to w HJT bo progsa już nie masz.

To nie jest cały Silent > poczekaj na komunikat “Done”.

Ta część jest czysta i raczej nic nowego nie zobaczymy.

Ad-aware wykrywa różne rzeczy bo używasz IE i są to tracking cookie.

Przeczyść rejestr – użyj do tego jv16 PowerTools 2006 1.5.2.344.

Pozatym przejrzyj: Optymalizacja XP. :slight_smile:

#8

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE - POPRAW! !!

Pozdrawiam Gutek2222

#9

“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“NBJ” = ““C:\Program Files\Ahead\Nero BackItUp\NBJ.exe”” [“Ahead Software AG”]

“ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“Windows Defender” = ““C:\Program Files\Windows Defender\MSASCui.exe” -hide” [MS]

“KAVWks50” = ““C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe” /minimize /chkas” [“Kaspersky Lab”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM…CLSID} = “AcroIEHlprObj Class”

\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)

-> {HKLM…CLSID} = “SSVHelper Class”

\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Display Panning CPL Extension”

-> {HKLM…CLSID} = “Display Panning CPL Extension”

\InProcServer32(Default) = “deskpan.dll” [file not found]

“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “HyperTerminal Icon Ext”

-> {HKLM…CLSID} = “HyperTerminal Icon Ext”

\InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]

“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS]

“{e57ce731-33e8-4c51-8354-bb4de9d215d1}” = “Universal Plug and Play Devices”

-> {HKLM…CLSID} = “Universal Plug and Play Devices”

\InProcServer32(Default) = “C:\WINDOWS\system32\upnpui.dll” [MS]

“{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu”

-> {HKLM…CLSID} = “Portable Media Devices Menu”

\InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<> “{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}” = “Microsoft AntiMalware ShellExecuteHook”

-> {HKLM…CLSID} = “Microsoft AntiMalware ShellExecuteHook”

\InProcServer32(Default) = “C:\PROGRA~1\WIFD1F~1\MpShHook.dll” [MS]

<> “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “ewido anti-spyware 4.0”

-> {HKLM…CLSID} = “CShellExecuteHookImpl Object”

\InProcServer32(Default) = “C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll” [“Anti-Malware Development a.s.”]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

“WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}”

-> {HKLM…CLSID} = “WPDShServiceObj Class”

\InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS]

HKLM\Software\Classes\PROTOCOLS\Filter\

<> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info”

-> {HKLM…CLSID} = “PDF Shell Extension”

\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

ewido anti-spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}”

-> {HKLM…CLSID} = “CContextScan Object”

\InProcServer32(Default) = “C:\Program Files\ewido anti-spyware 4.0\context.dll” [“Anti-Malware Development a.s.”]

Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\shellex.dll” [“Kaspersky Lab”]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

ewido anti-spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}”

-> {HKLM…CLSID} = “CContextScan Object”

\InProcServer32(Default) = “C:\Program Files\ewido anti-spyware 4.0\context.dll” [“Anti-Malware Development a.s.”]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\shellex.dll” [“Kaspersky Lab”]

Group Policies {GPedit.msc branch and setting}:

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

“ClearRecentDocsOnExit” = (REG_DWORD) hex:0x00000001

{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

“DisableRegistryTools” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|System|

Prevent access to registry editing tools}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

“undockwithoutlogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

“Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp”

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

“Wallpaper” = “C:\Documents and Settings\john\Local Settings\Application Data\Microsoft\Wallpaper1.bmp”

Enabled Screen Saver:

HKCU\Control Panel\Desktop\

“SCRNSAVE.EXE” = “C:\WINDOWS\system32\logon.scr” [MS]

Enabled Scheduled Tasks:

“1-Click Maintenance” -> launches: “C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart” [file not found]

“MP Scheduled Scan” -> launches: “C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges” [MS]

Winsock2 Service Provider DLLs:

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]

000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

“{F2CF5485-4E02-4F68-819C-B92DE9277049}”

-> {HKLM…CLSID} = “&Links”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie”

Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32(Default) = “C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL” [MS]

Miscellaneous IE Hijack Points

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\

<> “TuneUp” = “file://C|/Documents and Settings/All Users/Application Data/TuneUp Software/Common/base.css” [file not found]

Running Services (Display Name, Service Name, Path {Service DLL}):

ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, “C:\Program Files\ewido anti-spyware 4.0\guard.exe” [“Anti-Malware Development a.s.”]

Kaspersky Anti-Virus Service, kavsvc, ““C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe”” [“Kaspersky Lab”]

Windows Defender Service, WinDefend, ““C:\Program Files\Windows Defender\MsMpEng.exe”” [MS]

Print Monitors:

HKLM\System\CurrentControlSet\Control\Print\Monitors\

Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS]

<>: Suspicious data at a malware launch point.

<>: Suspicious data at a browser hijack point.

  • This report excludes default entries except where indicated.

  • To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

  • To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer “No” at the

first message box and “Yes” at the second message box.

---------- (total run time: 84 seconds, including 18 seconds for message boxes)

_________________

bartek

Powrót do góry

Wyświetl posty z ostatnich: Wszystkie Posty1 Dzień7 Dni2 Tygodnie1 Miesiąc3 Miesiące6 Miesięcy1 Rok Najpierw StarszeNajpierw Nowsze

Forum dobreprogramy.pl Strona Główna -> Bezpieczeństwo i logi HijackThis Wszystkie czasy w strefie CET (Europa)

Strona 1 z 1

Szybka odpowiedź

Temat

Więcej Ikon

Domyślny Ciemnoczerwony Czerwony Pomarańczowy Brązowy Żółty Zielony Oliwkowy Błękitny Niebieski Ciemnoniebieski Purpurowy Fioletowy Biały Czarny

Minimalny Mały Normalny Duży Ogromny

» Zamknij Tagi

Możesz ukryć ten panel w swoim profilu Cytuj ostatni post

Dodaj podpis (może być zmieniony w profilu)

Powiadom mnie gdy ktoś odpowie

Przestań śledzić ten temat

Skocz do: Wybierz forum Tematyka vortalu----------------OprogramowanieProblemySprawdzone poradyPoszukujęSystemy operacyjne Microsoft WindowsSystem operacyjny Windows VistaSystemy operacyjne LinuxSieci komputeroweBezpieczeństwo i logi HijackThisWebmasteringGrafikaHardware, Sterowniki Vortal dobreprogramy.pl----------------O vortaluO forum Inne----------------Na luzie :-)GryTelefonia komórkowaŚmietnik

Możesz pisać nowe tematy

Możesz odpowiadać w tematach

Możesz zmieniać swoje posty

Możesz usuwać swoje posty

Możesz głosować w ankietach

s p o n s o r v o r t a l u

Powered by phpBB © 2001, 2005 phpBB Group

Złączono Posta : 28.11.2006 (Wto) 22:17

Ale ze mnie partacz. Po prostu kolejmy raz zapomnialem o qocie. Ale to juz ostatni raz. W zwiazku z tym wkleilem go raz jeszcze - jak widac nieco za duzo skopiowanych linijek. Mam nadzieje ze zosatnie mi to wybaczone po raz ostatni