Zainfekowany, zamulony komputer oraz niedziałające emotki


(Creativetm) #1

Witam.

Od pewnego czasu częsciej dostaję alerty od antywira i firewallla o infekcjach. Skanery też znajdują trochę syfu. Dodatkowo animacje na forum nie ruszają sie. Stoją ...

Proszę o sprawdzenie:

Logfile of HijackThis v1.99.1

Scan saved at 18:22:30, on 2007-04-02

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

F:\Eset\nod32krn.exe

C:\WINDOWS\System32\MsPMSPSv.exe

F:\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

F:\Eset\nod32kui.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

F:\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Admin\Moje dokumenty\hijackthis_199\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\FlashGet\jccatch.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - F:\FlashGet\getflash.dll

O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - F:\FlashGet\fgiebar.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [nod32kui] "F:\Eset\nod32kui.exe" /WAITSERVICE

O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - F:\FlashGet\jc_link.htm

O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - F:\FlashGet\jc_all.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://F:\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\FlashGet\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: f:\spyware doctor\filterlsp.dll

O10 - Unknown file in Winsock LSP: f:\spyware doctor\filterlsp.dll

O10 - Unknown file in Winsock LSP: f:\spyware doctor\filterlsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll

O10 - Unknown file in Winsock LSP: f:\spyware doctor\filterlsp.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{CF991D7C-8CED-44E2-954D-378D545D64AF}: NameServer = 194.204.152.34,194.204.159.1

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: NBService - Nero AG - F:\Nero 7\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - F:\Eset\nod32krn.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - F:\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - F:\Spyware Doctor\swdsvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

(Joan Sunshine) #2

zafixuj, wklej loga z Silenta, gdzie są wykrywane te infekcje?

Skan AVG AntySpyware 7.5 po update, wklej raport.


(Creativetm) #3

Adaware, spybot, AVG..

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"ZoneAlarm Client" = ""F:\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]

"ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay" [null data]

"nod32kui" = ""F:\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]


HKLM\Software\Microsoft\Active Setup\Installed Components\

>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer"

                                        \StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = "flashget urlcatch"

  -> {HKLM...CLSID} = "Flashget Catch Url Class"

                   \InProcServer32\(Default) = "F:\FlashGet\jccatch.dll" ["www.flashget.com"]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "F:\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

{F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "FlashGet GetFlash Class"

                   \InProcServer32\(Default) = "F:\FlashGet\getflash.dll" ["www.flashget.com"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

  -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

  -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

  -> {HKLM...CLSID} = "Microsoft Office Outlook"

                   \InProcServer32\(Default) = "F:\MICROS~1\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

                   \InProcServer32\(Default) = "F:\MICROS~1\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "F:\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"

  -> {HKLM...CLSID} = "SimpleShlExt Class"

                   \InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]

"{35B71255-B673-41E8-8FCC-973C0B5CB822}" = "Zero File"

  -> {HKLM...CLSID} = "Zero File"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\ZeroFile.dll" ["Developed by Gaidin"]

"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"

  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

                   \InProcServer32\(Default) = "F:\Eset\nodshex.dll" [null data]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"

  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

                   \InProcServer32\(Default) = "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]


HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

  -> {HKLM...CLSID} = "WPDShServiceObj Class"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]


HKLM\System\CurrentControlSet\Control\Session Manager\

<> "BootExecute" = "autocheck autochk *"| [file not found]| [file not found]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]


HKLM\Software\Classes\PROTOCOLS\Filter\

<> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"

  -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

  -> {HKLM...CLSID} = "CContextScan Object"

                   \InProcServer32\(Default) = "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

MyPhoneExplorer\(Default) = "{2D30AAA2-9084-4686-B8B9-B9B62EEFFD4E}"

  -> {HKLM...CLSID} = "MyPhoneExplorer_ShellEx.ShellExt"

                   \InProcServer32\(Default) = "F:\MyPhoneExplorer\DLL\ShellMgr.dll" ["F.J. Wechselberger"]

NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

                   \InProcServer32\(Default) = "F:\Eset\nodshex.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Zero File\(Default) = "{35B71255-B673-41E8-8FCC-973C0B5CB822}"

  -> {HKLM...CLSID} = "Zero File"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\ZeroFile.dll" ["Developed by Gaidin"]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

  -> {HKLM...CLSID} = "CContextScan Object"

                   \InProcServer32\(Default) = "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

                   \InProcServer32\(Default) = "F:\Eset\nodshex.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------


Note: detected settings may not have any effect.


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\


"NoSaveSettings" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Desktop|

Don't save settings at exit}


"ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\


"NoRemoteRecursiveEvents" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"DisableRegistryTools" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|System|

Prevent access to registry editing tools}


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 26

F:\Spyware Doctor\FilterLSP.dll [null data], 06 - 08, 19

C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll ["PC Tools Research Pty Ltd."], 09 - 11, 18

%SystemRoot%\system32\mswsock.dll [MS], 12 - 14, 17, 20 - 25

%SystemRoot%\system32\rsvpsp.dll [MS], 15 - 16



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet"

  -> {HKLM...CLSID} = "FlashGet"

                   \InProcServer32\(Default) = "F:\FlashGet\fgiebar.dll" ["Amaze Soft"]

"{D2F8F919-690B-4EA2-9FA7-A203D1E04F75}" = (no title provided)

  -> {HKLM...CLSID} = "StylerToolBar"

                   \InProcServer32\(Default) = "C:\Program Files\Styler\TB\StylerTB.dll" ["StyleFantasist"]


Explorer Bars


HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\


HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "F:\MICROS~1\OFFICE11\REFIEBAR.DLL" [MS]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}"


{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Badanie"


{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\

"ButtonText" = "FlashGet"

"MenuText" = "FlashGet"

"Exec" = "F:\FlashGet\flashget.exe" ["FlashGet.com"]


{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]

AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]

Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\System32\CTsvcCDA.exe" ["Creative Technology Ltd"]

Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]

NOD32 Kernel Service, NOD32krn, ""F:\Eset\nod32krn.exe"" ["Eset "]

TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]

WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\System32\MsPMSPSv.exe" [MS]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]



----------

<>: Suspicious data at a malware launch point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 32 seconds.

---------- (total run time: 85 seconds)

Dzisiaj skonowałem już wielokrotnie AVG. Prosisz o raport z tego progsa?


(Joan Sunshine) #4

tak, daj ten raport bo chcę zobaczyć konkretne ścieżki do syfów, w logach nic nie masz więc bez tego nie ruszymy :slight_smile:

Otwórz notatnik i wklej w nim to:

Plik -> zapisz jako -> zmień rozszerzenie na wszystkie pliki -> zapisz pod nazwą FIX.REG

Odpal plik FIX.REG i potwierdź dodanie do rejestru i reset kompa :slight_smile:


(Creativetm) #5

Proszę:

FIX rejestru też wykonałem.


(adam9870) #6

Program AVG Anti-Spyware nie wykrył nic groźnego, a jedynie ciasteczka. Są one całkowicie niegroźne i możesz je usunąć, jednak po usunięciu ich możesz stracić np. autologowanie na forach i będziesz musiał je ustawiać od nowa.


(Creativetm) #7

Tak, wiem to doskonale. Zdaje mi się, że wszelkie robaki, wirusy, etc. już usunąłem. Problem pozostaje z animacjami.. wszystko milczy. Starałem się na wszystkie sposoby zapobiec problemowi: Java, shockwave itp.. ale dalej nic.


(Andrmus) #8

Miałem ostatnio ten sam problem. Sprawdź ustawienia firewall'a, gdyż to on może blokować animacje na stronach tak jest w przypadku np.: Zone Alarm Pro. Aby odblokować w tym programie wchodzisz w zakładkę "Privacy" i wyłączasz " Ad Bloking"; badź też w zakładce "custom" możesz oblokowac tylko animacje.