tpalarczyk Opublikowano 13 Listopada 2006 Zgłoś Opublikowano 13 Listopada 2006 (edytowane) Taki jestem mądry, taki dobry a sam sobie zainstalowałem ścierwo :( Teraz pokazuje mi się w trayu komunikacik "Critical system errors", po kliknieciu chcialo zaladowac strone "http://www.virusbursters.com/?aff=334" - niech ktoś tam przypadkiem nie wchodzi!!! Dodaję logi z najpopularniejszych programów i czekam na ratunek! Logfile of HijackThis v1.99.1 Scan saved at 20:24:48, on 2006-11-13 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe D:\PROGRAMY\Avast4\aswUpdSv.exe D:\PROGRAMY\Avast4\ashServ.exe D:\PROGRAMY\IVT Corporation\BlueSoleil\BTNtService.exe D:\PROGRAMY\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe D:\PROGRAMY\Zone Labs\ZoneAlarm\zlclient.exe D:\PROGRAMY\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\RUNDLL32.EXE D:\PROGRAMY\RivaTuner v2.0 RC 15.8\RivaTuner.exe D:\PROGRAMY\Avast4\ashDisp.exe D:\PROGRAMY\Acronis\TrueImage\TrueImageMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe D:\PROGRAMY\DAEMON Tools\daemon.exe D:\PROGRAMY\tlen\tlen.exe D:\PROGRAMY\NetMeter\NetMeter.exe D:\PROGRAMY\LMPC3\lockpc.exe D:\PROGRAMY\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wscntfy.exe D:\PROGRAMY\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe D:\PROGRAMY\opera web browser\Opera.exe E:\DOKUMENTY\Pulpit\HACKING\ProcessExplorerNt\procexp.exe D:\PROGRAMY\winamp 5.18\winamp.exe C:\WINDOWS\system32\NOTEPAD.EXE J:\PROGRAMY\net\bezpieczeństwo w sieci\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.zonelabs.com/downloadrequest...eqId=1033852230 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\PROGRAMY\adobe reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\PROGRAMY\Java\jre1.5.0_07\bin\ssv.dll O4 - HKLM\..\Run: [Zone Labs Client] "D:\PROGRAMY\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\PROGRAMY\RivaTuner v2.0 RC 15.8\RivaTuner.exe" /S O4 - HKLM\..\Run: [RivaTuner] "D:\PROGRAMY\RivaTuner v2.0 RC 15.8\RivaTuner.exe" /T O4 - HKLM\..\Run: [avast!] D:\PROGRAMY\Avast4\ashDisp.exe O4 - HKLM\..\Run: [DiskeeperSystray] "D:\PROGRAMY\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\VIPv3\VIPhd\vsdrv.exe O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\PROGRAMY\Acronis\TrueImage\TrueImageMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [DAEMON Tools] "D:\PROGRAMY\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Komunikator] D:\PROGRAMY\tlen\tlen.exe O4 - HKCU\..\Run: [NetMeter.exe] D:\PROGRAMY\NetMeter\NetMeter.exe O4 - HKCU\..\Run: [Lock My PC] D:\PROGRAMY\LMPC3\lockpc.exe /s O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - D:\PROGRAMY\FlashGet\jc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - D:\PROGRAMY\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\PROGRAMY\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\PROGRAMY\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\PROGRAMY\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - D:\PROGRAMY\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:\PROGRAMY\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:\PROGRAMY\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\PROGRAMY\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Diskeeper - Diskeeper Corporation - D:\PROGRAMY\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\PROGRAMY\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe "Silent Runners.vbs", revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Komunikator" = "D:\PROGRAMY\tlen\tlen.exe" ["o2.pl Sp. z o.o."] "NetMeter.exe" = "D:\PROGRAMY\NetMeter\NetMeter.exe" [null data] "Lock My PC" = "D:\PROGRAMY\LMPC3\lockpc.exe /s" ["FSPro Labs"] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Zone Labs Client" = ""D:\PROGRAMY\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "RivaTunerStartupDaemon" = ""D:\PROGRAMY\RivaTuner v2.0 RC 15.8\RivaTuner.exe" /S" [empty string] "RivaTuner" = ""D:\PROGRAMY\RivaTuner v2.0 RC 15.8\RivaTuner.exe" /T" [empty string] "avast!" = "D:\PROGRAMY\Avast4\ashDisp.exe" [null data] "DiskeeperSystray" = ""D:\PROGRAMY\Diskeeper Corporation\Diskeeper\DkIcon.exe"" ["Diskeeper Corporation"] "Vistadrv" = "C:\WINDOWS\VIPv3\VIPhd\vsdrv.exe" [null data] "TrueImageMonitor.exe" = "D:\PROGRAMY\Acronis\TrueImage\TrueImageMonitor.exe" ["Acronis"] "Acronis Scheduler2 Service" = ""C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"" ["Acronis"] "DAEMON Tools" = ""D:\PROGRAMY\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "D:\PROGRAMY\adobe reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "D:\PROGRAMY\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "D:\PROGRAMY\ALCOHO~1\ALCOHO~1\axshlex.dll" ["Alcohol Soft Development Team"] "{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Unbind" -> {HKLM...CLSID} = "Microsoft Office Binder Unbind" \InProcServer32\(Default) = "D:\PROGRAMY\MICROS~2\Office\1045\UNBIND.DLL" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\PROGRAMY\WinRAR\rarext.dll" [null data] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "D:\PROGRAMY\ACE Mega CoDecS Pack\SystemS\RealMedia\rpshell.dll" ["RealNetworks, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "D:\PROGRAMY\Avast4\ashShell.dll" ["ALWIL Software"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ <<!>> "{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}" = "bonspells" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\okkmtv.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "D:\PROGRAMY\adobe reader\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "D:\PROGRAMY\Avast4\ashShell.dll" ["ALWIL Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\PROGRAMY\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\PROGRAMY\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "D:\PROGRAMY\Avast4\ashShell.dll" ["ALWIL Software"] FineReader8\(Default) = "{F7091C74-EBB1-49D7-94C7-FE4886CCC18D}" -> {HKLM...CLSID} = "FineReader8ExplorerContextMenuHandler" \InProcServer32\(Default) = "D:\PROGRAMY\ABBYY FineReader 8.0 Professional Edition\FECMenu.dll" ["ABBYY Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\PROGRAMY\WinRAR\rarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\tosemja\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in" \InProcServer32\(Default) = "D:\PROGRAMY\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_07" \InProcServer32\(Default) = "D:\PROGRAMY\Java\jre1.5.0_07\bin\npjpi150_07.dll" ["Sun Microsystems, Inc."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Acronis Scheduler2 Service, AcrSch2Svc, ""C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe"" ["Acronis"] avast! Antivirus, avast! Antivirus, ""D:\PROGRAMY\Avast4\ashServ.exe"" [null data] avast! iAVS4 Control Service, aswUpdSv, ""D:\PROGRAMY\Avast4\aswUpdSv.exe"" [null data] avast! Mail Scanner, avast! Mail Scanner, ""D:\PROGRAMY\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""D:\PROGRAMY\Avast4\ashWebSv.exe" /service" ["ALWIL Software"] BlueSoleil Hid Service, BlueSoleil Hid Service, "D:\PROGRAMY\IVT Corporation\BlueSoleil\BTNtService.exe" [null data] Diskeeper, Diskeeper, ""D:\PROGRAMY\Diskeeper Corporation\Diskeeper\DkService.exe"" ["Diskeeper Corporation"] Karta wydajności WMI, WmiApSrv, "C:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] StarWind iSCSI Service, StarWindService, "D:\PROGRAMY\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"] TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"] Ulead Burning Helper, UleadBurningHelper, "C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."] Keyboard Driver Filters: ------------------------ HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\ "UpperFilters" = <<!>> "lmpc2" ["FSPro Labs"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ LIDIL Language Monitor\Driver = "hpzll3xu.dll" ["Hewlett-Packard Company"] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 59 seconds, including 18 seconds for message boxes) Rozwiązeniem problemu było zastosowanie programu "SmitfraudFix", jest świetny. Pozdrawiam! Edytowane 13 Listopada 2006 przez tpalarczyk Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
Kolobos Opublikowano 13 Listopada 2006 Zgłoś Opublikowano 13 Listopada 2006 Przeskanuj system przy pomocy ewido. Uzyj tez: http://siri.urz.free.fr/Fix/SmitfraudFix_En.php robisz to co masz napisane pod "Clean", po uzyciu utworzy sie log, ktory wklej na forum. W hjt usun: R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.zonelabs.com/downloadrequest...eqId=1033852230 O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file) W Silent masz to, ale SmitfraudFix to usunie automatycznie: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ <<!>> "{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}" = "bonspells" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\okkmtv.dll" [null data] Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
tpalarczyk Opublikowano 13 Listopada 2006 Zgłoś Opublikowano 13 Listopada 2006 (edytowane) W hjt usun: R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.zonelabs.com/downloadrequest...eqId=1033852230 A to nie jest czasem update definicji zone alarm? SmitFraudFix v2.120 Scan done at 21:34:50,96, 2006-11-13 Run from J:\PROGRAMY\net\bezpieczeästwo w sieci\SmitfraudFix OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}"="bonspells" [HKEY_CLASSES_ROOT\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32] @="C:\WINDOWS\system32\okkmtv.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32] @="C:\WINDOWS\system32\okkmtv.dll" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri C:\WINDOWS\system32\okkmtv.dll -> Hoax.Win32.Renos.gen.i C:\WINDOWS\system32\okkmtv.dll -> Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files D:\PROGRAMY\QualityCodec\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Logfile of HijackThis v1.99.1 Scan saved at 00:02:25, on 2006-11-14 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe D:\PROGRAMY\Avast4\aswUpdSv.exe D:\PROGRAMY\Zone Labs\ZoneAlarm\zlclient.exe D:\PROGRAMY\Avast4\ashServ.exe C:\WINDOWS\system32\RUNDLL32.EXE D:\PROGRAMY\RivaTuner v2.0 RC 15.8\RivaTuner.exe D:\PROGRAMY\Avast4\ashDisp.exe D:\PROGRAMY\IVT Corporation\BlueSoleil\BTNtService.exe D:\PROGRAMY\Acronis\TrueImage\TrueImageMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe D:\PROGRAMY\Diskeeper Corporation\Diskeeper\DkService.exe D:\PROGRAMY\DAEMON Tools\daemon.exe D:\PROGRAMY\tlen\tlen.exe D:\PROGRAMY\NetMeter\NetMeter.exe D:\PROGRAMY\LMPC3\lockpc.exe C:\WINDOWS\system32\nvsvc32.exe D:\PROGRAMY\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\wscntfy.exe D:\PROGRAMY\Avast4\ashMaiSv.exe D:\PROGRAMY\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe D:\PROGRAMY\opera web browser\Opera.exe D:\PROGRAMY\The Bat!\thebat.exe J:\PROGRAMY\net\bezpieczeństwo w sieci\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.zonelabs.com/downloadrequest...eqId=1033852230 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\PROGRAMY\adobe reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\PROGRAMY\Java\jre1.5.0_07\bin\ssv.dll O4 - HKLM\..\Run: [Zone Labs Client] "D:\PROGRAMY\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\PROGRAMY\RivaTuner v2.0 RC 15.8\RivaTuner.exe" /S O4 - HKLM\..\Run: [RivaTuner] "D:\PROGRAMY\RivaTuner v2.0 RC 15.8\RivaTuner.exe" /T O4 - HKLM\..\Run: [avast!] D:\PROGRAMY\Avast4\ashDisp.exe O4 - HKLM\..\Run: [DiskeeperSystray] "D:\PROGRAMY\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\VIPv3\VIPhd\vsdrv.exe O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\PROGRAMY\Acronis\TrueImage\TrueImageMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [DAEMON Tools] "D:\PROGRAMY\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Komunikator] D:\PROGRAMY\tlen\tlen.exe O4 - HKCU\..\Run: [NetMeter.exe] D:\PROGRAMY\NetMeter\NetMeter.exe O4 - HKCU\..\Run: [Lock My PC] D:\PROGRAMY\LMPC3\lockpc.exe /s O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - D:\PROGRAMY\FlashGet\jc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - D:\PROGRAMY\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\PROGRAMY\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\PROGRAMY\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\PROGRAMY\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - D:\PROGRAMY\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:\PROGRAMY\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:\PROGRAMY\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\PROGRAMY\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Diskeeper - Diskeeper Corporation - D:\PROGRAMY\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\PROGRAMY\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe "Silent Runners.vbs", revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Komunikator" = "D:\PROGRAMY\tlen\tlen.exe" ["o2.pl Sp. z o.o."] "NetMeter.exe" = "D:\PROGRAMY\NetMeter\NetMeter.exe" [null data] "Lock My PC" = "D:\PROGRAMY\LMPC3\lockpc.exe /s" ["FSPro Labs"] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Zone Labs Client" = ""D:\PROGRAMY\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "RivaTunerStartupDaemon" = ""D:\PROGRAMY\RivaTuner v2.0 RC 15.8\RivaTuner.exe" /S" [empty string] "RivaTuner" = ""D:\PROGRAMY\RivaTuner v2.0 RC 15.8\RivaTuner.exe" /T" [empty string] "avast!" = "D:\PROGRAMY\Avast4\ashDisp.exe" [null data] "DiskeeperSystray" = ""D:\PROGRAMY\Diskeeper Corporation\Diskeeper\DkIcon.exe"" ["Diskeeper Corporation"] "Vistadrv" = "C:\WINDOWS\VIPv3\VIPhd\vsdrv.exe" [null data] "TrueImageMonitor.exe" = "D:\PROGRAMY\Acronis\TrueImage\TrueImageMonitor.exe" ["Acronis"] "Acronis Scheduler2 Service" = ""C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"" ["Acronis"] "DAEMON Tools" = ""D:\PROGRAMY\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "D:\PROGRAMY\adobe reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "D:\PROGRAMY\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "D:\PROGRAMY\ALCOHO~1\ALCOHO~1\axshlex.dll" ["Alcohol Soft Development Team"] "{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Unbind" -> {HKLM...CLSID} = "Microsoft Office Binder Unbind" \InProcServer32\(Default) = "D:\PROGRAMY\MICROS~2\Office\1045\UNBIND.DLL" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\PROGRAMY\WinRAR\rarext.dll" [null data] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "D:\PROGRAMY\ACE Mega CoDecS Pack\SystemS\RealMedia\rpshell.dll" ["RealNetworks, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "D:\PROGRAMY\Avast4\ashShell.dll" ["ALWIL Software"] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "D:\PROGRAMY\adobe reader\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "D:\PROGRAMY\Avast4\ashShell.dll" ["ALWIL Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\PROGRAMY\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\PROGRAMY\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "D:\PROGRAMY\Avast4\ashShell.dll" ["ALWIL Software"] FineReader8\(Default) = "{F7091C74-EBB1-49D7-94C7-FE4886CCC18D}" -> {HKLM...CLSID} = "FineReader8ExplorerContextMenuHandler" \InProcServer32\(Default) = "D:\PROGRAMY\ABBYY FineReader 8.0 Professional Edition\FECMenu.dll" ["ABBYY Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\PROGRAMY\WinRAR\rarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in" \InProcServer32\(Default) = "D:\PROGRAMY\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_07" \InProcServer32\(Default) = "D:\PROGRAMY\Java\jre1.5.0_07\bin\npjpi150_07.dll" ["Sun Microsystems, Inc."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Acronis Scheduler2 Service, AcrSch2Svc, ""C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe"" ["Acronis"] avast! Antivirus, avast! Antivirus, ""D:\PROGRAMY\Avast4\ashServ.exe"" [null data] avast! iAVS4 Control Service, aswUpdSv, ""D:\PROGRAMY\Avast4\aswUpdSv.exe"" [null data] avast! Mail Scanner, avast! Mail Scanner, ""D:\PROGRAMY\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""D:\PROGRAMY\Avast4\ashWebSv.exe" /service" ["ALWIL Software"] BlueSoleil Hid Service, BlueSoleil Hid Service, "D:\PROGRAMY\IVT Corporation\BlueSoleil\BTNtService.exe" [null data] Diskeeper, Diskeeper, ""D:\PROGRAMY\Diskeeper Corporation\Diskeeper\DkService.exe"" ["Diskeeper Corporation"] Karta wydajności WMI, WmiApSrv, "C:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] StarWind iSCSI Service, StarWindService, "D:\PROGRAMY\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"] TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"] Ulead Burning Helper, UleadBurningHelper, "C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."] Keyboard Driver Filters: ------------------------ HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\ "UpperFilters" = <<!>> "lmpc2" ["FSPro Labs"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ LIDIL Language Monitor\Driver = "hpzll3xu.dll" ["Hewlett-Packard Company"] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 118 seconds. ---------- (total run time: 157 seconds) Edytowane 13 Listopada 2006 przez tpalarczyk Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
Kolobos Opublikowano 14 Listopada 2006 Zgłoś Opublikowano 14 Listopada 2006 Nie jest. Nowe logi nie sa potrzebne, prosilem tylko o log z smit. Wszystko juz jest ok. Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
tpalarczyk Opublikowano 14 Listopada 2006 Zgłoś Opublikowano 14 Listopada 2006 Nie jest. Nowe logi nie sa potrzebne, prosilem tylko o log z smit. Wszystko juz jest ok. To dobrze, dzięki za pomoc ;) Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
