TA STRONA UŻYWA COOKIE. Dowiedz się więcej o celu ich używania i zmianie ustawień cookie w przeglądarce. Korzystając ze strony wyrażasz zgodę na używanie cookie, zgodnie z aktualnymi ustawieniami przeglądarki.
Od dnia 25.05.2018 r. na terenie Unii Europejskiej wchodzi w życie Rozporządzenie Parlamentu Europejskiego w sprawie ochrony danych osobowych. Prosimy o zapoznanie się z polityką prywatności oraz regulaminem serwisu  [X]

Prośba o srawdzenie logów

Tematyka związana z produktami firmy Microsoft.
Wyślij odpowiedź

Prośba o srawdzenie logów

Postprzez Bozz » 27 Gru 2006, 15:30

PostUA:

Coś ostatnio mi kompa muli... Może to jakieś smieci wiec daje logi:

Hijacthis

Logfile of HijackThis v1.99.1
Scan saved at 14:20:43, on 2006-12-27
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:WINDOWSExplorer.EXE
C:Program FilesEset
od32kui.exe
C:Program FilescFosSpeedcFosSpeed.exe
C:WINDOWSATKKBService.exe
C:Program FilescFosSpeedspd.exe
C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe
C:Program FilesEset
od32krn.exe
C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe
C:WINDOWSsystem32
vsvc32.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCanonCALCALMAIN.exe
C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32wuauclt.exe
C:DOCUME~1
nvUSTAWI~1Tempupdate.tmp
C:Program FilesGadu-Gadugg.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Documents and Settings
nvMoje dokumentyDawidProgramyDo log'ówHijack ThishijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nod32kui] "C:Program FilesEset
od32kui.exe" /WAITSERVICE
O4 - HKLM..Run: [cFosSpeed] C:Program FilescFosSpeedcFosSpeed.exe
O4 - HKLM..Run: [MSConfig] C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto
O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O8 - Extra context menu item: Download All by FlashGet - C:Program FilesFlashGetjc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:Program FilesFlashGetjc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:PROGRA~1MICROS~2Office12GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:Program FilesCommon FilesMicrosoft SharedHelphxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:PROGRA~1COMMON~1MICROS~1OFFICE12MSOXMLMF.DLL
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:WINDOWSATKKBService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:Program FilesCanonCALCALMAIN.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:Program FilescFosSpeedspd.exe" -service (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:Program FilesMcAfeeCommon FrameworkFrameworkService.exe" /ServiceStart (file missing)
O23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:Program FilesEset
od32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32
vsvc32.exe


Silent

"Silent Runners.vbs", revision 48, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun {++}
"Gadu-Gadu" = ""C:Program FilesGadu-Gadugg.exe" /tray" ["Gadu-Gadu S.A."]
"ctfmon.exe" = "C:WINDOWSsystem32ctfmon.exe" [MS]

HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun {++}
"NvCplDaemon" = "RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup" [MS]
"nod32kui" = ""C:Program FilesEset
od32kui.exe" /WAITSERVICE" ["Eset "]
"cFosSpeed" = "C:Program FilescFosSpeedcFosSpeed.exe" ["cFos Software GmbH"]
"MSConfig" = "C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto" [MS]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}(Default) = (no title provided)
-> {HKLM...CLSID} = "Megaupload Toolbar"
InProcServer32(Default) = "C:PROGRA~1MEGAUP~1MEGAUP~1.DLL" ["MegaUpload"]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}(Default) = (no title provided)
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
InProcServer32(Default) = "C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL" [MS]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
InProcServer32(Default) = "*h" (unwritable string) [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
InProcServer32(Default) = "C:WINDOWSsystem32
vcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
InProcServer32(Default) = "C:WINDOWSsystem32
vcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
InProcServer32(Default) = "C:WINDOWSsystem32
vshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:WINDOWSsystem32
vshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
InProcServer32(Default) = "C:WINDOWSsystem32
vshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRAR arext.dll" [null data]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
InProcServer32(Default) = "C:WINDOWSsystem32Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
InProcServer32(Default) = "C:WINDOWSsystem32Audiodev.dll" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
InProcServer32(Default) = "C:WINDOWSsystem32rowseui.dll" [MS]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
InProcServer32(Default) = "C:Program FilesEset
odshex.dll" [null data]
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
InProcServer32(Default) = "C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL" [MS]
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"
-> {HKLM...CLSID} = "Groove Folder Synchronization"
InProcServer32(Default) = "C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL" [MS]
"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"
-> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"
InProcServer32(Default) = "C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL" [MS]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
InProcServer32(Default) = "C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL" [MS]
"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
InProcServer32(Default) = "C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL" [MS]
"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"
-> {HKLM...CLSID} = "Groove XML Icon Handler"
InProcServer32(Default) = "C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL" [MS]
"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
InProcServer32(Default) = "C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL" [MS]
"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
InProcServer32(Default) = "C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL" [MS]
"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
InProcServer32(Default) = "C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL" [MS]
"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
InProcServer32(Default) = "C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL" [MS]
"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
InProcServer32(Default) = "C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
InProcServer32(Default) = "C:PROGRA~1MICROS~2Office12OLKFSTUB.DLL" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
InProcServer32(Default) = "C:PROGRA~1MICROS~2Office12MLSHEXT.DLL" [MS]
"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
InProcServer32(Default) = "C:PROGRA~1MICROS~2Office12ONFILTER.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:Program FilesMicrosoft OfficeOffice12msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
InProcServer32(Default) = "C:PROGRA~1COMMON~1MICROS~1OFFICE12msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
InProcServer32(Default) = "C:PROGRA~1COMMON~1MICROS~1OFFICE12msoshext.dll" [MS]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks
INFECTION WARNING! "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
InProcServer32(Default) = "C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL" [MS]

HKLMSoftwareClassesPROTOCOLSFilter
INFECTION WARNING! text/xmlCLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
InProcServer32(Default) = "C:PROGRA~1COMMON~1MICROS~1OFFICE12MSOXMLMF.DLL" [MS]

HKLMSoftwareClassesFoldershellexColumnHandlers
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."]

HKLMSoftwareClasses*shellexContextMenuHandlers
NOD32 Context Menu Shell Extension(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
InProcServer32(Default) = "C:Program FilesEset
odshex.dll" [null data]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRAR arext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
InProcServer32(Default) = "C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL" [MS]

HKLMSoftwareClassesDirectoryshellexContextMenuHandlers
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRAR arext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
InProcServer32(Default) = "C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL" [MS]

HKLMSoftwareClassesFoldershellexContextMenuHandlers
NOD32 Context Menu Shell Extension(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
InProcServer32(Default) = "C:Program FilesEset
odshex.dll" [null data]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRAR arext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
InProcServer32(Default) = "C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL" [MS]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState

HKCUControl PanelDesktop
"Wallpaper" = "C:Documents and Settings
nvUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCUControl PanelDesktop
"SCRNSAVE.EXE" = "C:WINDOWSsystem32logon.scr" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

Transport Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:WINDOWSsystem32imon.dll ["Eset "], 01 - 05, 17
%SystemRoot%system32mswsock.dll [MS], 06 - 08, 11 - 16
%SystemRoot%system32 svpsp.dll [MS], 09 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser
"{B7D3E479-CC68-42B5-A338-938ECE35F419}"
-> {HKLM...CLSID} = "BearShare MediaBar"
InProcServer32(Default) = "*o" (unwritable string) [file not found]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}"
-> {HKLM...CLSID} = "Megaupload Toolbar"
InProcServer32(Default) = "C:PROGRA~1MEGAUP~1MEGAUP~1.DLL" ["MegaUpload"]

HKLMSoftwareMicrosoftInternet ExplorerToolbar
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = (no title provided)
-> {HKLM...CLSID} = "Megaupload Toolbar"
InProcServer32(Default) = "C:PROGRA~1MEGAUP~1MEGAUP~1.DLL" ["MegaUpload"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLMSoftwareMicrosoftInternet ExplorerExtensions
{2670000A-7350-4F3C-8081-5663EE0C6C49}
"ButtonText" = "Wyślij do programu OneNote"
"MenuText" = "Wyślij &do programu OneNote"
"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"
-> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"
InProcServer32(Default) = "C:PROGRA~1MICROS~2Office12ONBttnIE.dll" [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}
"ButtonText" = "Research"

{9819CC0E-9669-4D01-9CD7-2C66DA43AC6C}

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "C:PROGRA~1FlashGetflashget.exe" [file not found]

{FB5F1910-F110-11D2-BB9E-00C04F795683}
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:Program FilesMessengermsmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

ATK Keyboard Service, ATKKeyboardService, "C:WINDOWSATKKBService.exe" ["ASUSTeK COMPUTER INC."]
Canon Camera Access Library 8, CCALib8, "C:Program FilesCanonCALCALMAIN.exe" ["Canon Inc."]
cFosSpeed System Service, cFosSpeedS, ""C:Program FilescFosSpeedspd.exe" -service" ["cFos Software GmbH"]
LexBce Server, LexBceS, "C:WINDOWSsystem32LEXBCES.EXE" ["Lexmark International, Inc."]
NOD32 Kernel Service, NOD32krn, ""C:Program FilesEset
od32krn.exe"" ["Eset "]
NVIDIA Display Driver Service, NVSvc, "C:WINDOWSsystem32
vsvc32.exe" ["NVIDIA Corporation"]
Sunbelt Kerio Personal Firewall 4, KPF4, ""C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe"" ["Sunbelt Software"]
Windows User Mode Driver Framework, UMWdf, "C:WINDOWSsystem32wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLMSystemCurrentControlSetControlPrintMonitors
Lexmark Network PortDriver = "LEXLMPM.DLL" ["Lexmark International, Inc."]
Send To Microsoft OneNote MonitorDriver = "msonpmon.dll" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 365 seconds, including 5 seconds for message boxes)

Jak tu nic nie bedzie to zarzuce z GMER'a
Awatar użytkownika
Bozz
Moderator
Moderator
 
Posty: 2862
Dołączenie: 21 Sie 2006, 14:08
Miejscowość: 49°54' N 21°03' E
Pochwały: 20
Góra

Postprzez pp3088 » 27 Gru 2006, 15:34

PostUA:

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
'

Tylko to.

Poprosze o Gemra, L2Mfix i Combofix.
Awatar użytkownika
pp3088
Aktywny w piśmie
Aktywny w piśmie
 
Posty: 999
Dołączenie: 11 Sie 2006, 23:59
Miejscowość: Szczecin
Góra

Postprzez Bozz » 27 Gru 2006, 15:48

PostUA:

Mam te wszystkie programy ale za bardzo nieiwem jak zrobic logi :roll:

Pomoże ktoś? :>
Awatar użytkownika
Bozz
Moderator
Moderator
 
Posty: 2862
Dołączenie: 21 Sie 2006, 14:08
Miejscowość: 49°54' N 21°03' E
Pochwały: 20
Góra

Postprzez Arexe » 29 Gru 2006, 11:31

PostUA:

Bozz'' napisał(a):Mam te wszystkie programy ale za bardzo nieiwem jak zrobic logi :roll:

Pomoże ktoś? :>


Z L2MFIXa to włączasz go i uruchamia się w cmd.exe naciskasz byle jaki klawisz i potem naciskasz 1 i kopiujesz raport :razz:
Z gmera to pewnie chodzi pp3088 o to
- Rootkit >>> Szukaj >>> Kopiuj >>> CTRL+V do Notatnika
- Rootkit >>> zaznaczyć tylko Usługi >>> zaznaczyć Pokaż wszystko >>> Szukaj >>> Kopiuj >>> CTRL+V do Notatnika


Z combofixa nie korzystałem
Awatar użytkownika
Arexe
Postujący
Postujący
 
Posty: 326
Dołączenie: 08 Kwi 2006, 10:19
Pochwały: 3
Góra

Postprzez pp3088 » 29 Gru 2006, 12:29

PostUA:

Arexe napisał(a):
Bozz'' napisał(a):Mam te wszystkie programy ale za bardzo nieiwem jak zrobic logi :roll:

Pomoże ktoś? :>


Z L2MFIXa to włączasz go i uruchamia się w cmd.exe naciskasz byle jaki klawisz i potem naciskasz 1 i kopiujesz raport :razz:
Z gmera to pewnie chodzi pp3088 o to
- Rootkit >>> Szukaj >>> Kopiuj >>> CTRL+V do Notatnika
- Rootkit >>> zaznaczyć tylko Usługi >>> zaznaczyć Pokaż wszystko >>> Szukaj >>> Kopiuj >>> CTRL+V do Notatnika


Z combofixa nie korzystałem


Logi już zrobione :)

P.S. Combofix podbnie do L2Mfixa.
Awatar użytkownika
pp3088
Aktywny w piśmie
Aktywny w piśmie
 
Posty: 999
Dołączenie: 11 Sie 2006, 23:59
Miejscowość: Szczecin
Góra
Wyślij odpowiedź

Powróć do Microsoft Windows

Kto jest na forum

Zarejestrowani użytkownicy: Bing [Bot]

Switch to mobile style
Technologię dostarcza phpBB® Forum Software © phpBB Group
Profesjonalne polskie tłumaczenie phpBB3
Korzystanie z forum oznacza akceptację polityki prywatności
cron