Dodaj do ulubionych

System Security Center

IP: 80.50.74.* 05.02.07, 10:27
Witam

Mam taki problem w panelu sterowania pojawiło mi się "System Security Center"
dodatkowo obok zegara pojawia się komunikat w stylu: oprogramowanie
antywirusowe jest wyłączone - jak sie tego pozbyć?
Przeglądałem forum i nie widze nigdzie takiego wątku. Jesli moze ktoś pomóc to
bede bardzo wdzięczny.
Obserwuj wątek
    • Gość: Kolobos Re: System Security Center IP: *.escom.net.pl 05.02.07, 10:31
      Wklej log z hijackthis.

      > dodatkowo obok zegara pojawia się komunikat w stylu: oprogramowanie
      > antywirusowe jest wyłączone - jak sie tego pozbyć?

      Klikasz na ikone, wybierasz zmien sposob informowania... i tam odznaczasz.
      • Gość: jaku Re: System Security Center IP: 80.50.74.* 05.02.07, 10:38
        Momencik: To nie jest Security Center. To jest obok i nazywa się System
        Security Center... Jest to coś co się zainstalowało przypadkiem...
        • Gość: Kolobos Re: System Security Center IP: *.escom.net.pl 05.02.07, 11:03
          Wkleisz w koncu ten log?
          • Gość: jaku Re: System Security Center IP: 80.50.74.* 05.02.07, 15:00
            Logfile of HijackThis v1.99.1
            Scan saved at 14:56:49, on 2007/02/05
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v7.00 (7.00.5730.0011)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\csrss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
            C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
            C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
            C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
            C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
            C:\Program Files\Symantec AntiVirus\DefWatch.exe
            C:\WINDOWS\eHome\ehRecvr.exe
            C:\WINDOWS\eHome\ehSched.exe
            C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
            C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
            C:\WINDOWS\system32\nvsvc32.exe
            C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Symantec AntiVirus\Rtvscan.exe
            C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
            C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
            C:\Program Files\Common Files\Sony Shared\VAIO Entertainment
            Platform\VzCdb\VzCdbSvc.exe
            C:\Program Files\Inventel\Gateway\wlancfg.exe
            C:\WINDOWS\ehome\mcrdsvc.exe
            C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
            C:\WINDOWS\system32\dllhost.exe
            C:\WINDOWS\System32\alg.exe
            C:\WINDOWS\Explorer.EXE
            C:\Program Files\Apoint\Apoint.exe
            C:\WINDOWS\ehome\ehtray.exe
            C:\WINDOWS\system32\ICO.EXE
            C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
            C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
            C:\Program Files\Sony\ISB Utility\ISBMgr.exe
            C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
            C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
            C:\WINDOWS\eHome\ehmsas.exe
            C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
            C:\Program Files\Common Files\Real\Update_OB\realsched.exe
            C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
            C:\WINDOWS\system32\hynurazy.exe
            C:\WINDOWS\system32\isc_ui.exe
            C:\Program Files\Common Files\Symantec Shared\ccApp.exe
            C:\PROGRA~1\SYMANT~2\VPTray.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\Messenger\msmsgs.exe
            C:\Program Files\Apoint\Apntex.exe
            C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
            C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
            C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
            C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
            C:\WINDOWS\system32\NOTEPAD.EXE
            C:\WINDOWS\system32\rundll32.exe
            C:\DOCUME~1\STEVEN~1\LOCALS~1\Temp\Temporary Directory 3 for
            hijackthis.zip\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
            news.bbc.co.uk/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
            go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
            go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
            go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
            go.microsoft.com/fwlink/?LinkId=69157
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
            R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
            www.vaio-link.com/vu.asp?l=en&u=m&h=0809
            R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no
            file)
            O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
            - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
            O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
            C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
            Files\Java\jre1.5.0_10\bin\ssv.dll
            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
            c:\program files\google\googletoolbar1.dll
            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
            files\google\googletoolbar1.dll
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
            O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
            O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
            O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
            O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera
            Utility\VCUServe.exe"
            O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power
            Management\SPMgr.exe
            O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
            O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting
            Utility\Switcher.exe
            O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat
            7.0\Distillr\Acrotray.exe"
            O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
            C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
            O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
            Files\Real\Update_OB\realsched.exe" -osboot
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
            Files\Java\jre1.5.0_10\bin\jusched.exe"
            O4 - HKLM\..\Run: [hynurazy.exe] C:\WINDOWS\system32\hynurazy.exe
            O4 - HKLM\..\Run: [Personal Security Center Monitor] C:\WINDOWS\system32\isc_ui.exe
            O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
            O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
            O4 - Global Startup: Bluetooth Manager.lnk = ?
            O8 - Extra context menu item: &Google Search - res://C:\Program
            Files\Google\GoogleToolbar1.dll/cmsearch.html
            O8 - Extra context menu item: &Translate English Word - res://C:\Program
            Files\Google\GoogleToolbar1.dll/cmwordtrans.html
            O8 - Extra context menu item: Backward Links - res://C:\Program
            Files\Google\GoogleToolbar1.dll/cmbacklinks.html
            O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program
            Files\Google\GoogleToolbar1.dll/cmcache.html
            O8 - Extra context menu item: E&xport to Microsoft Excel -
            res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
            O8 - Extra context menu item: Similar Pages - res://C:\Program
            Files\Google\GoogleToolbar1.dll/cmsimilar.html
            O8 - Extra context menu item: Translate Page into English - res://C:\Program
            Files\Google\GoogleToolbar1.dll/cmtrans.html
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
            C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console -
            {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
            Files\Java\jre1.5.0_10\bin\ssv.dll
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
            %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
            {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
            Diagnostic\xpnetdiag.exe (file missing)
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
            C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger -
            {FB5F1910-F110-11d2-BB9E-00C04
            • Gość: jaku Re: System Security Center IP: 80.50.74.* 05.02.07, 15:00
              O8 - Extra context menu item: Translate Page into English - res://C:\Program
              Files\Google\GoogleToolbar1.dll/cmtrans.html
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
              C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console -
              {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
              Files\Java\jre1.5.0_10\bin\ssv.dll
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
              %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
              {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
              Diagnostic\xpnetdiag.exe (file missing)
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
              C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger -
              {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O11 - Options group: [INTERNATIONAL] International*
              O14 - IERESET.INF: START_PAGE_URL=www.club-vaio.com/en/
              O15 - Trusted Zone: *.sony-europe.com
              O15 - Trusted Zone: *.sonystyle-europe.com
              O15 - Trusted Zone: *.vaio-link.com
              O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
              update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166578712531
              O17 - HKLM\System\CCS\Services\Tcpip\..\{19467641-44B7-4744-8D9E-068316AB7E8B}:
              NameServer = 85.255.115.98,85.255.112.80
              O17 - HKLM\System\CCS\Services\Tcpip\..\{302D7F6B-B995-4E44-99B1-1A5158EF7090}:
              NameServer = 85.255.115.98,85.255.112.80
              O17 - HKLM\System\CCS\Services\Tcpip\..\{8822A02D-CD79-40C1-A188-2E17251CCE12}:
              NameServer = 85.255.115.98,85.255.112.80
              O17 - HKLM\System\CCS\Services\Tcpip\..\{B4410B98-0942-45E3-8953-A5AB906534BF}:
              NameServer = 85.255.115.98,85.255.112.80
              O17 - HKLM\System\CCS\Services\Tcpip\..\{E52E2406-F79A-43A8-91AB-8D4ABB364AD5}:
              NameServer = 85.255.115.98,85.255.112.80
              O17 - HKLM\System\CCS\Services\Tcpip\..\{E93A8336-6A09-48DE-94F0-7EA050A1EEA1}:
              NameServer = 85.255.115.98,85.255.112.80
              O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.98
              85.255.112.80
              O17 - HKLM\System\CS1\Services\Tcpip\..\{19467641-44B7-4744-8D9E-068316AB7E8B}:
              NameServer = 85.255.115.98,85.255.112.80
              O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.98
              85.255.112.80
              O17 - HKLM\System\CS2\Services\Tcpip\..\{19467641-44B7-4744-8D9E-068316AB7E8B}:
              NameServer = 85.255.115.98,85.255.112.80
              O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.98
              85.255.112.80
              O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
              O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
              O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
              O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) -
              Unknown owner - C:\Program Files\Adobe\Photoshop Elements
              4.0\PhotoshopElementsFileAgent.exe
              O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
              C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
              O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
              C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
              O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
              C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
              O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec
              Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
              O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation -
              C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation
              - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
              O23 - Service: Image Converter video recording monitor for VAIO Entertainment -
              Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
              O23 - Service: LiveUpdate - Symantec Corporation -
              C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
              O23 - Service: lmab_device - Lexmark International, Inc. -
              C:\WINDOWS\system32\LMabcoms.exe
              O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common
              Files\Sony Shared\AVLib\MSCSPTISRV.exe
              O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
              C:\WINDOWS\system32\nvsvc32.exe
              O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common
              Files\Sony Shared\AVLib\PACSPTISVR.exe
              O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel
              Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
              O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel
              Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
              O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec
              AntiVirus\SavRoam.exe
              O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation
              - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
              O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program
              Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
              O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program
              Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
              O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation -
              C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
              O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program
              Files\Symantec AntiVirus\Rtvscan.exe
              O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony
              Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment
              Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
              O23 - Service: VAIO Event Service - Sony Corporation - C:\Program
              Files\Sony\VAIO Event Service\VESMgr.exe
              O23 - Service: VAIO Media Integrated Server
              (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program
              Files\Sony\VAIO Media Integrated Server\VMISrv.exe
              O23 - Service: VAIO Media Integrated Server (HTTP)
              (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program
              Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe"
              /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony
              Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP
              (file missing)
              O23 - Service: VAIO Media Integrated Server (UPnP)
              (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program
              Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
              O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) -
              Unknown owner - C:\Program Files\Sony\VAIO Media Integrated
              Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway
              /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0"
              /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway
              Server (file missing)
              O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation -
              C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
              O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation
              - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment
              Platform\VCSW\VCSW.exe
              O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation
              - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment
              Platform\VzCdb\VzCdbSvc.exe
              O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation
              - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment
              Platform\VzCdb\VzFw.exe
              O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program
              Files\Inventel\Gateway\wlancfg.exe

              • Gość: Kolobos Re: System Security Center IP: *.escom.net.pl 05.02.07, 15:46
                Uzyj: downloads.subratam.org/Fixwareout.exe log, ktory sie utworzy po uzyciu wklej na forum.

                W menadzerze zadan zakoncz:
                C:\WINDOWS\system32\hynurazy.exe
                C:\WINDOWS\system32\isc_ui.exe

                W hjt usun:
                R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no
                file)
                O4 - HKLM\..\Run: [hynurazy.exe] C:\WINDOWS\system32\hynurazy.exe <- plik usun z dysku.
                O4 - HKLM\..\Run: [Personal Security Center Monitor] C:\WINDOWS\system32\isc_ui.exe <- plik usun z dysku.
                O17 - HKLM\System\CCS\Services\Tcpip\..\{19467641-44B7-4744-8D9E-068316AB7E8B}:
                NameServer = 85.255.115.98,85.255.112.80
                O17 - HKLM\System\CCS\Services\Tcpip\..\{302D7F6B-B995-4E44-99B1-1A5158EF7090}:
                NameServer = 85.255.115.98,85.255.112.80
                O17 - HKLM\System\CCS\Services\Tcpip\..\{8822A02D-CD79-40C1-A188-2E17251CCE12}:
                NameServer = 85.255.115.98,85.255.112.80
                O17 - HKLM\System\CCS\Services\Tcpip\..\{B4410B98-0942-45E3-8953-A5AB906534BF}:
                NameServer = 85.255.115.98,85.255.112.80
                O17 - HKLM\System\CCS\Services\Tcpip\..\{E52E2406-F79A-43A8-91AB-8D4ABB364AD5}:
                NameServer = 85.255.115.98,85.255.112.80
                O17 - HKLM\System\CCS\Services\Tcpip\..\{E93A8336-6A09-48DE-94F0-7EA050A1EEA1}:
                NameServer = 85.255.115.98,85.255.112.80
                O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.98
                85.255.112.80
                O17 - HKLM\System\CS1\Services\Tcpip\..\{19467641-44B7-4744-8D9E-068316AB7E8B}:
                NameServer = 85.255.115.98,85.255.112.80
                O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.98
                85.255.112.80
                O17 - HKLM\System\CS2\Services\Tcpip\..\{19467641-44B7-4744-8D9E-068316AB7E8B}:
                NameServer = 85.255.115.98,85.255.112.80
                O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.98
                85.255.112.80

                Na koniec przeskanuj system przy pomocy Ewido.
                • Gość: jaku Re: System Security Center IP: 80.50.74.* 05.02.07, 16:31

                  Fixwareout
                  Last edited 1/30/2007
                  Post this report in the forums please
                  ...
                  Prerun check
                  »»»»» HKLM run and Winlogon System values
                  C:\WINDOWS\System32\kdtka.exe will be moved to C:\WINDOWS\temp\kdtka.ren at reboot.

                  »»»»» System restarted
                  Reg Entries that were deleted
                  ...
                  Random Runs removed from HKLM
                  ...

                  »»»»» Misc files.

                  »»»»» Checking for older varients.

                  »»»»» Postrun check
                  »»»»» HKLM run
                  »»»»» Winlogon System value
                  "system"=""
                  »»»»»

                  PLEASE NOTE, There CAN be LEGITIMATE FILES LISTED IN THIS SECTION.

                  This WILL/CAN also list Legit Files, Submit them at Virustotal
                  Search five digit cs, dm kd and jb files.
                  »»»»»
                  »»»»» Current runs

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
                  "Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
                  "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
                  "Mouse Suite 98 Daemon"="ICO.EXE"
                  "VAIOCameraUtility"="\"C:\\Program Files\\Sony\\VAIO Camera Utility\\VCUServe.exe\""
                  "SonyPowerCfg"="C:\\Program Files\\Sony\\VAIO Power Management\\SPMgr.exe"
                  "ISBMgr.exe"="C:\\Program Files\\Sony\\ISB Utility\\ISBMgr.exe"
                  "Switcher.exe"="C:\\Program Files\\Sony\\Wireless Switch Setting
                  Utility\\Switcher.exe"
                  "Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat
                  7.0\\Distillr\\Acrotray.exe\""
                  "HPDJ Taskbar
                  Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe"
                  "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\"
                  -osboot"
                  "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
                  "hynurazy.exe"="C:\\WINDOWS\\system32\\hynurazy.exe"
                  "Personal Security Center Monitor"="C:\\WINDOWS\\system32\\isc_ui.exe"
                  "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
                  "vptray"="C:\\PROGRA~1\\SYMANT~2\\VPTray.exe"

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
                  "Installed"="1"

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
                  "Installed"="1"
                  "NoChange"="1"

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
                  "Installed"="1"

                  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
                  "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

                  Hosts file was reset, If you use a custom hosts file please replace it
                  • Gość: jaku Re: System Security Center IP: 80.50.74.* 05.02.07, 16:32
                    usunołem te pliczki co mowiles...
                    • Gość: jaku Re: System Security Center IP: 80.50.74.* 05.02.07, 16:41
                      ale one po restarcie caly czas sa...
                      • Gość: Kolobos Re: System Security Center IP: *.escom.net.pl 05.02.07, 16:51
                        Wyslij mi na mail'a (kolobos (at) gazeta.pl) log z gmera + combofix + silent runners.
                        • Gość: jaku Re: System Security Center IP: 80.50.74.* 05.02.07, 17:09
                          pooszlo

Nie masz jeszcze konta? Zarejestruj się


Nakarm Pajacyka