System Security Center

Drzewko
Od najstarszego
Od najnowszego

Gość: Kolobos Re: System Security Center IP: *.escom.net.pl 05.02.07, 10:31

Wklej log z hijackthis.

> dodatkowo obok zegara pojawia się komunikat w stylu: oprogramowanie
> antywirusowe jest wyłączone - jak sie tego pozbyć?

Klikasz na ikone, wybierasz zmien sposob informowania... i tam odznaczasz.
- Gość: jaku Re: System Security Center IP: 80.50.74.* 05.02.07, 10:38
  
  Momencik: To nie jest Security Center. To jest obok i nazywa się System
  Security Center... Jest to coś co się zainstalowało przypadkiem...
  - Gość: Kolobos Re: System Security Center IP: *.escom.net.pl 05.02.07, 11:03
    
    Wkleisz w koncu ten log?
    - Gość: jaku Re: System Security Center IP: 80.50.74.* 05.02.07, 15:00
      
      Logfile of HijackThis v1.99.1
      Scan saved at 14:56:49, on 2007/02/05
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.5730.0011)
      
      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\Program Files\Symantec AntiVirus\DefWatch.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Symantec AntiVirus\Rtvscan.exe
      C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
      C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
      C:\Program Files\Common Files\Sony Shared\VAIO Entertainment
      Platform\VzCdb\VzCdbSvc.exe
      C:\Program Files\Inventel\Gateway\wlancfg.exe
      C:\WINDOWS\ehome\mcrdsvc.exe
      C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Apoint\Apoint.exe
      C:\WINDOWS\ehome\ehtray.exe
      C:\WINDOWS\system32\ICO.EXE
      C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
      C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
      C:\Program Files\Sony\ISB Utility\ISBMgr.exe
      C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
      C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
      C:\WINDOWS\eHome\ehmsas.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
      C:\WINDOWS\system32\hynurazy.exe
      C:\WINDOWS\system32\isc_ui.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\PROGRA~1\SYMANT~2\VPTray.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Apoint\Apntex.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\WINDOWS\system32\rundll32.exe
      C:\DOCUME~1\STEVEN~1\LOCALS~1\Temp\Temporary Directory 3 for
      hijackthis.zip\HijackThis.exe
      
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      news.bbc.co.uk/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
      go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
      go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
      www.vaio-link.com/vu.asp?l=en&u=m&h=0809
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no
      file)
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
      - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
      C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
      Files\Java\jre1.5.0_10\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
      c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
      files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
      O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera
      Utility\VCUServe.exe"
      O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power
      Management\SPMgr.exe
      O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
      O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting
      Utility\Switcher.exe
      O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat
      7.0\Distillr\Acrotray.exe"
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
      Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
      Files\Java\jre1.5.0_10\bin\jusched.exe"
      O4 - HKLM\..\Run: [hynurazy.exe] C:\WINDOWS\system32\hynurazy.exe
      O4 - HKLM\..\Run: [Personal Security Center Monitor] C:\WINDOWS\system32\isc_ui.exe
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - Global Startup: Bluetooth Manager.lnk = ?
      O8 - Extra context menu item: &Google Search - res://C:\Program
      Files\Google\GoogleToolbar1.dll/cmsearch.html
      O8 - Extra context menu item: &Translate English Word - res://C:\Program
      Files\Google\GoogleToolbar1.dll/cmwordtrans.html
      O8 - Extra context menu item: Backward Links - res://C:\Program
      Files\Google\GoogleToolbar1.dll/cmbacklinks.html
      O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program
      Files\Google\GoogleToolbar1.dll/cmcache.html
      O8 - Extra context menu item: E&xport to Microsoft Excel -
      res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
      O8 - Extra context menu item: Similar Pages - res://C:\Program
      Files\Google\GoogleToolbar1.dll/cmsimilar.html
      O8 - Extra context menu item: Translate Page into English - res://C:\Program
      Files\Google\GoogleToolbar1.dll/cmtrans.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
      C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console -
      {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
      Files\Java\jre1.5.0_10\bin\ssv.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
      %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
      {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
      Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
      C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger -
      {FB5F1910-F110-11d2-BB9E-00C04
      - Gość: jaku Re: System Security Center IP: 80.50.74.* 05.02.07, 15:00
        
        O8 - Extra context menu item: Translate Page into English - res://C:\Program
        Files\Google\GoogleToolbar1.dll/cmtrans.html
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
        C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console -
        {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
        Files\Java\jre1.5.0_10\bin\ssv.dll
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
        %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
        {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
        Diagnostic\xpnetdiag.exe (file missing)
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
        C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger -
        {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O11 - Options group: [INTERNATIONAL] International*
        O14 - IERESET.INF: START_PAGE_URL=www.club-vaio.com/en/
        O15 - Trusted Zone: *.sony-europe.com
        O15 - Trusted Zone: *.sonystyle-europe.com
        O15 - Trusted Zone: *.vaio-link.com
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
        update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166578712531
        O17 - HKLM\System\CCS\Services\Tcpip\..\{19467641-44B7-4744-8D9E-068316AB7E8B}:
        NameServer = 85.255.115.98,85.255.112.80
        O17 - HKLM\System\CCS\Services\Tcpip\..\{302D7F6B-B995-4E44-99B1-1A5158EF7090}:
        NameServer = 85.255.115.98,85.255.112.80
        O17 - HKLM\System\CCS\Services\Tcpip\..\{8822A02D-CD79-40C1-A188-2E17251CCE12}:
        NameServer = 85.255.115.98,85.255.112.80
        O17 - HKLM\System\CCS\Services\Tcpip\..\{B4410B98-0942-45E3-8953-A5AB906534BF}:
        NameServer = 85.255.115.98,85.255.112.80
        O17 - HKLM\System\CCS\Services\Tcpip\..\{E52E2406-F79A-43A8-91AB-8D4ABB364AD5}:
        NameServer = 85.255.115.98,85.255.112.80
        O17 - HKLM\System\CCS\Services\Tcpip\..\{E93A8336-6A09-48DE-94F0-7EA050A1EEA1}:
        NameServer = 85.255.115.98,85.255.112.80
        O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.98
        85.255.112.80
        O17 - HKLM\System\CS1\Services\Tcpip\..\{19467641-44B7-4744-8D9E-068316AB7E8B}:
        NameServer = 85.255.115.98,85.255.112.80
        O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.98
        85.255.112.80
        O17 - HKLM\System\CS2\Services\Tcpip\..\{19467641-44B7-4744-8D9E-068316AB7E8B}:
        NameServer = 85.255.115.98,85.255.112.80
        O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.98
        85.255.112.80
        O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
        O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
        O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
        O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) -
        Unknown owner - C:\Program Files\Adobe\Photoshop Elements
        4.0\PhotoshopElementsFileAgent.exe
        O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
        C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec
        Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
        O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation -
        C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation
        - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
        O23 - Service: Image Converter video recording monitor for VAIO Entertainment -
        Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
        O23 - Service: LiveUpdate - Symantec Corporation -
        C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
        O23 - Service: lmab_device - Lexmark International, Inc. -
        C:\WINDOWS\system32\LMabcoms.exe
        O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common
        Files\Sony Shared\AVLib\MSCSPTISRV.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
        C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common
        Files\Sony Shared\AVLib\PACSPTISVR.exe
        O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel
        Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
        O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel
        Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
        O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec
        AntiVirus\SavRoam.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation
        - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program
        Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
        O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program
        Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
        O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation -
        C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
        O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program
        Files\Symantec AntiVirus\Rtvscan.exe
        O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony
        Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment
        Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
        O23 - Service: VAIO Event Service - Sony Corporation - C:\Program
        Files\Sony\VAIO Event Service\VESMgr.exe
        O23 - Service: VAIO Media Integrated Server
        (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program
        Files\Sony\VAIO Media Integrated Server\VMISrv.exe
        O23 - Service: VAIO Media Integrated Server (HTTP)
        (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program
        Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe"
        /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony
        Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP
        (file missing)
        O23 - Service: VAIO Media Integrated Server (UPnP)
        (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program
        Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
        O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) -
        Unknown owner - C:\Program Files\Sony\VAIO Media Integrated
        Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway
        /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0"
        /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway
        Server (file missing)
        O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation -
        C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
        O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation
        - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment
        Platform\VCSW\VCSW.exe
        O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation
        - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment
        Platform\VzCdb\VzCdbSvc.exe
        O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation
        - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment
        Platform\VzCdb\VzFw.exe
        O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program
        Files\Inventel\Gateway\wlancfg.exe
        
        Gość: Kolobos Re: System Security Center IP: *.escom.net.pl 05.02.07, 15:46
        
        Uzyj: downloads.subratam.org/Fixwareout.exe log, ktory sie utworzy po uzyciu wklej na forum.
        
        W menadzerze zadan zakoncz:
        C:\WINDOWS\system32\hynurazy.exe
        C:\WINDOWS\system32\isc_ui.exe
        
        W hjt usun:
        R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no
        file)
        O4 - HKLM\..\Run: [hynurazy.exe] C:\WINDOWS\system32\hynurazy.exe <- plik usun z dysku.
        O4 - HKLM\..\Run: [Personal Security Center Monitor] C:\WINDOWS\system32\isc_ui.exe <- plik usun z dysku.
        O17 - HKLM\System\CCS\Services\Tcpip\..\{19467641-44B7-4744-8D9E-068316AB7E8B}:
        NameServer = 85.255.115.98,85.255.112.80
        O17 - HKLM\System\CCS\Services\Tcpip\..\{302D7F6B-B995-4E44-99B1-1A5158EF7090}:
        NameServer = 85.255.115.98,85.255.112.80
        O17 - HKLM\System\CCS\Services\Tcpip\..\{8822A02D-CD79-40C1-A188-2E17251CCE12}:
        NameServer = 85.255.115.98,85.255.112.80
        O17 - HKLM\System\CCS\Services\Tcpip\..\{B4410B98-0942-45E3-8953-A5AB906534BF}:
        NameServer = 85.255.115.98,85.255.112.80
        O17 - HKLM\System\CCS\Services\Tcpip\..\{E52E2406-F79A-43A8-91AB-8D4ABB364AD5}:
        NameServer = 85.255.115.98,85.255.112.80
        O17 - HKLM\System\CCS\Services\Tcpip\..\{E93A8336-6A09-48DE-94F0-7EA050A1EEA1}:
        NameServer = 85.255.115.98,85.255.112.80
        O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.98
        85.255.112.80
        O17 - HKLM\System\CS1\Services\Tcpip\..\{19467641-44B7-4744-8D9E-068316AB7E8B}:
        NameServer = 85.255.115.98,85.255.112.80
        O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.98
        85.255.112.80
        O17 - HKLM\System\CS2\Services\Tcpip\..\{19467641-44B7-4744-8D9E-068316AB7E8B}:
        NameServer = 85.255.115.98,85.255.112.80
        O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.98
        85.255.112.80
        
        Na koniec przeskanuj system przy pomocy Ewido.
        
        Gość: jaku Re: System Security Center IP: 80.50.74.* 05.02.07, 16:31
        
        Fixwareout
        Last edited 1/30/2007
        Post this report in the forums please
        ...
        Prerun check
        »»»»» HKLM run and Winlogon System values
        C:\WINDOWS\System32\kdtka.exe will be moved to C:\WINDOWS\temp\kdtka.ren at reboot.
        
        »»»»» System restarted
        Reg Entries that were deleted
        ...
        Random Runs removed from HKLM
        ...
        
        »»»»» Misc files.
        
        »»»»» Checking for older varients.
        
        »»»»» Postrun check
        »»»»» HKLM run
        »»»»» Winlogon System value
        "system"=""
        »»»»»
        
        PLEASE NOTE, There CAN be LEGITIMATE FILES LISTED IN THIS SECTION.
        
        This WILL/CAN also list Legit Files, Submit them at Virustotal
        Search five digit cs, dm kd and jb files.
        »»»»»
        »»»»» Current runs
        
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
        "Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
        "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
        "Mouse Suite 98 Daemon"="ICO.EXE"
        "VAIOCameraUtility"="\"C:\\Program Files\\Sony\\VAIO Camera Utility\\VCUServe.exe\""
        "SonyPowerCfg"="C:\\Program Files\\Sony\\VAIO Power Management\\SPMgr.exe"
        "ISBMgr.exe"="C:\\Program Files\\Sony\\ISB Utility\\ISBMgr.exe"
        "Switcher.exe"="C:\\Program Files\\Sony\\Wireless Switch Setting
        Utility\\Switcher.exe"
        "Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat
        7.0\\Distillr\\Acrotray.exe\""
        "HPDJ Taskbar
        Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe"
        "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\"
        -osboot"
        "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
        "hynurazy.exe"="C:\\WINDOWS\\system32\\hynurazy.exe"
        "Personal Security Center Monitor"="C:\\WINDOWS\\system32\\isc_ui.exe"
        "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
        "vptray"="C:\\PROGRA~1\\SYMANT~2\\VPTray.exe"
        
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
        
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
        "Installed"="1"
        
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
        "Installed"="1"
        "NoChange"="1"
        
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
        "Installed"="1"
        
        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
        "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
        
        Hosts file was reset, If you use a custom hosts file please replace it
        
        Gość: jaku Re: System Security Center IP: 80.50.74.* 05.02.07, 16:32
        
        usunołem te pliczki co mowiles...
        
        Gość: jaku Re: System Security Center IP: 80.50.74.* 05.02.07, 16:41
        
        ale one po restarcie caly czas sa...
        
        Gość: Kolobos Re: System Security Center IP: *.escom.net.pl 05.02.07, 16:51
        
        Wyslij mi na mail'a (kolobos (at) gazeta.pl) log z gmera + combofix + silent runners.
        
        Gość: jaku Re: System Security Center IP: 80.50.74.* 05.02.07, 17:09
        
        pooszlo

Najnowsze z forum Wirusy, trojany, spyware

Zaloguj się