SafeGroupBezpieczeństwoPomoc po zainfekowaniu v
Problem z wirusami

Tryby wyświetlania wątku
Problem z wirusami
bigmagic Offline
Nowicjusz
Liczba postów: 6
Liczba wątków: 1
Dołączył: 03.09.2006
Reputacja: 0
#10
03.09.2006, 19:12
Kod:
"Silent Runners.vbs", revision 47, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun {++}
"Gadu-Gadu" = ""C:Program FilesGadu-Gadugg.exe" /tray" ["Gadu-Gadu Sp. z oo"]

HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun {++}
"SpeedTouch USB Diagnostics" = ""C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"Zone Labs Client" = ""C:Program FilesZone LabsZoneAlarmzlclient.exe"" ["Zone Labs, LLC"]
"SunJavaUpdateSched" = "C:Program FilesJavajre1.5.0_06binjusched.exe" ["Sun Microsystems, Inc."]
"avgnt" = ""C:Program FilesAntiVir PersonalEdition Classicavgnt.exe" /min" ["Avira GmbH"]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx" [empty string]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
InProcServer32(Default) = "C:Program FilesJavajre1.5.0_06binssv.dll" ["Sun Microsystems, Inc."]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
InProcServer32(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
InProcServer32(Default) = "C:PROGRA~1ALCOHO~1ALCOHO~1AXShlEx.dll" ["Alcohol Soft Development Team"]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
InProcServer32(Default) = "C:WINDOWSsystem32browseui.dll" [MS]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "C:Program FilesAntiVir PersonalEdition Classicshlext.dll" ["H+BEDV Datentechnik GmbH"]

HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify
INFECTION WARNING! AtiExtEventDLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLMSoftwareClasses*shellexContextMenuHandlers
Shell Extension for Malware scanning(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "C:Program FilesAntiVir PersonalEdition Classicshlext.dll" ["H+BEDV Datentechnik GmbH"]

HKLMSoftwareClassesFoldershellexContextMenuHandlers
Shell Extension for Malware scanning(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "C:Program FilesAntiVir PersonalEdition Classicshlext.dll" ["H+BEDV Datentechnik GmbH"]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState

HKCUControl PanelDesktop
"Wallpaper" = "C:Documents and SettingsUserDane aplikacjiIrfanViewIrfanView_Wallpaper.bmp"


Startup items in "User" & "All Users" startup folders:
------------------------------------------------------

C:Documents and SettingsAll UsersMenu StartProgramyAutostart
"Ulead Photo Express 4.0 SE Calendar Checker " -> shortcut to: "C:Program FilesUlead SystemsUlead Photo Express 4.0 SECalCheck.exe" ["Ulead Systems, Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

Transport Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%system32rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLMSoftwareMicrosoftInternet ExplorerToolbar
"{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint"
-> {HKLM...CLSID} = "Easy-WebPrint"
InProcServer32(Default) = "C:Program FilesCanonEasy-WebPrintToolband.dll" [null data]

Extensions (Tools menu items, main toolbar menu buttons)

HKLMSoftwareMicrosoftInternet ExplorerExtensions
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
InProcServer32(Default) = "C:Program FilesJavajre1.5.0_06binssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
InProcServer32(Default) = "C:Program FilesJavajre1.5.0_06binnpjpi150_06.dll" ["Sun Microsystems, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:Program FilesMessengermsmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir PersonalEdition Classic Guard, AntiVirService, "C:Program FilesAntiVir PersonalEdition Classicavguard.exe" ["AVIRA GmbH"]
AntiVir PersonalEdition Classic Scheduler, AntiVirScheduler, "C:Program FilesAntiVir PersonalEdition Classicsched.exe" ["Avira GmbH"]
Ati HotKey Poller, Ati HotKey Poller, "C:WINDOWSsystem32Ati2evxx.exe" ["ATI Technologies Inc."]
TrueVector Internet Monitor, vsmon, "C:WINDOWSsystem32ZoneLabsvsmon.exe -service" ["Zone Labs, LLC"]


Print Monitors:
---------------

HKLMSystemCurrentControlSetControlPrintMonitors
Canon BJ Language Monitor PIXMA iP1000Driver = "CNMLM6e.DLL" ["CANON INC."]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 21 seconds, including 4 seconds for message boxes)

o to chodzi?
Szukaj
Odpowiedz


Wiadomości w tym wątku
Problem z wirusami - przez bigmagic - 03.09.2006, 14:35
Re: Problem z wirusami - przez Seth - 03.09.2006, 15:23
Re: Problem z wirusami - przez Stary - 03.09.2006, 15:25
Re: Problem z wirusami - przez bigmagic - 03.09.2006, 17:42
Re: Problem z wirusami - przez Seth - 03.09.2006, 18:13
Re: Problem z wirusami - przez bigmagic - 03.09.2006, 18:55
Re: Problem z wirusami - przez Seth - 03.09.2006, 19:03
Re: Problem z wirusami - przez bigmagic - 03.09.2006, 19:06
Re: Problem z wirusami - przez Seth - 03.09.2006, 19:08
Re: Problem z wirusami - przez bigmagic - 03.09.2006, 19:12
Re: Problem z wirusami - przez Seth - 03.09.2006, 19:15
Re: Problem z wirusami - przez bigmagic - 03.09.2006, 20:48
Re: Problem z wirusami - przez Seth - 13.11.2011, 10:41

Skocz do:


Użytkownicy przeglądający ten wątek: 1 gości