Forum Tibia.pl - Zobacz pojedynczy post

29-06-2007, 08:56

Log z hijack dalem na tamto forum. Dajcie jeszcze link do killboxa

Log z Silen:
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs*****" /background" [MS]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu1\gg*****" /tray" ["Gadu-Gadu S.A."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"NVRaidService" = "C:\WINDOWS\system32\nvraidservice*****" ["NVIDIA Corporation"]
"SoundMan" = "SOUNDMAN*****" ["Realtek Semiconductor Corp."]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx*****" ["ATI Technologies, Inc."]
"ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli*****" runtime" [null data]
"HP Software Update" = ""C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2*****"" ["Hewlett-Packard Company"]
"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr*****"" ["Hewlett-Packard Company"]
"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb 10*****" ["HP"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched*****" ["Sun Microsystems, Inc."]
"MsgCenterExe" = ""C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter*****" -osboot" [file not found]
"DAEMON Tools-1033" = ""C:\Program Files\D-Tools\daemon*****" -lang 1045" ["DAEMON'S HOME"]
"00PCTFW" = ""E:\Program Files\PC Tools Firewall Plus\FirewallGUI*****" -s" ["PC Tools"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "e:\gry\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
{C08DF07A-3E49-4E25-9AB0-D3882835F153}\(Default) = (no title provided)
-> {HKLM...CLSID} = "QUICKfind BHO Object"
\InProcServer32\(Default) = "C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp. dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

Teraz dam logi z Gmera

29-06-2007, 08:56	#58
<>A.B.C<> Guest Posty: n/a	Log z hijack dalem na tamto forum. Dajcie jeszcze link do killboxa Log z Silen: "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++} "MSMSGS" = ""C:\Program Files\Messenger\msmsgs***" /background" [MS] "Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu1\gg*" /tray" ["Gadu-Gadu S.A."] HKLM\Software\Microsoft\Windows\CurrentVersion\Run \ {++} "NVRaidService" = "C:\WINDOWS\system32\nvraidservice*" ["NVIDIA Corporation"] "SoundMan" = "SOUNDMAN*" ["Realtek Semiconductor Corp."] "ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx*" ["ATI Technologies, Inc."] "ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli*" runtime" [null data] "HP Software Update" = ""C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2*"" ["Hewlett-Packard Company"] "HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr*"" ["Hewlett-Packard Company"] "HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb 10*" ["HP"] "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched*" ["Sun Microsystems, Inc."] "MsgCenterExe" = ""C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter*" -osboot" [file not found] "DAEMON Tools-1033" = ""C:\Program Files\D-Tools\daemon*" -lang 1045" ["DAEMON'S HOME"] "00PCTFW" = ""E:\Program Files\PC Tools Firewall Plus\FirewallGUI**" -s" ["PC Tools"] HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "e:\gry\Reader\ActiveX\AcroIEHelper.ocx" [empty string] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] {C08DF07A-3E49-4E25-9AB0-D3882835F153}\(Default) = (no title provided) -> {HKLM...CLSID} = "QUICKfind BHO Object" \InProcServer32\(Default) = "C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp. dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] Teraz dam logi z Gmera Ostatnio edytowany przez <>A.B.C<> - 29-06-2007 o 09:19.*