Prośba o sprawdzenie loga.[srvreg.exe]
Bardzo proszę o sprawdzenie loga.
Chodzi o wpis:
Chodzi o wpis:
O4 – HKCU\..\Run: [srvreg] C:\WINDOWS\system32\srvreg.exe
Logfile of HijackThis v1.99.1
Scan saved at 12:12:15, on 2006–02–09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\ewido anti–malware\ewidoctrl.exe
C:\Program Files\ewido anti–malware\ewidoguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PS Tray Factory\PSTrayFactory.EXE
C:\Program Files\Beniamin\tguard.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\InkSaver\InkSaver.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe
C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
F:\TATA\PROGRAMY [instalki]\uTorrent\utorrent.exe
C:\Program Files\Trend Micro\Tmas\tmas.exe
C:\Program Files\Tlen.pl\tlen.exe
F:\TATA\PROGRAMY [instalki]\hijackthis\HijackThis.exe
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.eu.microsoft.com/poland/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: IE 4.x–6.x BHO for Internet Download Accelerator – {2A646672–9C3A–4C28–9A7A–1FB0F63F28B6} – F:\TATA\PROGRA~2\IDA\idaiehlp.dll
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\system32\msdxm.ocx
O4 – HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 – HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 – HKLM\..\Run: [tguard] C:\Program Files\Beniamin\tguard.exe
O4 – HKLM\..\Run: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.EXE /silent
O4 – HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal Pro\kav.exe" /minimize
O4 – HKLM\..\Run: [SystemTray] SysTray.Exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 – HKLM\..\Run: [InkSaver] C:\Program Files\InkSaver\InkSaver.exe hide
O4 – HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" –osboot
O4 – HKLM\..\RunOnce: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.EXE /start
O4 – HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 – HKCU\..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
O4 – HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 – HKCU\..\Run: [srvreg] C:\WINDOWS\system32\srvreg.exe
O4 – Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 – Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
O9 – Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro – {44627E97–789B–40d4–B5C2–58BD171129A1} – C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 – Extra button: (no name) – {85d1f590–48f4–11d9–9669–0800200c9a66} – %windir%\bdoscandel.exe (file missing)
O9 – Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 – {85d1f590–48f4–11d9–9669–0800200c9a66} – %windir%\bdoscandel.exe (file missing)
O9 – Extra button: Internet Download Accelerator – {9819CC0E–9669–4D01–9CD7–2C66DA43AC6C} – F:\TATA\PROGRAMY [instalki]\IDA\ida.exe
O9 – Extra 'Tools' menuitem: &Internet Download Accelerator – {9819CC0E–9669–4D01–9CD7–2C66DA43AC6C} – F:\TATA\PROGRAMY [instalki]\IDA\ida.exe
O10 – Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O16 – DPF: {0EB0E74A–2A76–4AB3–A7FB–9BD8C29F7F75} (CKAVWebScan Object) – http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 – DPF: {2882C368–D508–11D4–A2AB–000102598CE4} (LProtect Control) – http://download.globalhauri.com/Eng/online_service/livecall.cab
O16 – DPF: {32305793–C19A–48E7–AD2F–D87FF7B264A4} (TenebrilSpywareScanner Control) – http://www.tenebril.com/assets/activeX/SpywareScanner.ocx
O16 – DPF: {556DDE35–E955–11D0–A707–000000521957} – http://www.xblock.com/download/xclean_micro.exe
O16 – DPF: {5D86DDB5–BDF9–441B–9E9E–D4730F4EE499} (BDSCANONLINE Control) – http://www.netsecure.pl/scan8/oscan8.cab
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {7F8C8173–AD80–4807–AA75–5672F22B4582} (ICSScanner Class) – http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37590.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {B1826A9F–4AA0–4510–BA77–9013E74E4B9B} – http://www.trendmicro.com/spyware–scan/as4web.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{35EF03EA–219D–4D13–8A37–B6EDF5440EBF}: NameServer = 194.204.152.34 217.98.63.164
O20 – Winlogon Notify: WRNotifier – WRLogonNTF.dll (file missing)
O23 – Service: cFosSpeed System Service (cFosSpeedS) – Unknown owner – C:\Program Files\cFosSpeed\spd.exe" –service (file missing)
O23 – Service: ewido security suite control – ewido networks – C:\Program Files\ewido anti–malware\ewidoctrl.exe
O23 – Service: ewido security suite guard – ewido networks – C:\Program Files\ewido anti–malware\ewidoguard.exe
O23 – Service: GhostStartService – Symantec Corporation – C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 – Service: kavsvc – Kaspersky Lab – C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal Pro\kavsvc.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Outpost Firewall Service (OutpostFirewall) – Agnitum Ltd. – C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 – Service: PDEngine – Raxco Software, Inc. – C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 – Service: PDScheduler (PDSched) – Raxco Software, Inc. – C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 – Service: StarWind iSCSI Service (StarWindService) – Rocket Division Software – F:\TATA\PROGRAMY [instalki]\Alcohol\Alcohol 120\StarWind\StarWindService.exe
O23 – Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) – TuneUp Software GmbH – C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Odpowiedzi: 4
Jaro, srvreg.exe to prawdopodobnie trojan Kitkar.
gieras, jak Cię proszę, nie sugeruj się do końca tym co wypluje Ci analizator, przeciez to tylko maszyna.
Przecieź nie kaźdy file missing to rzeczywiscie prawda – zerknij w procesy, widzisz cFosSpeed?
Przecieź nie kaźda biblioteka w LSP to koniecznie jakiś badziew.
gieras, jak Cię proszę, nie sugeruj się do końca tym co wypluje Ci analizator, przeciez to tylko maszyna.
Przecieź nie kaźdy file missing to rzeczywiscie prawda – zerknij w procesy, widzisz cFosSpeed?
Przecieź nie kaźda biblioteka w LSP to koniecznie jakiś badziew.
wg http://hijackthis.de/ do usuniecia
gieras:
usun to:
O10 – Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
sprawdz to:O23 – Service: cFosSpeed System Service (cFosSpeedS) – Unknown owner – C:\Program Files\cFosSpeed\spd.exe" –service (file missing)
to podobno czyste.O4 – HKCU\..\Run: [srvreg] C:\WINDOWS\system32\srvreg.exe
O10 – Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
To jest wpis od zapory rodzicielskiej "Beniamin" więc chyba nie do usunięcia.
O23 – Service: cFosSpeed System Service (cFosSpeedS) – Unknown owner – C:\Program Files\cFosSpeed\spd.exe" –service
A to jest od "cFos Speed",jak go usunę to nie wiem czy wszystko będzie chodziło.
O4 – HKCU\..\Run: [srvreg] C:\WINDOWS\system32\srvreg.exe
Jeźeli to jest dobry wpis to chyba nie mam się czym martwić.
usun to:
sprawdz to:
to podobno czyste.
O10 – Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
sprawdz to:
O23 – Service: cFosSpeed System Service (cFosSpeedS) – Unknown owner – C:\Program Files\cFosSpeed\spd.exe" –service (file missing)
to podobno czyste.
O4 – HKCU\..\Run: [srvreg] C:\WINDOWS\system32\srvreg.exe
Strona 1 / 1