shdw
(Shdwzr)
28 Listopad 2006 16:42
#1
Witam.
Dzisiejszego dnia kiedy włączyłem Firefox’a moim oczom ukazał się jak że piękny widok komunikatu, iż mój komputer jest zainfekowany i dostęp do internetu został wyłączony. Zgodnie ze wskazaniami administratora sieci przeskanowałem cały system Avastem, Spybotem S&D i Ad-Aware (dostęp do sieci został mi przywrócony aby pobrać najnowsze aktualizacje). (od tego momentu juz internet działał normalnie) Avast nic nie wykrył lecz S&D i adaware tak. S&D nie potrafił usunąć robaka więc zrobił to po restarcie komputera. I od tego czasu komputer przy włączaniu zatrzymuje się na komunikacie Zapraszamy! i musze tak czekać ok. 10 minut dopiero po upływie tego czasu komputer się uruchamia. Przeinstalowałem karte sieciową lecz to nic nie pomogło. Nie chce robić formatu ponieważ mam wiele ważnych informacji na dyskach. Prosze o sprawdzenie loga i jakies pomocne porady. Z góry dziękuj!
Logfile of HijackThis v1.99.1 Scan saved at 17:16:47, on 2006-11-28 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\ATKKBService.exe C:\WINDOWS\System32\cisvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\RunDLL32.exe D:\Programy\ByteOMeter\ByteOMeter.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\cidaemon.exe C:\Documents and Settings\shdw\Pulpit\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll R3 - URLSearchHook: (no name) - {CFBFAEA6-B9D4-11D0-9C78-00C04FD64497} - (no file) O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com O1 - Hosts: 127.255.255.255 http://www.alcohol-soft.com O1 - Hosts: 127.255.255.255 images.alcohol-soft.com O1 - Hosts: 200.124.131.116 casinocontroller.com O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll O2 - BHO: XBTP01621 - {9EBBE90B-282E-4c39-8A7E-120749169F0F} - C:\PROGRA~1\BEARSH~2\MediaBar.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\Programy\FlashGet\jccatch.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\Programy\FlashFXP\IEFlash.dll O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - D:\Programy\MidpX\JadInvoker\MidpInvoker.dll O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - D:\Programy\MidpX\JadInvoker\MidpInvoker.dll O3 - Toolbar: donkeymails.com - {0C2DE3EC-DB84-4eeb-9FC1-69B5153C4239} - C:\Program Files\Internet Explorer\PLUGINS\toolbar4198185.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll O3 - Toolbar: BearShare MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\BearShare MediaBar\MediaBar.dll O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM…\Run: [spyHunter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKCU…\Run: [byteOMeter] “D:\Programy\ByteOMeter\ByteOMeter.exe” O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Crack.lnk = C:\Documents and Settings\shdw\Dane aplikacji\Cream Software\Crack.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html O8 - Extra context menu item: + Offline &Explorer: Download the link - file://D:\Programy\Offline Explorer Pro\Add_UrlO.htm O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://D:\Programy\Offline Explorer Pro\Add_AllO.htm O8 - Extra context menu item: Download All by FlashGet - D:\Programy\FlashGet\jc_all.htm O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download using FlashGet - D:\Programy\FlashGet\jc_link.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Link to &MidpX - D:\Programy\MidpX\JadInvoker\Extent\jad_wrap.htm O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll O9 - Extra button: donkeymails.com - {3B1BD330-82D0-4a56-AE53-C9EF12F6093D} - C:\Program Files\Internet Explorer\PLUGINS\toolbar4198185.dll O9 - Extra ‘Tools’ menuitem: donkeymails.com - {3B1BD330-82D0-4a56-AE53-C9EF12F6093D} - C:\Program Files\Internet Explorer\PLUGINS\toolbar4198185.dll O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Programy\KASYNA!\Titan Poker\casino.exe O9 - Extra ‘Tools’ menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Programy\KASYNA!\Titan Poker\casino.exe O9 - Extra button: Crazy Poker - {8A8A3162-B5FA-4c54-A862-4E62CBE8A255} - D:\Programy\Kasyna!\crazyvegasMPP\MPPoker.exe O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - D:\Programy\KASYNA!\PACIFI~1\pacificpoker.exe O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - D:\Programy\KASYNA!\CDPoker\casino.exe O9 - Extra ‘Tools’ menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - D:\Programy\KASYNA!\CDPoker\casino.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programy\Kasyna!\PartyPoker\PartyPoker\RunApp.exe O9 - Extra ‘Tools’ menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programy\Kasyna!\PartyPoker\PartyPoker\RunApp.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ankamp3\ICQLite\ICQLite.exe O9 - Extra ‘Tools’ menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ankamp3\ICQLite\ICQLite.exe O9 - Extra button: Dream Poker - {D45D9D5F-B491-4c95-8B05-FA6B6C69CA82} - d:\programy\kasyna!\dreampokerMPP\MPPoker.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programy\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programy\FlashGet\flashget.exe O9 - Extra button: Fair Poker - {E49E0804-28BE-49ce-9E5F-AA6059B6DC7B} - C:\Program Files\Fair Poker\casino.exe (file missing) O9 - Extra ‘Tools’ menuitem: Fair Poker - {E49E0804-28BE-49ce-9E5F-AA6059B6DC7B} - C:\Program Files\Fair Poker\casino.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Programy\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra ‘Tools’ menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Programy\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - D:\Programy\KASYNA!\Poker.com \Poker.exe (HKCU) O10 - Broken Internet access because of LSP chain gap (#13 in chain of 19 missing) O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 1171491718 O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.3/g_bin/pl/mahjong_2_0_0_24.cab O17 - HKLM\System\CCS\Services\Tcpip…{03D59E73-4E6E-463D-8FA9-E1DA2C20EC3A}: NameServer = 212.244.88.3,212.244.88.24 O17 - HKLM\System\CCS\Services\Tcpip…{EABF1E50-232B-473C-BB21-B92AE2C18EC8}: NameServer = 212.244.88.3,212.244.88.24 O17 - HKLM\System\CS1\Services\Tcpip…{03D59E73-4E6E-463D-8FA9-E1DA2C20EC3A}: NameServer = 212.244.88.3,212.244.88.24 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing) O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programy\Alcohol 120\StarWind\StarWindService.exe
Bieniol
(Bbieniol)
28 Listopad 2006 21:52
#2
W trybie awaryjnym z wyłączonym przywracaniem systemu usuwasz (wpisy Hijackiem, pliki/foldery na czerwono ręcznie z dysku):
Znasz te dwie rzeczy?
Niepokoi mnie również ten wpis:
Po usunięciu tego co wskazałem na początku wrzuć nowy log z Hijacka, log z Silent Runners + screena z okienka LSP-Fix
shdw
(Shdwzr)
29 Listopad 2006 13:07
#3
Wszystkie wpisy i pliki wczesniej wymienione usunolem oprocz tego
Pisze zeby uzyc LSP-Fixa.
Teraz jestem chwilowo na linuxie i mecze sie zeby przekopiowac pliki na windows jak usune/naprawie ten w/w plik i zrobie logi to je jak najszybciej wy
Złączono Posta : 29.11.2006 (Sro) 15:09
Jesteś wielki!
Komputer się włączał tak długo przez te wpisy i pliki.
A internet przez popsuty Winsock i wystarczyło LSP-Fix usunąć!
Jeszcze jak możesz(cie) to sprawdzie mi logi dla pewności
Logfile of HijackThis v1.99.1 Scan saved at 15:07:34, on 2006-11-29 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\RunDLL32.exe D:\Programy\ByteOMeter\ByteOMeter.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\cisvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe D:\Programy\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\WScript.exe C:\Documents and Settings\shdw\Pulpit\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com O1 - Hosts: 127.255.255.255 http://www.alcohol-soft.com O1 - Hosts: 127.255.255.255 images.alcohol-soft.com O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\Programy\FlashGet\jccatch.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\Programy\FlashFXP\IEFlash.dll O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - D:\Programy\MidpX\JadInvoker\MidpInvoker.dll O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - D:\Programy\MidpX\JadInvoker\MidpInvoker.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM…\Run: [spyHunter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKCU…\Run: [byteOMeter] “D:\Programy\ByteOMeter\ByteOMeter.exe” O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html O8 - Extra context menu item: + Offline &Explorer: Download the link - file://D:\Programy\Offline Explorer Pro\Add_UrlO.htm O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://D:\Programy\Offline Explorer Pro\Add_AllO.htm O8 - Extra context menu item: Download All by FlashGet - D:\Programy\FlashGet\jc_all.htm O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download using FlashGet - D:\Programy\FlashGet\jc_link.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Link to &MidpX - D:\Programy\MidpX\JadInvoker\Extent\jad_wrap.htm O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll O9 - Extra button: donkeymails.com - {3B1BD330-82D0-4a56-AE53-C9EF12F6093D} - C:\Program Files\Internet Explorer\PLUGINS\toolbar4198185.dll (file missing) O9 - Extra ‘Tools’ menuitem: donkeymails.com - {3B1BD330-82D0-4a56-AE53-C9EF12F6093D} - C:\Program Files\Internet Explorer\PLUGINS\toolbar4198185.dll (file missing) O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Programy\KASYNA!\Titan Poker\casino.exe O9 - Extra ‘Tools’ menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Programy\KASYNA!\Titan Poker\casino.exe O9 - Extra button: Crazy Poker - {8A8A3162-B5FA-4c54-A862-4E62CBE8A255} - D:\Programy\Kasyna!\crazyvegasMPP\MPPoker.exe O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - D:\Programy\KASYNA!\PACIFI~1\pacificpoker.exe O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - D:\Programy\KASYNA!\CDPoker\casino.exe O9 - Extra ‘Tools’ menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - D:\Programy\KASYNA!\CDPoker\casino.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programy\Kasyna!\PartyPoker\PartyPoker\RunApp.exe O9 - Extra ‘Tools’ menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programy\Kasyna!\PartyPoker\PartyPoker\RunApp.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ankamp3\ICQLite\ICQLite.exe O9 - Extra ‘Tools’ menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ankamp3\ICQLite\ICQLite.exe O9 - Extra button: Dream Poker - {D45D9D5F-B491-4c95-8B05-FA6B6C69CA82} - d:\programy\kasyna!\dreampokerMPP\MPPoker.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programy\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programy\FlashGet\flashget.exe O9 - Extra button: Fair Poker - {E49E0804-28BE-49ce-9E5F-AA6059B6DC7B} - C:\Program Files\Fair Poker\casino.exe (file missing) O9 - Extra ‘Tools’ menuitem: Fair Poker - {E49E0804-28BE-49ce-9E5F-AA6059B6DC7B} - C:\Program Files\Fair Poker\casino.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Programy\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra ‘Tools’ menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Programy\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - D:\Programy\KASYNA!\Poker.com \Poker.exe (HKCU) O10 - Broken Internet access because of LSP provider ‘25,5’ missing O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 1171491718 O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.3/g_bin/pl/mahjong_2_0_0_24.cab O17 - HKLM\System\CCS\Services\Tcpip…{03D59E73-4E6E-463D-8FA9-E1DA2C20EC3A}: NameServer = 212.244.88.3,212.244.88.24 O17 - HKLM\System\CCS\Services\Tcpip…{100E6762-FFCC-4F3D-85B3-6BBF6E18C080}: NameServer = 212.244.88.3,212.244.88.24 O17 - HKLM\System\CS1\Services\Tcpip…{03D59E73-4E6E-463D-8FA9-E1DA2C20EC3A}: NameServer = 212.244.88.3,212.244.88.24 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing) O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programy\Alcohol 120\StarWind\StarWindService.exe
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “ByteOMeter” = ““D:\Programy\ByteOMeter\ByteOMeter.exe”” [null data] “ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “NvMediaCenter” = “RunDLL32.exe NvMCTray.dll,NvTaskbarInit” [MS] “SpyHunter” = “RunDLL32.exe NvMCTray.dll,NvTaskbarInit” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {0055C089-8582-441B-A0BF-17B458C2A3A8}(Default) = (no title provided) -> {HKLM…CLSID} = “IDMIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Internet Download Manager\IDMIECC.dll” [“Tonec Inc.”] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {7C554162-8CB7-45A4-B8F4-8EA1C75885F9}(Default) = “AOL Toolbar Launcher” -> {HKLM…CLSID} = “AOL Toolbar Launcher” \InProcServer32(Default) = “C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll” [“America Online, Inc.”] {A5366673-E8CA-11D3-9CD9-0090271D075B}(Default) = (no title provided) -> {HKLM…CLSID} = “IeCatch2 Class” \InProcServer32(Default) = “D:\Programy\FlashGet\jccatch.dll” [“Amaze Soft”] {E5A1691B-D188-4419-AD02-90002030B8EE}(Default) = (no title provided) -> {HKLM…CLSID} = “FlashFXP Helper for Internet Explorer” \InProcServer32(Default) = “D:\Programy\FlashFXP\IEFlash.dll” [“IniCom Networks, Inc.”] {EBE9E2B5-B526-48BC-AD46-687263EDCB0E}(Default) = “Kwyshell MidpX BHO” -> {HKLM…CLSID} = “Kwyshell MidpX” \InProcServer32(Default) = “D:\Programy\MidpX\JadInvoker\MidpInvoker.dll” [“Kwyshell G.Corp”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{ED65AC21-B24F-11d3-BA80-00C0CA16AA37}” = “Siemens Device” -> {HKLM…CLSID} = “Siemens Device” \InProcServer32(Default) = “D:\Programy\Mobile Phone Manager\DES\DESShellExt.dll” [“Siemens AG”] “{ED65AC22-B24F-11d3-BA80-00C0CA16AA37}” = “Siemens Device ContextMenuHandler” -> {HKLM…CLSID} = “Siemens Device ContextMenuHandler” \InProcServer32(Default) = “D:\Programy\Mobile Phone Manager\DES\DESShellExt.dll” [“Siemens AG”] “{ED65AC23-B24F-11d3-BA80-00C0CA16AA37}” = “Siemens SX1 PropertySheetHandler” -> {HKLM…CLSID} = “Siemens Device PropertySheetHandler” \InProcServer32(Default) = “D:\Programy\Mobile Phone Manager\DES\DESShellExt.dll” [“Siemens AG”] “{A4D78B20-6E05-1069-8758-4E73FD83DEAD}” = “QCopy” -> {HKLM…CLSID} = “QCopy” \InProcServer32(Default) = “dropcpyr.dll” [null data] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{acb4a560-3606-11d3-aef4-00104bd0f92d}” = “KodakShellExtension” -> {HKLM…CLSID} = “KodakShellExtension” \InProcServer32(Default) = “C:\Program Files\Common Files\Kodak\ifscore\KodakShX.dll” [“Eastman Kodak Company”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{73B24247-042E-4EF5-ADC2-42F62E6FD654}” = “ICQ Lite Shell Extension” -> {HKLM…CLSID} = “MCLiteShellExt Class” \InProcServer32(Default) = “D:\ankamp3\ICQLite\ICQLiteShell.dll” [empty string] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “D:\Programy\ALCOHO~1\axshlex.dll” [“Alcohol Soft Development Team”] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “0aMCPClient” = “{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}” -> {HKLM…CLSID} = “MCPShellInstantiator Class” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\Stardock\MCPCore.dll” [“Stardock”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> MCPClient\DLLName = “C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll” [“Stardock”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] ICQLiteMenu(Default) = “{73B24247-042E-4EF5-ADC2-42F62E6FD654}” -> {HKLM…CLSID} = “MCLiteShellExt Class” \InProcServer32(Default) = “D:\ankamp3\ICQLite\ICQLiteShell.dll” [empty string] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ICQLiteMenu(Default) = “{73B24247-042E-4EF5-ADC2-42F62E6FD654}” -> {HKLM…CLSID} = “MCLiteShellExt Class” \InProcServer32(Default) = “D:\ankamp3\ICQLite\ICQLiteShell.dll” [empty string] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoSMBalloonTip” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoLowDiskSpaceChecks” = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} “DisableStatusMessages” = (REG_DWORD) hex:0x00000001 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\shdw\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Scheduled Tasks: ------------------------ “AF25B3F3910E2AFF” -> launches: “c:\docume~1\shdw\daneap~1\greyjoy\FlapTestKnob.exe” [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 09, 11 - 19 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 25,5 [file not found], 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ “{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}” -> {HKLM…CLSID} = “Kwyshell MidpX” \InProcServer32(Default) = “D:\Programy\MidpX\JadInvoker\MidpInvoker.dll” [“Kwyshell G.Corp”] “{4D5C8C2A-D075-11D0-B416-00C04FB90376}” -> {HKLM…CLSID} = “Pasek poleceń Microsoft” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [MS] “{B7D3E479-CC68-42B5-A338-938ECE35F419}” -> {HKLM…CLSID} = “BearShare MediaBar” \InProcServer32(Default) = “C:\Program Files\BearShare MediaBar\MediaBar.dll” [file not found] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{4D5C8C2A-D075-11D0-B416-00C04FB90376}” -> {HKLM…CLSID} = “Pasek poleceń Microsoft” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [MS] “{37B85A29-692B-4205-9CAD-2626E4993404}” -> {HKLM…CLSID} = “My Global Search Bar” \InProcServer32(Default) = “C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL” [file not found] “{DE9C389F-3316-41A7-809B-AA305ED9D922}” -> {HKLM…CLSID} = “AOL Toolbar” \InProcServer32(Default) = “C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll” [“America Online, Inc.”] “{B7D3E479-CC68-42B5-A338-938ECE35F419}” -> {HKLM…CLSID} = “BearShare MediaBar” \InProcServer32(Default) = “C:\Program Files\BearShare MediaBar\MediaBar.dll” [file not found] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}” = “Kwyshell MidpX” -> {HKLM…CLSID} = “Kwyshell MidpX” \InProcServer32(Default) = “D:\Programy\MidpX\JadInvoker\MidpInvoker.dll” [“Kwyshell G.Corp”] “{DE9C389F-3316-41A7-809B-AA305ED9D922}” = “AOL Toolbar” -> {HKLM…CLSID} = “AOL Toolbar” \InProcServer32(Default) = “C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll” [“America Online, Inc.”] Extensions (Tools menu items, main toolbar menu buttons) HKCU\Software\Microsoft\Internet Explorer\Extensions\ {6FDD5236-C9F0-49EF-935D-385F5E21991A}\ “ButtonText” = “Poker.com ” “Exec” = “D:\Programy\KASYNA!\Poker.com \Poker.exe” [“Ingenic”] HKLM\Software\Microsoft\Internet Explorer\Extensions\ {3369AF0D-62E9-4BDA-8103-B4C75499B578}\ “ButtonText” = “AOL Toolbar” “CLSIDExtension” = “{DE9C389F-3316-41A7-809B-AA305ED9D922}” -> {HKLM…CLSID} = “AOL Toolbar” \InProcServer32(Default) = “C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll” [“America Online, Inc.”] {3B1BD330-82D0-4A56-AE53-C9EF12F6093D}\ “ButtonText” = “donkeymails.com ” “MenuText” = “donkeymails.com ” {49783ED4-258D-4F9F-BE11-137C18D3E543}\ “ButtonText” = “Titan Poker” “MenuText” = “Titan Poker” “Exec” = “D:\Programy\KASYNA!\Titan Poker\casino.exe” [null data] {8A8A3162-B5FA-4C54-A862-4E62CBE8A255}\ “ButtonText” = “Crazy Poker” “Exec” = “D:\Programy\Kasyna!\crazyvegasMPP\MPPoker.exe” [“Microgaming”] {94EDF7B4-4272-4AF3-8F8B-4E2F68E225B7}\ “ButtonText” = “PacificPoker” “Exec” = “D:\Programy\KASYNA!\PACIFI~1\pacificpoker.exe” [“Cassava Ent.”] {A68FC757-51CF-4F3C-B13A-BFB8CA69BB99}\ “ButtonText” = “CDPoker” “MenuText” = “CDPoker” “Exec” = “D:\Programy\KASYNA!\CDPoker\casino.exe” [null data] {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ “ButtonText” = “PartyPoker.com ” “MenuText” = “PartyPoker.com ” “Exec” = “D:\Programy\Kasyna!\PartyPoker\PartyPoker\RunApp.exe” [empty string] {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ “ButtonText” = “ICQ Lite” “MenuText” = “ICQ Lite” “Exec” = “D:\ankamp3\ICQLite\ICQLite.exe” [“ICQ Ltd.”] {D45D9D5F-B491-4C95-8B05-FA6B6C69CA82}\ “ButtonText” = “Dream Poker” “Exec” = “d:\programy\kasyna!\dreampokerMPP\MPPoker.exe” [“Microgaming”] {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ “ButtonText” = “FlashGet” “MenuText” = “&FlashGet” “Exec” = “D:\Programy\FlashGet\flashget.exe” [“Amaze Soft”] {E49E0804-28BE-49CE-9E5F-AA6059B6DC7B}\ “ButtonText” = “Fair Poker” “MenuText” = “Fair Poker” “Exec” = “C:\Program Files\Fair Poker\casino.exe” [file not found] {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ “ButtonText” = “Yahoo! Messenger” “MenuText” = “Yahoo! Messenger” “Exec” = “D:\Programy\Yahoo!\Messenger\YahooMessenger.exe” [“Yahoo! Inc.”] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <> “{EA756889-2338-43DB-8F07-D1CA6FB9C90D}” = “AOL Search” -> {HKLM…CLSID} = “AOLTBSearch Class” \InProcServer32(Default) = “C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll” [“America Online, Inc.”] HOSTS file ---------- C:\WINDOWS\System32\drivers\etc\HOSTS maps: 4 domain names to IP addresses, 3 of the IP addresses are *not* localhost! Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ATK Keyboard Service, ATKKeyboardService, “C:\WINDOWS\ATKKBService.exe” [“ASUSTeK COMPUTER INC.”] avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe”” [MS] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] StarWind iSCSI Service, StarWindService, “D:\Programy\Alcohol 120\StarWind\StarWindService.exe” [“Rocket Division Software”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ PrimoMon\Driver = “Primomonnt.dll” [null data] ---------- <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 233 seconds. ---------- (total run time: 284 seconds)
Bieniol
(Bbieniol)
29 Listopad 2006 16:05
#4
Otwórz notatnik i wklej w nim to:
Plik -> zapisz jako -> zmień rozszerzenie na wszystkie pliki -> zapisz pod nazwą FIX.REG
Odpal plik FIX.REG i potwierdź dodanie do rejestru i reset kompa
Po tym dla pewności wrzuć nowy log z Silenta
I wklej tego screena z okienka LSP-Fix
shdw
(Shdwzr)
29 Listopad 2006 17:07
#5
Zrobiłem według twojej porady.
Wykonałem również wszystkie porady w dziale “Optymalizacja i odchudzanie Windowsa XP”.
Oto wyniki:
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “ByteOMeter” = ““D:\Programy\ByteOMeter\ByteOMeter.exe”” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] “SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe”” [“Sun Microsystems, Inc.”] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “NvMediaCenter” = “RunDLL32.exe NvMCTray.dll,NvTaskbarInit” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {0055C089-8582-441B-A0BF-17B458C2A3A8}(Default) = (no title provided) - {HKLM…CLSID} = “IDMIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Internet Download Manager\IDMIECC.dll” [“Tonec Inc.”] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) - {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) - {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll” [“Sun Microsystems, Inc.”] {7C554162-8CB7-45A4-B8F4-8EA1C75885F9}(Default) = “AOL Toolbar Launcher” - {HKLM…CLSID} = “AOL Toolbar Launcher” \InProcServer32(Default) = “C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll” [“America Online, Inc.”] {A5366673-E8CA-11D3-9CD9-0090271D075B}(Default) = (no title provided) - {HKLM…CLSID} = “IeCatch2 Class” \InProcServer32(Default) = “D:\Programy\FlashGet\jccatch.dll” [“Amaze Soft”] {E5A1691B-D188-4419-AD02-90002030B8EE}(Default) = (no title provided) - {HKLM…CLSID} = “FlashFXP Helper for Internet Explorer” \InProcServer32(Default) = “D:\Programy\FlashFXP\IEFlash.dll” [“IniCom Networks, Inc.”] {EBE9E2B5-B526-48BC-AD46-687263EDCB0E}(Default) = “Kwyshell MidpX BHO” - {HKLM…CLSID} = “Kwyshell MidpX” \InProcServer32(Default) = “D:\Programy\MidpX\JadInvoker\MidpInvoker.dll” [“Kwyshell G.Corp”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” - {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” - {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” - {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{ED65AC21-B24F-11d3-BA80-00C0CA16AA37}” = “Siemens Device” - {HKLM…CLSID} = “Siemens Device” \InProcServer32(Default) = “D:\Programy\Mobile Phone Manager\DES\DESShellExt.dll” [“Siemens AG”] “{ED65AC22-B24F-11d3-BA80-00C0CA16AA37}” = “Siemens Device ContextMenuHandler” - {HKLM…CLSID} = “Siemens Device ContextMenuHandler” \InProcServer32(Default) = “D:\Programy\Mobile Phone Manager\DES\DESShellExt.dll” [“Siemens AG”] “{ED65AC23-B24F-11d3-BA80-00C0CA16AA37}” = “Siemens SX1 PropertySheetHandler” - {HKLM…CLSID} = “Siemens Device PropertySheetHandler” \InProcServer32(Default) = “D:\Programy\Mobile Phone Manager\DES\DESShellExt.dll” [“Siemens AG”] “{A4D78B20-6E05-1069-8758-4E73FD83DEAD}” = “QCopy” - {HKLM…CLSID} = “QCopy” \InProcServer32(Default) = “dropcpyr.dll” [null data] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” - {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{acb4a560-3606-11d3-aef4-00104bd0f92d}” = “KodakShellExtension” - {HKLM…CLSID} = “KodakShellExtension” \InProcServer32(Default) = “C:\Program Files\Common Files\Kodak\ifscore\KodakShX.dll” [“Eastman Kodak Company”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” - {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10 \OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” - {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” - {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” - {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” - {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{73B24247-042E-4EF5-ADC2-42F62E6FD654}” = “ICQ Lite Shell Extension” - {HKLM…CLSID} = “MCLiteShellExt Class” \InProcServer32(Default) = “D:\ankamp3\ICQLite\ICQLiteShell.dll” [empty string] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” - {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “D:\Programy\ALCOHO~1\axshlex.dll” [“Alcohol Soft Development Team”] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “0aMCPClient” = “{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}” - {HKLM…CLSID} = “MCPShellInstantiator Class” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\Stardock\MCPCore.dll” [“Stardock”] HKLM\System\CurrentControlSet\Control\Session Manager\ “BootExecute” = “PDBoot.exe” [“Raxco Software, Inc.”]|“autocheck autochk *”| [file not found]| [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ MCPClient\DLLName = “C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll” [“Stardock”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” - {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] ICQLiteMenu(Default) = “{73B24247-042E-4EF5-ADC2-42F62E6FD654}” - {HKLM…CLSID} = “MCLiteShellExt Class” \InProcServer32(Default) = “D:\ankamp3\ICQLite\ICQLiteShell.dll” [empty string] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ICQLiteMenu(Default) = “{73B24247-042E-4EF5-ADC2-42F62E6FD654}” - {HKLM…CLSID} = “MCLiteShellExt Class” \InProcServer32(Default) = “D:\ankamp3\ICQLite\ICQLiteShell.dll” [empty string] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” - {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoSMBalloonTip” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoLowDiskSpaceChecks” = (REG_DWORD) hex:0x00000001 {unrecognized setting} “NoSaveSettings” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Desktop| Don’t save settings at exit} “ClearRecentDocsOnExit” = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoRemoteRecursiveEvents” = (REG_DWORD) hex:0x00000001 {unrecognized setting} “ClearRecentDocsOnExit” = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} “DisableStatusMessages” = (REG_DWORD) hex:0x00000001 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\shdw\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Scheduled Tasks: ------------------------ “AF25B3F3910E2AFF” - launches: “c:\docume~1\shdw\daneap~1\greyjoy\FlapTestKnob.exe” [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5 \Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9 \Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 09, 11 - 19 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 25,5 [file not found], 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ “{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}” - {HKLM…CLSID} = “Kwyshell MidpX” \InProcServer32(Default) = “D:\Programy\MidpX\JadInvoker\MidpInvoker.dll” [“Kwyshell G.Corp”] “{4D5C8C2A-D075-11D0-B416-00C04FB90376}” - {HKLM…CLSID} = “Pasek poleceń Microsoft” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [MS] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{4D5C8C2A-D075-11D0-B416-00C04FB90376}” - {HKLM…CLSID} = “Pasek poleceń Microsoft” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [MS] “{DE9C389F-3316-41A7-809B-AA305ED9D922}” - {HKLM…CLSID} = “AOL Toolbar” \InProcServer32(Default) = “C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll” [“America Online, Inc.”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}” = “Kwyshell MidpX” - {HKLM…CLSID} = “Kwyshell MidpX” \InProcServer32(Default) = “D:\Programy\MidpX\JadInvoker\MidpInvoker.dll” [“Kwyshell G.Corp”] “{DE9C389F-3316-41A7-809B-AA305ED9D922}” = “AOL Toolbar” - {HKLM…CLSID} = “AOL Toolbar” \InProcServer32(Default) = “C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll” [“America Online, Inc.”] Extensions (Tools menu items, main toolbar menu buttons) HKCU\Software\Microsoft\Internet Explorer\Extensions\ {6FDD5236-C9F0-49EF-935D-385F5E21991A}\ “ButtonText” = “Poker.com ” “Exec” = “D:\Programy\KASYNA!\Poker.com \Poker.exe” [“Ingenic”] HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}” - {HKLM…CLSID} = “Java Plug-in 1.5.0_09” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll” [“Sun Microsystems, Inc.”] {3369AF0D-62E9-4BDA-8103-B4C75499B578}\ “ButtonText” = “AOL Toolbar” “CLSIDExtension” = “{DE9C389F-3316-41A7-809B-AA305ED9D922}” - {HKLM…CLSID} = “AOL Toolbar” \InProcServer32(Default) = “C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll” [“America Online, Inc.”] {3B1BD330-82D0-4A56-AE53-C9EF12F6093D}\ “ButtonText” = “donkeymails.com ” “MenuText” = “donkeymails.com ” {49783ED4-258D-4F9F-BE11-137C18D3E543}\ “ButtonText” = “Titan Poker” “MenuText” = “Titan Poker” “Exec” = “D:\Programy\KASYNA!\Titan Poker\casino.exe” [null data] {8A8A3162-B5FA-4C54-A862-4E62CBE8A255}\ “ButtonText” = “Crazy Poker” “Exec” = “D:\Programy\Kasyna!\crazyvegasMPP\MPPoker.exe” [“Microgaming”] {94EDF7B4-4272-4AF3-8F8B-4E2F68E225B7}\ “ButtonText” = “PacificPoker” “Exec” = “D:\Programy\KASYNA!\PACIFI~1\pacificpoker.exe” [“Cassava Ent.”] {A68FC757-51CF-4F3C-B13A-BFB8CA69BB99}\ “ButtonText” = “CDPoker” “MenuText” = “CDPoker” “Exec” = “D:\Programy\KASYNA!\CDPoker\casino.exe” [null data] {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ “ButtonText” = “PartyPoker.com ” “MenuText” = “PartyPoker.com ” “Exec” = “D:\Programy\Kasyna!\PartyPoker\PartyPoker\RunApp.exe” [empty string] {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ “ButtonText” = “ICQ Lite” “MenuText” = “ICQ Lite” “Exec” = “D:\ankamp3\ICQLite\ICQLite.exe” [“ICQ Ltd.”] {D45D9D5F-B491-4C95-8B05-FA6B6C69CA82}\ “ButtonText” = “Dream Poker” “Exec” = “d:\programy\kasyna!\dreampokerMPP\MPPoker.exe” [“Microgaming”] {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ “ButtonText” = “FlashGet” “MenuText” = “FlashGet” “Exec” = “D:\Programy\FlashGet\flashget.exe” [“Amaze Soft”] {E49E0804-28BE-49CE-9E5F-AA6059B6DC7B}\ “ButtonText” = “Fair Poker” “MenuText” = “Fair Poker” “Exec” = “d:\programy\kasyna!\atlantic lounge\casino.exe” [“RealTime Gaming, Inc.”] {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ “ButtonText” = “Yahoo! Messenger” “MenuText” = “Yahoo! Messenger” “Exec” = “D:\Programy\Yahoo!\Messenger\YahooMessenger.exe” [“Yahoo! Inc.”] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ “{EA756889-2338-43DB-8F07-D1CA6FB9C90D}” = “AOL Search” - {HKLM…CLSID} = “AOLTBSearch Class” \InProcServer32(Default) = “C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll” [“America Online, Inc.”] HOSTS file ---------- C:\WINDOWS\System32\drivers\etc\HOSTS maps: 4 domain names to IP addresses, 3 of the IP addresses are *not* localhost! Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ATK Keyboard Service, ATKKeyboardService, “C:\WINDOWS\ATKKBService.exe” [“ASUSTeK COMPUTER INC.”] avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4 \aswUpdSv.exe”” [null data] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe”” [MS] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] PDAgent, PDAgent, ““C:\Program Files\Raxco\PerfectDisk\PDAgent.exe”” [“Raxco Software, Inc.”] PDEngine, PDEngine, ““C:\Program Files\Raxco\PerfectDisk\PDEngine.exe”” [“Raxco Software, Inc.”] StarWind iSCSI Service, StarWindService, “D:\Programy\Alcohol 120 \StarWind\StarWindService.exe” [“Rocket Division Software”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ PrimoMon\Driver = “Primomonnt.dll” [null data] ---------- : Suspicious data at a malware launch point. : Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 188 seconds. ---------- (total run time: 253 seconds)
shdw
(Shdwzr)
30 Listopad 2006 13:06
#7
Po użyci WinsockFix nic sie nie stanie ^^? bo teraz juz mi działa internet i nie chce go znowu popsuć
adam9870
(adam9870)
30 Listopad 2006 13:14
#8
Użycie WinsockFix spowoduje zrestartowanie łańcucha WinSock .
Po jego użyciu nie powinno być żadnych problemów, a wręcz przeciwnie więc nie masz się czego obawiać…