Był wirus i prośba o sprawdzenie loga

staszek0207 · 5 Sierpień 2007 09:38

miałem wira i go wyrzuciłem ale proszę o sprawdzenie loga

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CursorXP” = “C:\Program Files\CursorXP\CursorXP.exe” [" "] “UberIcon” = ““C:\Program Files\UberIcon\UberIcon Manager.exe”” [null data] “ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “APVXDWIN” = ““C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE” /s” [“Panda Software International”] “GrooveMonitor” = ““C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”” [MS] “SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”” [“Sun Microsystems, Inc.”] “NvMediaCenter” = “RunDLL32.exe NvMCTray.dll,NvTaskbarInit” [MS] “ClocX” = “C:\Program Files\ClocX\ClocX.exe” [“BonSoft”] “Tweak UI” = “RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp” [MS] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “BigDog303” = “C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)” [“Vimicro”] “KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k” “THGuard” = ““C:\Program Files\TrojanHunter 4.7\THGuard.exe”” [“Mischel Internet Security”] HKLM\Software\Microsoft\Active Setup\Installed Components\ >{26923b43-4d38-484f-9b9e-de460746276c}(Default) = “Internet Explorer” \StubPath = “C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {00A6FAF1-072E-44cf-8957-5838F569A31D}(Default) = “MyWebSearch Search Assistant BHO” -> {HKLM…CLSID} = “MyWebSearch Search Assistant BHO” \InProcServer32(Default) = “C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL” [“MyWebSearch.com”] {02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided) -> {HKLM…CLSID} = “Yahoo! Toolbar Helper” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}(Default) = (no title provided) -> {HKLM…CLSID} = “Groove GFS Browser Helper” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{65756541-C65C-11CD-0000-4B656E696100}” = “Panda Antivirus” -> {HKLM…CLSID} = “Panda Antivirus” \InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\ShellTit.DLL” [“Panda Software International”] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll” [“Alcohol Soft Development Team”] “{72853161-30C5-4D22-B7F9-0BBC1D38A37E}” = “Groove GFS Browser Helper” -> {HKLM…CLSID} = “Groove GFS Browser Helper” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}” = “Groove GFS Explorer Bar” -> {HKLM…CLSID} = “Groove Folder Synchronization” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{A449600E-1DC6-4232-B948-9BD794D62056}” = “Groove GFS Stub Icon Handler” -> {HKLM…CLSID} = “Groove GFS Stub Icon Handler” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{B5A7F190-DDA6-4420-B3BA-52453494E6CD}” = “Groove GFS Stub Execution Hook” -> {HKLM…CLSID} = “Groove GFS Stub Execution Hook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{6C467336-8281-4E60-8204-430CED96822D}” = “Groove GFS Context Menu Handler” -> {HKLM…CLSID} = “Groove GFS Context Menu Handler” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{387E725D-DC16-4D76-B310-2C93ED4752A0}” = “Groove XML Icon Handler” -> {HKLM…CLSID} = “Groove XML Icon Handler” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{16F3DD56-1AF5-4347-846D-7C10C4192619}” = “Groove Explorer Icon Overlay 3 (GFS Folder)” -> {HKLM…CLSID} = “Groove Explorer Icon Overlay 3 (GFS Folder)” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}” = “Groove Explorer Icon Overlay 2 (GFS Stub)” -> {HKLM…CLSID} = “Groove Explorer Icon Overlay 2 (GFS Stub)” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}” = “Groove Explorer Icon Overlay 4 (GFS Unread Mark)” -> {HKLM…CLSID} = “Groove Explorer Icon Overlay 4 (GFS Unread Mark)” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{99FD978C-D287-4F50-827F-B2C658EDA8E7}” = “Groove Explorer Icon Overlay 1 (GFS Unread Stub)” -> {HKLM…CLSID} = “Groove Explorer Icon Overlay 1 (GFS Unread Stub)” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{920E6DB1-9907-4370-B3A0-BAFC03D81399}” = “Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)” -> {HKLM…CLSID} = “Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Outlook File Icon Extension” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL” [MS] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL” [MS] “{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}” = “Microsoft Office OneNote Namespace Extension for Windows Desktop Search” -> {HKLM…CLSID} = “Microsoft Office OneNote Namespace Extension for Windows Desktop Search” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office12\msohevi.dll” [MS] “{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}” = “Microsoft Office Metadata Handler” -> {HKLM…CLSID} = “Microsoft Office Metadata Handler” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS] “{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}” = “Microsoft Office Thumbnail Handler” -> {HKLM…CLSID} = “Microsoft Office Thumbnail Handler” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS] “{EBDF1F20-C829-11D1-8233-0020AF3E97A6}” = “ATS Context Menu Shell Extension” -> {HKLM…CLSID} = “ATS Context Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\ATS2\contmenu.dll” [null data] “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” = “TuneUp Shredder Shell Extension” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “C:\Program Files\TuneUp Utilities 2006\SDShelEx-win32.dll” [“TuneUp Software GmbH”] “{44440D00-FF19-4AFC-B765-9A0970567D97}” = “TuneUp Theme Extension” -> {HKLM…CLSID} = “TuneUp Theme Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\uxtuneup.dll” [“TuneUp Software GmbH”] “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” = “UnlockerShellExtension” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “C:\Program Files\Unlocker\UnlockerCOM.dll” [null data] “{B327765E-D724-4347-8B16-78AE18552FC3}” = “NeroDigitalIconHandler” -> {HKLM…CLSID} = “NeroDigitalIconHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll” [“Nero AG”] “{7F1CF152-04F8-453A-B34C-E609530A9DC8}” = “NeroDigitalPropSheetHandler” -> {HKLM…CLSID} = “NeroDigitalPropSheetHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll” [“Nero AG”] “{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}” = “TrojanHunter Menu Shell Extension” -> {HKLM…CLSID} = “TrojanHunter Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\TROJAN~1.7\contmenu.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{B5A7F190-DDA6-4420-B3BA-52453494E6CD}” = “Groove GFS Stub Execution Hook” -> {HKLM…CLSID} = “Groove GFS Stub Execution Hook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] <> “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” -> {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKLM\System\CurrentControlSet\Control\Session Manager\ <> “BootExecute” = “autocheck autochk *”| [file not found]| [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> avldr\DLLName = “avldr.dll” [“Panda Software”] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807563E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = “Microsoft Office InfoPath XML Mime Filter” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = “NeroDigitalExt.NeroDigitalColumnHandler” -> {HKLM…CLSID} = “NeroDigitalColumnHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll” [“Nero AG”] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] ContMenu(Default) = “{EBDF1F20-C829-11D1-8233-0020AF3E97A6}” -> {HKLM…CLSID} = “ATS Context Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\ATS2\contmenu.dll” [null data] Panda Antivirus(Default) = “{65756541-C65C-11CD-0000-4B656E696100}” -> {HKLM…CLSID} = “Panda Antivirus” \InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\ShellTit.DLL” [“Panda Software International”] TrojanHunter(Default) = “{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}” -> {HKLM…CLSID} = “TrojanHunter Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\TROJAN~1.7\contmenu.dll” [null data] TuneUp Shredder Shell Extension(Default) = “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “C:\Program Files\TuneUp Utilities 2006\SDShelEx-win32.dll” [“TuneUp Software GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}” -> {HKLM…CLSID} = “Groove GFS Context Menu Handler” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] ContMenu(Default) = “{EBDF1F20-C829-11D1-8233-0020AF3E97A6}” -> {HKLM…CLSID} = “ATS Context Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\ATS2\contmenu.dll” [null data] TrojanHunter(Default) = “{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}” -> {HKLM…CLSID} = “TrojanHunter Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\TROJAN~1.7\contmenu.dll” [null data] TuneUp Shredder Shell Extension(Default) = “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “C:\Program Files\TuneUp Utilities 2006\SDShelEx-win32.dll” [“TuneUp Software GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}” -> {HKLM…CLSID} = “Groove GFS Context Menu Handler” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ ContMenu(Default) = “{EBDF1F20-C829-11D1-8233-0020AF3E97A6}” -> {HKLM…CLSID} = “ATS Context Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\ATS2\contmenu.dll” [null data] Panda Antivirus(Default) = “{65756541-C65C-11CD-0000-4B656E696100}” -> {HKLM…CLSID} = “Panda Antivirus” \InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\ShellTit.DLL” [“Panda Software International”] TrojanHunter(Default) = “{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}” -> {HKLM…CLSID} = “TrojanHunter Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\TROJAN~1.7\contmenu.dll” [null data] UnlockerShellExtension(Default) = “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “C:\Program Files\Unlocker\UnlockerCOM.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}” -> {HKLM…CLSID} = “Groove GFS Context Menu Handler” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ UnlockerShellExtension(Default) = “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “C:\Program Files\Unlocker\UnlockerCOM.dll” [null data] XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}” -> {HKLM…CLSID} = “Groove GFS Context Menu Handler” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] Default executables: -------------------- HKCU\Software\Classes\batfile\ HKCU\Software\Classes\cmdfile\ Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “DisableRegistryTools” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “Administrator” & “All Users” startup folders: --------------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Gamma Loader” -> shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”] “DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe” [null data] “HP Digital Imaging Monitor” -> shortcut to: “C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe” [“Hewlett-Packard Development Company, L.P.”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: c:\program files\panda software\panda antivirus + firewall 2007\pavlsp.dll [“Panda Software International”], 01 - 03, 21 %SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 09 - 20 %SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{EF99BD32-C1FB-11D2-892F-0090271D4F88}” -> {HKLM…CLSID} = “Yahoo! Toolbar” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = (no title provided) -> {HKLM…CLSID} = “Yahoo! Toolbar” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}(Default) = “Groove Folder Synchronization” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Poszukaj” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.6.0_01” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.6.0_01” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll” [“Sun Microsystems, Inc.”] {2670000A-7350-4F3C-8081-5663EE0C6C49}\ “ButtonText” = “Wyślij do programu OneNote” “MenuText” = “Wyślij &do programu OneNote” “CLSIDExtension” = “{48E73304-E1D6-4330-914C-F5F514E3486C}” -> {HKLM…CLSID} = “Send to OneNote from Internet Explorer button” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll” [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Research” {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <> “{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = “*g” (unwritable string) -> {HKLM…CLSID} = “Yahoo! Toolbar” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] <> “{00A6FAF6-072E-44cf-8957-5838F569A31D}” = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL” [“MyWebSearch.com”] HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ <> “TuneUp” = “file://C|/Documents and Settings/All Users/Dane aplikacji/TuneUp Software/Common/base.css” [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] Panda anti-virus service, PAVSRV, ““C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe”” [“Panda Software International”] Panda Function Service, PAVFNSVR, ““C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe”” [“Panda Software International”] Panda IManager Service, PSIMSVC, ““C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe”” [“Panda Software”] Panda Network Manager, PNMSRV, ““c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE”” [“Panda Software International”] Panda Process Protection Service, PavPrSrv, ““C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe”” [“Panda Software”] Panda TPSrv, TPSrv, ““C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe”” [“Panda Software”] Pml Driver HPZ12, Pml Driver HPZ12, “C:\WINDOWS\system32\HPZipm12.exe” [“HP”] TuneUp Design Expansion, UxTuneUp, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\uxtuneup.dll” [“TuneUp Software GmbH”]} Usługa dostarczania sieci, xmlprov, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\xmlprov.dll” [MS]} Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ LIDIL hpzll4pi\Driver = “hpzll4pi.dll” [“Hewlett-Packard Company”] Send To Microsoft OneNote Monitor\Driver = “msonpmon.dll” [MS] ---------- <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 93 seconds, including 18 seconds for message boxes)

Logfile of HijackThis v1.99.1 Scan saved at 09:43:10, on 2007-08-05 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\tlntsvr.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\ClocX\ClocX.exe C:\WINDOWS\VM303_STI.EXE C:\Program Files\TrojanHunter 4.7\THGuard.exe C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\UberIcon\UberIcon Manager.exe C:\WINDOWS\system32\ctfmon.exe c:\program files\panda software\panda antivirus + firewall 2007\WebProxy.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Screamer Radio\screamer.exe C:\Program Files\eMule\emule.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Documents and Settings\Administrator\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [APVXDWIN] “C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE” /s O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” O4 - HKLM…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM…\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe O4 - HKLM…\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [THGuard] “C:\Program Files\TrojanHunter 4.7\THGuard.exe” O4 - HKCU…\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O4 - HKCU…\Run: [uberIcon] “C:\Program Files\UberIcon\UberIcon Manager.exe” O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 7005101343 O17 - HKLM\System\CCS\Services\Tcpip…{0D0B098B-C5F8-43BC-8D1D-FAB5E4DBBA8E}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip…{0D0B098B-C5F8-43BC-8D1D-FAB5E4DBBA8E}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe

jessica · 5 Sierpień 2007 09:50

Użyj ComboFixa (usunie samoczynnie) :

http://forum.dobreprogramy.pl/viewtopic.php?t=36654

(na samym dole tej strony z linku) -

Log wklej na http://wklej.org/, a w poście daj tylko link.

Te w/w wpisy sfiksuj w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked.

.

staszek0207 · 5 Sierpień 2007 10:28

Logfile of HijackThis v1.99.1 Scan saved at 12:21:10, on 2007-08-05 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\tlntsvr.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\ClocX\ClocX.exe C:\WINDOWS\VM303_STI.EXE C:\Program Files\TrojanHunter 4.7\THGuard.exe C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\UberIcon\UberIcon Manager.exe C:\WINDOWS\system32\ctfmon.exe c:\program files\panda software\panda antivirus + firewall 2007\WebProxy.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrator\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [APVXDWIN] “C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE” /s O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” O4 - HKLM…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM…\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe O4 - HKLM…\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM…\Run: [THGuard] “C:\Program Files\TrojanHunter 4.7\THGuard.exe” O4 - HKCU…\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O4 - HKCU…\Run: [uberIcon] “C:\Program Files\UberIcon\UberIcon Manager.exe” O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 7005101343 O17 - HKLM\System\CCS\Services\Tcpip…{0D0B098B-C5F8-43BC-8D1D-FAB5E4DBBA8E}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip…{0D0B098B-C5F8-43BC-8D1D-FAB5E4DBBA8E}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe

Złączono Posta : 05.08.2007 (Nie) 12:28

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CursorXP” = “C:\Program Files\CursorXP\CursorXP.exe” [" "] “UberIcon” = ““C:\Program Files\UberIcon\UberIcon Manager.exe”” [null data] “ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “APVXDWIN” = ““C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE” /s” [“Panda Software International”] “GrooveMonitor” = ““C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”” [MS] “SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”” [“Sun Microsystems, Inc.”] “NvMediaCenter” = “RunDLL32.exe NvMCTray.dll,NvTaskbarInit” [MS] “ClocX” = “C:\Program Files\ClocX\ClocX.exe” [“BonSoft”] “Tweak UI” = “RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp” [MS] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “BigDog303” = “C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)” [“Vimicro”] “THGuard” = ““C:\Program Files\TrojanHunter 4.7\THGuard.exe”” [“Mischel Internet Security”] HKLM\Software\Microsoft\Active Setup\Installed Components\ >{26923b43-4d38-484f-9b9e-de460746276c}(Default) = “Internet Explorer” \StubPath = “C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided) -> {HKLM…CLSID} = “Yahoo! Toolbar Helper” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}(Default) = (no title provided) -> {HKLM…CLSID} = “Groove GFS Browser Helper” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{65756541-C65C-11CD-0000-4B656E696100}” = “Panda Antivirus” -> {HKLM…CLSID} = “Panda Antivirus” \InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\ShellTit.DLL” [“Panda Software International”] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll” [“Alcohol Soft Development Team”] “{72853161-30C5-4D22-B7F9-0BBC1D38A37E}” = “Groove GFS Browser Helper” -> {HKLM…CLSID} = “Groove GFS Browser Helper” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}” = “Groove GFS Explorer Bar” -> {HKLM…CLSID} = “Groove Folder Synchronization” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{A449600E-1DC6-4232-B948-9BD794D62056}” = “Groove GFS Stub Icon Handler” -> {HKLM…CLSID} = “Groove GFS Stub Icon Handler” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{B5A7F190-DDA6-4420-B3BA-52453494E6CD}” = “Groove GFS Stub Execution Hook” -> {HKLM…CLSID} = “Groove GFS Stub Execution Hook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{6C467336-8281-4E60-8204-430CED96822D}” = “Groove GFS Context Menu Handler” -> {HKLM…CLSID} = “Groove GFS Context Menu Handler” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{387E725D-DC16-4D76-B310-2C93ED4752A0}” = “Groove XML Icon Handler” -> {HKLM…CLSID} = “Groove XML Icon Handler” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{16F3DD56-1AF5-4347-846D-7C10C4192619}” = “Groove Explorer Icon Overlay 3 (GFS Folder)” -> {HKLM…CLSID} = “Groove Explorer Icon Overlay 3 (GFS Folder)” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}” = “Groove Explorer Icon Overlay 2 (GFS Stub)” -> {HKLM…CLSID} = “Groove Explorer Icon Overlay 2 (GFS Stub)” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}” = “Groove Explorer Icon Overlay 4 (GFS Unread Mark)” -> {HKLM…CLSID} = “Groove Explorer Icon Overlay 4 (GFS Unread Mark)” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{99FD978C-D287-4F50-827F-B2C658EDA8E7}” = “Groove Explorer Icon Overlay 1 (GFS Unread Stub)” -> {HKLM…CLSID} = “Groove Explorer Icon Overlay 1 (GFS Unread Stub)” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{920E6DB1-9907-4370-B3A0-BAFC03D81399}” = “Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)” -> {HKLM…CLSID} = “Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Outlook File Icon Extension” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL” [MS] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL” [MS] “{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}” = “Microsoft Office OneNote Namespace Extension for Windows Desktop Search” -> {HKLM…CLSID} = “Microsoft Office OneNote Namespace Extension for Windows Desktop Search” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office12\msohevi.dll” [MS] “{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}” = “Microsoft Office Metadata Handler” -> {HKLM…CLSID} = “Microsoft Office Metadata Handler” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS] “{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}” = “Microsoft Office Thumbnail Handler” -> {HKLM…CLSID} = “Microsoft Office Thumbnail Handler” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS] “{EBDF1F20-C829-11D1-8233-0020AF3E97A6}” = “ATS Context Menu Shell Extension” -> {HKLM…CLSID} = “ATS Context Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\ATS2\contmenu.dll” [null data] “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” = “TuneUp Shredder Shell Extension” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “C:\Program Files\TuneUp Utilities 2006\SDShelEx-win32.dll” [“TuneUp Software GmbH”] “{44440D00-FF19-4AFC-B765-9A0970567D97}” = “TuneUp Theme Extension” -> {HKLM…CLSID} = “TuneUp Theme Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\uxtuneup.dll” [“TuneUp Software GmbH”] “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” = “UnlockerShellExtension” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “C:\Program Files\Unlocker\UnlockerCOM.dll” [null data] “{B327765E-D724-4347-8B16-78AE18552FC3}” = “NeroDigitalIconHandler” -> {HKLM…CLSID} = “NeroDigitalIconHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll” [“Nero AG”] “{7F1CF152-04F8-453A-B34C-E609530A9DC8}” = “NeroDigitalPropSheetHandler” -> {HKLM…CLSID} = “NeroDigitalPropSheetHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll” [“Nero AG”] “{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}” = “TrojanHunter Menu Shell Extension” -> {HKLM…CLSID} = “TrojanHunter Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\TROJAN~1.7\contmenu.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{B5A7F190-DDA6-4420-B3BA-52453494E6CD}” = “Groove GFS Stub Execution Hook” -> {HKLM…CLSID} = “Groove GFS Stub Execution Hook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] <> “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“GRISOFT s.r.o.”] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” -> {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKLM\System\CurrentControlSet\Control\Session Manager\ <> “BootExecute” = “autocheck autochk *”| [file not found]| [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> avldr\DLLName = “avldr.dll” [“Panda Software”] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807563E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = “Microsoft Office InfoPath XML Mime Filter” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = “NeroDigitalExt.NeroDigitalColumnHandler” -> {HKLM…CLSID} = “NeroDigitalColumnHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll” [“Nero AG”] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“GRISOFT s.r.o.”] ContMenu(Default) = “{EBDF1F20-C829-11D1-8233-0020AF3E97A6}” -> {HKLM…CLSID} = “ATS Context Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\ATS2\contmenu.dll” [null data] Panda Antivirus(Default) = “{65756541-C65C-11CD-0000-4B656E696100}” -> {HKLM…CLSID} = “Panda Antivirus” \InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\ShellTit.DLL” [“Panda Software International”] TrojanHunter(Default) = “{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}” -> {HKLM…CLSID} = “TrojanHunter Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\TROJAN~1.7\contmenu.dll” [null data] TuneUp Shredder Shell Extension(Default) = “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “C:\Program Files\TuneUp Utilities 2006\SDShelEx-win32.dll” [“TuneUp Software GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}” -> {HKLM…CLSID} = “Groove GFS Context Menu Handler” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“GRISOFT s.r.o.”] ContMenu(Default) = “{EBDF1F20-C829-11D1-8233-0020AF3E97A6}” -> {HKLM…CLSID} = “ATS Context Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\ATS2\contmenu.dll” [null data] TrojanHunter(Default) = “{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}” -> {HKLM…CLSID} = “TrojanHunter Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\TROJAN~1.7\contmenu.dll” [null data] TuneUp Shredder Shell Extension(Default) = “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “C:\Program Files\TuneUp Utilities 2006\SDShelEx-win32.dll” [“TuneUp Software GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}” -> {HKLM…CLSID} = “Groove GFS Context Menu Handler” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ ContMenu(Default) = “{EBDF1F20-C829-11D1-8233-0020AF3E97A6}” -> {HKLM…CLSID} = “ATS Context Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\ATS2\contmenu.dll” [null data] Panda Antivirus(Default) = “{65756541-C65C-11CD-0000-4B656E696100}” -> {HKLM…CLSID} = “Panda Antivirus” \InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\ShellTit.DLL” [“Panda Software International”] TrojanHunter(Default) = “{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}” -> {HKLM…CLSID} = “TrojanHunter Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\TROJAN~1.7\contmenu.dll” [null data] UnlockerShellExtension(Default) = “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “C:\Program Files\Unlocker\UnlockerCOM.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}” -> {HKLM…CLSID} = “Groove GFS Context Menu Handler” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ UnlockerShellExtension(Default) = “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “C:\Program Files\Unlocker\UnlockerCOM.dll” [null data] XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}” -> {HKLM…CLSID} = “Groove GFS Context Menu Handler” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] Default executables: -------------------- HKCU\Software\Classes\batfile\ HKCU\Software\Classes\cmdfile\ Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “Administrator” & “All Users” startup folders: --------------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Gamma Loader” -> shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”] “DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe” [null data] “HP Digital Imaging Monitor” -> shortcut to: “C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe” [“Hewlett-Packard Development Company, L.P.”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: c:\program files\panda software\panda antivirus + firewall 2007\pavlsp.dll [“Panda Software International”], 01 - 03, 21 %SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 09 - 20 %SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{EF99BD32-C1FB-11D2-892F-0090271D4F88}” -> {HKLM…CLSID} = “Yahoo! Toolbar” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = (no title provided) -> {HKLM…CLSID} = “Yahoo! Toolbar” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}(Default) = “Groove Folder Synchronization” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Poszukaj” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.6.0_01” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.6.0_01” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll” [“Sun Microsystems, Inc.”] {2670000A-7350-4F3C-8081-5663EE0C6C49}\ “ButtonText” = “Wyślij do programu OneNote” “MenuText” = “Wyślij &do programu OneNote” “CLSIDExtension” = “{48E73304-E1D6-4330-914C-F5F514E3486C}” -> {HKLM…CLSID} = “Send to OneNote from Internet Explorer button” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll” [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Research” {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <> “{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = “*g” (unwritable string) -> {HKLM…CLSID} = “Yahoo! Toolbar” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ <> “TuneUp” = “file://C|/Documents and Settings/All Users/Dane aplikacji/TuneUp Software/Common/base.css” [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] Panda anti-virus service, PAVSRV, ““C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe”” [“Panda Software International”] Panda Function Service, PAVFNSVR, ““C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe”” [“Panda Software International”] Panda IManager Service, PSIMSVC, ““C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe”” [“Panda Software”] Panda Network Manager, PNMSRV, ““c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE”” [“Panda Software International”] Panda Process Protection Service, PavPrSrv, ““C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe”” [“Panda Software”] Panda TPSrv, TPSrv, ““C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe”” [“Panda Software”] Pml Driver HPZ12, Pml Driver HPZ12, “C:\WINDOWS\system32\HPZipm12.exe” [“HP”] TuneUp Design Expansion, UxTuneUp, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\uxtuneup.dll” [“TuneUp Software GmbH”]} Usługa dostarczania sieci, xmlprov, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\xmlprov.dll” [MS]} Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ LIDIL hpzll4pi\Driver = “hpzll4pi.dll” [“Hewlett-Packard Company”] Send To Microsoft OneNote Monitor\Driver = “msonpmon.dll” [MS] ---------- <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 35 seconds. ---------- (total run time: 104 seconds)

Złączono Posta : 05.08.2007 (Nie) 12:29

ComboFix 07-08-04.3 - “Administrator” 2007-08-05 12:06:41.1 [GMT 2:00] - NTFS Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.Prawda * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\FunWebProducts C:\Program Files\MyWebSearch C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL ((((((((((((((((((((((((( Files Created from 2007-07-05 to 2007-08-05 ))))))))))))))))))))))))))))))) 2007-08-05 11:13 2007-08-01 20:27 2007-08-01 20:06 2007-07-30 14:06 64,000 --a------ C:\WINDOWS\system32\drivers\e4ldr.sys 2007-07-30 14:06 50,007 --a------ C:\WINDOWS\system32\drivers\adildr.sys 2007-07-30 14:06 46,892 --a------ C:\WINDOWS\system32\ADADIX16.DLL 2007-07-30 14:06 4,981 --a------ C:\WINDOWS\system32\ADADIX2K.DLL 2007-07-30 14:06 24,576 --a------ C:\WINDOWS\enddisk32.exe 2007-07-30 14:06 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin 2007-07-30 14:06 176,128 --a------ C:\WINDOWS\autoclk.exe 2007-07-30 14:06 155,648 --a------ C:\WINDOWS\system32\adadix32.dll 2007-07-30 14:06 152,220 --a------ C:\WINDOWS\system32\drivers\L1E4I2.BIN 2007-07-30 14:06 152,220 --a------ C:\WINDOWS\system32\drivers\L1E4I1.BIN 2007-07-30 14:06 152,220 --a------ C:\WINDOWS\system32\drivers\L1E4I0.BIN 2007-07-30 14:06 152,132 --a------ C:\WINDOWS\system32\drivers\L1E4P2.BIN 2007-07-30 14:06 152,132 --a------ C:\WINDOWS\system32\drivers\L1E4P1.BIN 2007-07-30 14:06 152,132 --a------ C:\WINDOWS\system32\drivers\L1E4P0.BIN 2007-07-30 14:06 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P2.BIN 2007-07-30 14:06 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P1.BIN 2007-07-30 14:06 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P0.BIN 2007-07-30 14:06 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I2.BIN 2007-07-30 14:06 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I1.BIN 2007-07-30 14:06 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I0.BIN 2007-07-30 14:06 152,036 --a------ C:\WINDOWS\system32\drivers\L1E4D2.BIN 2007-07-30 14:06 152,034 --a------ C:\WINDOWS\system32\drivers\L1E4D1.BIN 2007-07-30 14:06 152,034 --a------ C:\WINDOWS\system32\drivers\L1E4D0.BIN 2007-07-30 14:06 143,360 --a------ C:\WINDOWS\adiras.exe 2007-07-30 14:06 135,168 --a------ C:\WINDOWS\system32\unaddrv.exe 2007-07-30 14:06 127,456 --a------ C:\WINDOWS\system32\IPDETECT.EXE 2007-07-30 14:06 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll 2007-07-30 14:06 126,489 --a------ C:\WINDOWS\system32\drivers\adiusbaw.sys 2007-07-30 14:06 116,992 --a------ C:\WINDOWS\system32\drivers\e4usbaw.sys 2007-07-30 14:06 2007-07-29 20:05 2007-07-29 19:56 2007-07-22 02:21 2007-07-21 09:49 2007-07-21 01:30 2007-07-21 01:30 2007-07-21 01:30 2007-07-11 18:53 2007-07-11 14:21 2007-07-11 13:44 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe 2007-07-08 11:39 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2007-07-08 11:39 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2007-07-08 11:39 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-05 12:04 --------- d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\Skype 2007-08-05 11:42 --------- d-------- C:\Program Files\CCleaner 2007-08-05 11:08 279236 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT 2007-08-05 10:51 --------- d-------- C:\Program Files\eMule 2007-08-05 10:49 1132 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG 2007-08-05 09:37 --------- d-------- C:\Program Files\Gadu-Gadu 2007-08-05 09:36 --------- d-------- C:\Program Files\Winamp 2007-08-04 18:27 --------- d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\uTorrent 2007-08-04 18:15 --------- d-------- C:\Program Files\uTorrent 2007-08-04 17:31 --------- d-------- C:\Program Files\UberIcon 2007-08-04 17:31 --------- d-------- C:\Program Files\TuneUp Utilities 2006 2007-08-04 17:31 --------- d-------- C:\Program Files\CursorXP 2007-08-04 17:31 --------- d-------- C:\Program Files\ClocX 2007-08-04 17:31 --------- d-------- C:\Program Files\ATS2 2007-08-03 18:25 --------- d-------- C:\Program Files\WinZix 2007-08-01 22:30 --------- d-------- C:\Program Files\SubEdit-Player 2007-08-01 19:37 --------- d-------- C:\Program Files\Anti-Trojan-55 2007-08-01 00:05 --------- d-------- C:\Program Files\FrostWire 2007-07-31 18:04 126289 --a------ C:\WINDOWS\HPHins12.dat 2007-07-30 14:06 33 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg 2007-07-30 14:06 --------- d–h----- C:\Program Files\InstallShield Installation Information 2007-07-29 20:05 --------- d-------- C:\Program Files\Skype 2007-07-29 18:08 3473 --a------ C:\WINDOWS\unins000.dat 2007-07-19 16:54 --------- d-------- C:\Program Files\Movie Maker 2007-07-18 22:27 4489 --a------ C:\WINDOWS\mozver.dat 2007-07-11 17:08 2321408 --a------ C:\WINDOWS\system32\TUKernel.exe 2007-07-11 13:50 --------- d-------- C:\Program Files\QuickTime 2007-07-11 12:39 50968 --a------ C:\WINDOWS\system32\perfc015.dat 2007-07-11 12:39 359178 --a------ C:\WINDOWS\system32\perfh015.dat 2007-07-11 12:34 --------- d-------- C:\Program Files\Common Files\Real 2007-07-11 12:33 --------- d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\Real 2007-07-11 12:27 --------- d-------- C:\Program Files\Live_TV 2007-07-10 00:39 --------- d-------- C:\Program Files\Pasek TVN24 2007-07-09 10:38 --------- d-------- C:\Program Files\AdwareAlert 2007-07-09 10:38 --------- d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\HideTheCake 2007-07-06 13:33 --------- d-------- C:\Program Files\The FilmMachine 2007-06-15 00:02 --------- d-------- C:\Program Files\HideTheCake 2007-06-12 20:53 --------- d-------- C:\Program Files\ArkMicro 2007-06-08 23:49 --------- d-------- C:\Program Files\ACE Mega CoDecS Pack 2007-06-08 23:45 --------- d-------- C:\Program Files\Codec 2007-06-08 23:25 --------- d-------- C:\Program Files\Common Files\Ahead 2007-06-08 11:54 --------- d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\Apple Computer 2007-06-07 23:10 --------- d-------- C:\Program Files\Recuva 2007-06-06 19:24 --------- d-------- C:\Program Files\IVT Corporation 2007-05-16 17:18 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-04-21 09:30 476 --a------ C:\Program Files\INSTALL.LOG 2007-03-19 20:13 6422611 --a------ C:\Program Files\frostwire-4.13.1.6.windows.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SoundMan”=“SOUNDMAN.EXE” [2004-12-22 11:09 C:\WINDOWS\SOUNDMAN.EXE] “APVXDWIN”=“C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.exe” [2006-09-13 08:59] “GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 00:47] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [2007-03-14 03:43] “NvMediaCenter”=“NvMCTray.dll” [2006-06-01 11:22 C:\WINDOWS\system32\nvmctray.dll] “ClocX”=“C:\Program Files\ClocX\ClocX.exe” [2005-01-26 11:04] “Tweak UI”=“TWEAKUI.CPL” [2003-03-25 05:49 C:\WINDOWS\system32\tweakui.cpl] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-06-01 11:22] “BigDog303”=“C:\WINDOWS\VM303_STI.exe” [2005-06-23 05:13] “THGuard”=“C:\Program Files\TrojanHunter 4.7\THGuard.exe” [2007-06-23 00:19] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CursorXP”=“C:\Program Files\CursorXP\CursorXP.exe” [2005-01-19 17:34] “UberIcon”=“C:\Program Files\UberIcon\UberIcon Manager.exe” [2006-07-17 23:16] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-28 13:17:05] DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-07-30 14:06:46] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] avldr.dll 2005-09-27 12:13 45056 C:\WINDOWS\system32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] “NvCplDaemon”=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup “BigDog303”=C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) “NeroFilterCheck”=C:\WINDOWS\system32\NeroCheck.exe “adwarealert”=C:\Program Files\AdwareAlert\AdwareAlert.exe -boot R0 BTHidMgr;Bluetooth HID Manager Service;C:\WINDOWS\system32\Drivers\BTHidMgr.sys R0 netflt;Panda Net Driver [NDIS Layer];C:\WINDOWS\system32\Drivers\NETFLT.SYS R0 sojubus;sojubus;C:\WINDOWS\system32\DRIVERS\sojubus.sys R0 sojuscsi;sojuscsi;C:\WINDOWS\system32\DRIVERS\sojuscsi.sys R1 AmdK8;Sterownik procesora AMD;C:\WINDOWS\system32\DRIVERS\AmdK8.sys R1 APPFLT;App Filter Plugin;??\C:\WINDOWS\system32\Drivers\APPFLT.SYS R1 DSAFLT;DSA Filter Plugin;??\C:\WINDOWS\system32\Drivers\DSAFLT.SYS R1 FNETMON;NetMon Filter Plugin;??\C:\WINDOWS\system32\Drivers\fnetmon.SYS R1 IDSFLT;Ids Filter Plugin;??\C:\WINDOWS\system32\Drivers\IDSFLT.SYS R1 NETFLTDI;Panda Net Driver [TDI Layer];??\C:\WINDOWS\system32\Drivers\NETFLTDI.SYS R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\drivers\ShldDrv.sys R1 SMSFLT;SMS Filter Plugin;??\C:\WINDOWS\system32\Drivers\SMSFLT.SYS R1 WNMFLT;Wifi Monitor Filter Plugin;??\C:\WINDOWS\system32\Drivers\WNMFLT.SYS R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys R2 PAVDRV;pavdrv;C:\WINDOWS\system32\DRIVERS\pavdrv51.sys R2 PavProc;Panda Process Protection Driver;??\C:\WINDOWS\system32\DRIVERS\PavProc.sys R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe -k netsvcs R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys R3 BlueletAudio;Bluetooth Audio Service;C:\WINDOWS\system32\DRIVERS\blueletaudio.sys R3 BTHidEnum;Bluetooth HID Enumerator;C:\WINDOWS\system32\DRIVERS\vbtenum.sys R3 ComFiltr;Panda Anti-Dialer;??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys R3 PavSRK.sys;PavSRK.sys;??\C:\WINDOWS\system32\PavSRK.sys R3 PavTPK.sys;PavTPK.sys;??\C:\WINDOWS\system32\PavTPK.sys R3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys R3 VcommMgr;Bluetooth VComm Manager Service;C:\WINDOWS\system32\Drivers\VcommMgr.sys R3 ZSMC303;VIMICRO USB PC Camera (ZC0301PLH);C:\WINDOWS\system32\Drivers\usbVM303.sys S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys S3 BT;Bluetooth PAN Network Adapter;C:\WINDOWS\system32\DRIVERS\btnetdrv.sys S3 Btcsrusb;Bluetooth USB For Bluetooth Service;C:\WINDOWS\system32\Drivers\btcusb.sys S3 BTNetFilter;Bluetooth Network Filter;??\C:\WINDOWS\system32\drivers\BTNetFilter.sys S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service;“C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe” S3 odserv;Microsoft Office Diagnostics Service;“C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE” S3 VComm;Virtual Serial port driver;C:\WINDOWS\system32\DRIVERS\VComm.sys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{3b21028b-eea6-11db-8752-4d6564696130}] AutoRun\command- I:\SETUP.EXE configure\command- I:\SETUP.EXE install\command- I:\SETUP.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{3b21028c-eea6-11db-8752-4d6564696130}] AutoRun\command- J:\Autorun.exe /s [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7be1f246-fb5b-11db-8762-4d6564696130}] AutoRun\command- K:\launcher.exe *Newly Created Service* - ALERTER *Newly Created Service* - NTMSSVC ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-05 12:09:43 Windows 5.1.2600 Dodatek Service Pack 2 NTFS detected NTDLL code modification: ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile scanning hidden processes … scanning hidden registry entries … [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,… [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] “C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\Rar$EX00.406\Diskeeper Professional Edition 9.0.524 (espa\x144ol-spanish).by bukito.www.elitexeem.com\setup.exe”="Professional Edition for Windows® " “C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\Rar$EX01.578\Diskeeper Professional Edition 9.0.524 (espa\x144ol-spanish).by bukito.www.elitexeem.com\Parche espa\x144ol Dk Pro 9.0.524.exe”=“Parche espa\xf1ol Dk Pro 9.0.524” scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-05 12:11:01 C:\ComboFix-quarantined-files.txt … 2007-08-05 12:10 — E O F —

Złączono Posta : 05.08.2007 (Nie) 12:29

jessica · 5 Sierpień 2007 10:57

Znasz te powyższe?

>>Start >>> Uruchom >>> wybierz (lub wpisz) REGEDIT >>OK>

>>rozwiń ten klucz:

(+)HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2

>>zaznacz: {3b21028c-eea6-11db-8752-4d6564696130}

>>prawoklik

>>usuń

Możesz dać log z ComboFixa do kontroli.

.

staszek0207 · 5 Sierpień 2007 11:27

ComboFix 07-08-04.3 - “Administrator” 2007-08-05 13:12:16.3 [GMT 2:00] - NTFS Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.Prawda ((((((((((((((((((((((((( Files Created from 2007-07-05 to 2007-08-05 ))))))))))))))))))))))))))))))) 2007-08-05 13:02 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-05 12:47 2007-08-05 12:05 416 --a------ C:\CFCleanUp.bat 2007-08-05 11:13 2007-08-01 20:27 2007-08-01 20:06 2007-07-30 14:06 64,000 --a------ C:\WINDOWS\system32\drivers\e4ldr.sys 2007-07-30 14:06 50,007 --a------ C:\WINDOWS\system32\drivers\adildr.sys 2007-07-30 14:06 46,892 --a------ C:\WINDOWS\system32\ADADIX16.DLL 2007-07-30 14:06 4,981 --a------ C:\WINDOWS\system32\ADADIX2K.DLL 2007-07-30 14:06 24,576 --a------ C:\WINDOWS\enddisk32.exe 2007-07-30 14:06 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin 2007-07-30 14:06 176,128 --a------ C:\WINDOWS\autoclk.exe 2007-07-30 14:06 155,648 --a------ C:\WINDOWS\system32\adadix32.dll 2007-07-30 14:06 152,220 --a------ C:\WINDOWS\system32\drivers\L1E4I2.BIN 2007-07-30 14:06 152,220 --a------ C:\WINDOWS\system32\drivers\L1E4I1.BIN 2007-07-30 14:06 152,220 --a------ C:\WINDOWS\system32\drivers\L1E4I0.BIN 2007-07-30 14:06 152,132 --a------ C:\WINDOWS\system32\drivers\L1E4P2.BIN 2007-07-30 14:06 152,132 --a------ C:\WINDOWS\system32\drivers\L1E4P1.BIN 2007-07-30 14:06 152,132 --a------ C:\WINDOWS\system32\drivers\L1E4P0.BIN 2007-07-30 14:06 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P2.BIN 2007-07-30 14:06 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P1.BIN 2007-07-30 14:06 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P0.BIN 2007-07-30 14:06 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I2.BIN 2007-07-30 14:06 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I1.BIN 2007-07-30 14:06 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I0.BIN 2007-07-30 14:06 152,036 --a------ C:\WINDOWS\system32\drivers\L1E4D2.BIN 2007-07-30 14:06 152,034 --a------ C:\WINDOWS\system32\drivers\L1E4D1.BIN 2007-07-30 14:06 152,034 --a------ C:\WINDOWS\system32\drivers\L1E4D0.BIN 2007-07-30 14:06 143,360 --a------ C:\WINDOWS\adiras.exe 2007-07-30 14:06 135,168 --a------ C:\WINDOWS\system32\unaddrv.exe 2007-07-30 14:06 127,456 --a------ C:\WINDOWS\system32\IPDETECT.EXE 2007-07-30 14:06 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll 2007-07-30 14:06 126,489 --a------ C:\WINDOWS\system32\drivers\adiusbaw.sys 2007-07-30 14:06 116,992 --a------ C:\WINDOWS\system32\drivers\e4usbaw.sys 2007-07-30 14:06 2007-07-29 20:05 2007-07-29 19:56 2007-07-22 02:21 2007-07-21 09:49 2007-07-21 01:30 2007-07-21 01:30 2007-07-21 01:30 2007-07-11 18:53 2007-07-11 14:21 2007-07-11 13:44 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe 2007-07-08 11:39 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2007-07-08 11:39 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2007-07-08 11:39 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-05 13:11 281408 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT 2007-08-05 13:11 1132 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG 2007-08-05 12:57 --------- d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\Skype 2007-08-05 12:49 --------- d-------- C:\Program Files\eMule 2007-08-05 12:32 --------- d-------- C:\Program Files\Gadu-Gadu 2007-08-05 12:31 --------- d-------- C:\Program Files\Winamp 2007-08-05 11:42 --------- d-------- C:\Program Files\CCleaner 2007-08-04 18:27 --------- d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\uTorrent 2007-08-04 18:15 --------- d-------- C:\Program Files\uTorrent 2007-08-04 17:31 --------- d-------- C:\Program Files\UberIcon 2007-08-04 17:31 --------- d-------- C:\Program Files\TuneUp Utilities 2006 2007-08-04 17:31 --------- d-------- C:\Program Files\CursorXP 2007-08-04 17:31 --------- d-------- C:\Program Files\ClocX 2007-08-04 17:31 --------- d-------- C:\Program Files\ATS2 2007-08-03 18:25 --------- d-------- C:\Program Files\WinZix 2007-08-01 22:30 --------- d-------- C:\Program Files\SubEdit-Player 2007-08-01 19:37 --------- d-------- C:\Program Files\Anti-Trojan-55 2007-08-01 00:05 --------- d-------- C:\Program Files\FrostWire 2007-07-31 18:04 126289 --a------ C:\WINDOWS\HPHins12.dat 2007-07-30 14:06 33 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg 2007-07-30 14:06 --------- d–h----- C:\Program Files\InstallShield Installation Information 2007-07-29 20:05 --------- d-------- C:\Program Files\Skype 2007-07-29 18:08 3473 --a------ C:\WINDOWS\unins000.dat 2007-07-19 16:54 --------- d-------- C:\Program Files\Movie Maker 2007-07-18 22:27 4489 --a------ C:\WINDOWS\mozver.dat 2007-07-11 17:08 2321408 --a------ C:\WINDOWS\system32\TUKernel.exe 2007-07-11 13:50 --------- d-------- C:\Program Files\QuickTime 2007-07-11 12:39 50968 --a------ C:\WINDOWS\system32\perfc015.dat 2007-07-11 12:39 359178 --a------ C:\WINDOWS\system32\perfh015.dat 2007-07-11 12:34 --------- d-------- C:\Program Files\Common Files\Real 2007-07-11 12:33 --------- d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\Real 2007-07-11 12:27 --------- d-------- C:\Program Files\Live_TV 2007-07-10 00:39 --------- d-------- C:\Program Files\Pasek TVN24 2007-07-09 10:38 --------- d-------- C:\Program Files\AdwareAlert 2007-07-09 10:38 --------- d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\HideTheCake 2007-07-06 13:33 --------- d-------- C:\Program Files\The FilmMachine 2007-06-15 00:02 --------- d-------- C:\Program Files\HideTheCake 2007-06-12 20:53 --------- d-------- C:\Program Files\ArkMicro 2007-06-08 23:49 --------- d-------- C:\Program Files\ACE Mega CoDecS Pack 2007-06-08 23:45 --------- d-------- C:\Program Files\Codec 2007-06-08 23:25 --------- d-------- C:\Program Files\Common Files\Ahead 2007-06-08 11:54 --------- d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\Apple Computer 2007-06-07 23:10 --------- d-------- C:\Program Files\Recuva 2007-06-06 19:24 --------- d-------- C:\Program Files\IVT Corporation 2007-05-16 17:18 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-04-21 09:30 476 --a------ C:\Program Files\INSTALL.LOG 2007-03-19 20:13 6422611 --a------ C:\Program Files\frostwire-4.13.1.6.windows.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SoundMan”=“SOUNDMAN.EXE” [2004-12-22 11:09 C:\WINDOWS\SOUNDMAN.EXE] “APVXDWIN”=“C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.exe” [2006-09-13 08:59] “GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 00:47] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [2007-03-14 03:43] “NvMediaCenter”=“NvMCTray.dll” [2006-06-01 11:22 C:\WINDOWS\system32\nvmctray.dll] “ClocX”=“C:\Program Files\ClocX\ClocX.exe” [2005-01-26 11:04] “Tweak UI”=“TWEAKUI.CPL” [2003-03-25 05:49 C:\WINDOWS\system32\tweakui.cpl] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-06-01 11:22] “BigDog303”=“C:\WINDOWS\VM303_STI.exe” [2005-06-23 05:13] “THGuard”=“C:\Program Files\TrojanHunter 4.7\THGuard.exe” [2007-06-23 00:19] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CursorXP”=“C:\Program Files\CursorXP\CursorXP.exe” [2005-01-19 17:34] “UberIcon”=“C:\Program Files\UberIcon\UberIcon Manager.exe” [2006-07-17 23:16] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-28 13:17:05] DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-07-30 14:06:46] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] avldr.dll 2005-09-27 12:13 45056 C:\WINDOWS\system32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] “NvCplDaemon”=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup “BigDog303”=C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) “NeroFilterCheck”=C:\WINDOWS\system32\NeroCheck.exe “adwarealert”=C:\Program Files\AdwareAlert\AdwareAlert.exe -boot R0 BTHidMgr;Bluetooth HID Manager Service;C:\WINDOWS\system32\Drivers\BTHidMgr.sys R0 netflt;Panda Net Driver [NDIS Layer];C:\WINDOWS\system32\Drivers\NETFLT.SYS R0 sojubus;sojubus;C:\WINDOWS\system32\DRIVERS\sojubus.sys R0 sojuscsi;sojuscsi;C:\WINDOWS\system32\DRIVERS\sojuscsi.sys R1 AmdK8;Sterownik procesora AMD;C:\WINDOWS\system32\DRIVERS\AmdK8.sys R1 APPFLT;App Filter Plugin;??\C:\WINDOWS\system32\Drivers\APPFLT.SYS R1 DSAFLT;DSA Filter Plugin;??\C:\WINDOWS\system32\Drivers\DSAFLT.SYS R1 FNETMON;NetMon Filter Plugin;??\C:\WINDOWS\system32\Drivers\fnetmon.SYS R1 IDSFLT;Ids Filter Plugin;??\C:\WINDOWS\system32\Drivers\IDSFLT.SYS R1 NETFLTDI;Panda Net Driver [TDI Layer];??\C:\WINDOWS\system32\Drivers\NETFLTDI.SYS R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\drivers\ShldDrv.sys R1 SMSFLT;SMS Filter Plugin;??\C:\WINDOWS\system32\Drivers\SMSFLT.SYS R1 WNMFLT;Wifi Monitor Filter Plugin;??\C:\WINDOWS\system32\Drivers\WNMFLT.SYS R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys R2 PAVDRV;pavdrv;C:\WINDOWS\system32\DRIVERS\pavdrv51.sys R2 PavProc;Panda Process Protection Driver;??\C:\WINDOWS\system32\DRIVERS\PavProc.sys R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe -k netsvcs R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys R3 BlueletAudio;Bluetooth Audio Service;C:\WINDOWS\system32\DRIVERS\blueletaudio.sys R3 BTHidEnum;Bluetooth HID Enumerator;C:\WINDOWS\system32\DRIVERS\vbtenum.sys R3 ComFiltr;Panda Anti-Dialer;??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys R3 PavTPK.sys;PavTPK.sys;??\C:\WINDOWS\system32\PavTPK.sys R3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys R3 VcommMgr;Bluetooth VComm Manager Service;C:\WINDOWS\system32\Drivers\VcommMgr.sys R3 ZSMC303;VIMICRO USB PC Camera (ZC0301PLH);C:\WINDOWS\system32\Drivers\usbVM303.sys S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys S3 BT;Bluetooth PAN Network Adapter;C:\WINDOWS\system32\DRIVERS\btnetdrv.sys S3 Btcsrusb;Bluetooth USB For Bluetooth Service;C:\WINDOWS\system32\Drivers\btcusb.sys S3 BTNetFilter;Bluetooth Network Filter;??\C:\WINDOWS\system32\drivers\BTNetFilter.sys S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service;“C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe” S3 odserv;Microsoft Office Diagnostics Service;“C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE” S3 PavSRK.sys;PavSRK.sys;??\C:\WINDOWS\system32\PavSRK.sys S3 VComm;Virtual Serial port driver;C:\WINDOWS\system32\DRIVERS\VComm.sys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{3b21028b-eea6-11db-8752-4d6564696130}] AutoRun\command- I:\SETUP.EXE configure\command- I:\SETUP.EXE install\command- I:\SETUP.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7be1f246-fb5b-11db-8762-4d6564696130}] AutoRun\command- K:\launcher.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-05 13:15:21 Windows 5.1.2600 Dodatek Service Pack 2 NTFS detected NTDLL code modification: ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile scanning hidden processes … scanning hidden registry entries … [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,… [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] “C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\Rar$EX00.406\Diskeeper Professional Edition 9.0.524 (espa\x144ol-spanish).by bukito.www.elitexeem.com\setup.exe”="Professional Edition for Windows® " “C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\Rar$EX01.578\Diskeeper Professional Edition 9.0.524 (espa\x144ol-spanish).by bukito.www.elitexeem.com\Parche espa\x144ol Dk Pro 9.0.524.exe”=“Parche espa\xf1ol Dk Pro 9.0.524” scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-05 13:16:29 C:\ComboFix-quarantined-files.txt … 2007-08-05 13:16 C:\ComboFix2.txt … 2007-08-05 12:11 — E O F —

jessica · 5 Sierpień 2007 12:25

Klucz infekcji na pendrive usunięty - OK.

Nie odpowiedziałeś natomiast na pytanie, czy znasz te “HideTheCake” ?

.

staszek0207 · 5 Sierpień 2007 13:04

nie nieznam ‘‘Hide TheCake’’

jessica · 5 Sierpień 2007 14:36

Jak nie znasz, to usuń:

C:\DOCUME~1\ADMINI~1\DANEAP~1\HideTheCake

C:\Program Files\HideTheCake

.