ningio
(Ningio)
2 Czerwiec 2007 07:34
#1
Komputer ciągle się restartuje, chodzi niesamowicie wolno, rozłącza mi się neostrada.
Avast wykrył mi takie wirusy w plikach:
C:\Program Files\Need2Find\bar\1.bin\N2PLUGIN.DLL
Win32:Spyware-gen. [Trj]
C:\Program Files\Need2Find\bar\1.bin\NPND2FN.DLL
Win32:Adware-gen. [Adw]
C:\System Volume Information_restore{25453327-8EB8-4D36-9881
Win32:Spyware-gen. [Trj]
Logfile of HijackThis v1.99.1 Scan saved at 09:28:39, on 2007-06-02 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\brsvc01a.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\CASIO\Photo Loader\Plauto.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\ja\Pulpit\ANTYWIRUSY\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM…\Run: [sSBkgdUpdate] “C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot O4 - HKLM…\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM…\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM…\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM…\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM…\Run: [FlashGet] “C:\Program Files\FlashGet\FlashGet.exe” /min O4 - HKLM…\Run: [ZoneAlarm Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ? O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne … nicode.cab O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
adpawl
(adpawl)
2 Czerwiec 2007 07:39
#2
ningio , witaj na forum.
Proszę konkretnie tytułować swoje posty, przeczytaj jak mądrze zadawać pytania …a wklejane logi zawsze obejmuj znacznikami
lub
ningio
(Ningio)
2 Czerwiec 2007 08:13
#3
Przepraszam za nieporozumienie.
Log z kaperkski.
Saturday, June 02, 2007 2:50:12 AM Operating System: Microsoft Windows XP Professional, Dodatek Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 1/06/2007 Kaspersky Anti-Virus database records: 336092 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ E:\ F:\ Scan Statistics Total number of scanned objects 37735 Number of viruses found 0 Number of infected objects 0 / 0 Number of suspicious objects 0 Duration of the scan process 02:59:52 Infected Object Name Virus Name Last Action C:\Documents and Settings\ja\Cookies\index.dat Object is locked skipped C:\Documents and Settings\ja\NTUSER.DAT Object is locked skipped C:\Documents and Settings\ja\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\ja\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\ja\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\report\Osłona rezydentna.txt Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information_restore{25453327-8EB8-4D36-9881-3F8FD27AA74C}\RP275\snapshot_REGISTRY_MACHINE_SYSTEM Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\Internet Logs\ZA-FF4358E86CCC.ldb Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache{EF85F3F3-EF80-4EA8-A427-1DCA1AFF80B2}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_554.dat Object is locked skipped C:\WINDOWS\Temp\ZLT0720c.TMP Object is locked skipped C:\WINDOWS\Temp\ZLT07216.TMP Object is locked skipped C:\WINDOWS\Temp_avast4_\Webshlock.txt Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.
Spybot SD wykrył mi
Gutek
(Gutek)
2 Czerwiec 2007 14:53
#4
usuń wpisy HJT, daj log z Silenta
Czy Windows Messenger jest szkodnikiem?? Jeśli tak to ja jestem księżniczka.
Gutek
(Gutek)
2 Czerwiec 2007 15:43
#6
Mały Wojtek słuchaj księżniczko jeszcze jedna twja wypowiedź i dostaniesz nagrodę, napsiałem, że szkodliwy, ma usunąć wpis HJT, ponieważ Messenger został odinstalowany.
ningio
(Ningio)
2 Czerwiec 2007 17:57
#7
Skasowałam te wpisy
Wkleję logi z różnych programów antywirusowych jakie mam. Może się przydadzą.
Silent Runners
“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“sms-express.com ”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [“ALWIL Software”] “SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe” [“Sun Microsystems, Inc.”] “SSBkgdUpdate” = ““C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot” [“Scansoft, Inc.”] “PaperPort PTD” = “C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe” [“ScanSoft, Inc.”] “IndexSearch” = “C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe” [“ScanSoft, Inc.”] “SetDefPrt” = “C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe” [“Brother Industories, Ltd.”] “ControlCenter2.0” = “C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun” [“Brother Industries, Ltd.”] “FlashGet” = ““C:\Program Files\FlashGet\FlashGet.exe” /min” [file not found] “ZoneAlarm Client” = ““C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”” [“Zone Labs, LLC”] “RemoteControl” = ““C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”” [“Cyberlink Corp.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Spybot - Search & Destroy\SDHelper.dll” [“Safer Networking Limited”] {C08DF07A-3E49-4E25-9AB0-D3882835F153}(Default) = (no title provided) -> {HKLM…CLSID} = “QUICKfind BHO Object” \InProcServer32(Default) = “C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{D9872D13-7651-4471-9EEE-F0A00218BEBB}” = “Multiscan” -> {HKLM…CLSID} = “ZLAVShExt Class” \InProcServer32(Default) = “C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll” [“Zone Labs, LLC”] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] ZLAVShExt(Default) = “{D9872D13-7651-4471-9EEE-F0A00218BEBB}” -> {HKLM…CLSID} = “ZLAVShExt Class” \InProcServer32(Default) = “C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll” [“Zone Labs, LLC”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] ZLAVShExt(Default) = “{D9872D13-7651-4471-9EEE-F0A00218BEBB}” -> {HKLM…CLSID} = “ZLAVShExt Class” \InProcServer32(Default) = “C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll” [“Zone Labs, LLC”] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\system32\logon.scr” [MS] Startup items in “ja” & “All Users” startup folders: ---------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W” [empty string] “Photo Loader supervisory” -> shortcut to: “C:\Program Files\CASIO\Photo Loader\Plauto.exe” [“CASIO COMPUTER CO.,LTD.”] “Program sieciowy dla SAGEM Wi-Fi 11g USB adapter” -> shortcut to: “C:\Program Files\SAGEM WiFi manager\WLANUTL.exe” [" "] “Status Monitor” -> shortcut to: “C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe Brother DCP-115C /STARTUP” [“Brother Industries, Ltd.”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}” -> {HKLM…CLSID} = “Java Plug-in 1.5.0_02” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll” [“Sun Microsystems, Inc.”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <> “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided) -> {HKLM…CLSID} = “Search Class” \InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [“ALWIL Software”] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [“ALWIL Software”] avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] BrSplService, Brother XP spl Service, “C:\WINDOWS\system32\brsvc01a.exe” [“brother Industries Ltd”] TrueVector Internet Monitor, vsmon, “C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service” [“Zone Labs, LLC”] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] ---------- <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 154 seconds, including 18 seconds for message boxes)
Antispyware
Application Information ======================= Application Version: ScanSpyware v3.8 build 3.8.0.4 Original Database: pests03-07-06.db Updated Database: ssdb052807.db Current Date: Saturday, June 02, 2007 07:33:40 PM __________________________________________________ Directories recognized: ======================= [FlashGet] C:\Program Files\FlashGet [Kazaa] C:\Program Files\Kazaa [Kazaa] C:\Program Files\kazaa\BGP2P [Kazaa] C:\Program Files\kazaa\bgp2p\plugins [Kazaa] C:\Program Files\kazaa\My Shared Folder __________________________________________________ Files recognized: ================= [bearShare] C:\Documents and Settings\ja\Pulpit\Bearshare.lnk [bearShare] C:\Documents and Settings\All Users\Menu Start\Programy\Bearshare.lnk [FlashGet] C:\Program Files\flashget\Default.jcd [FlashGet] C:\Program Files\flashget\Default.bk1 [FlashGet] C:\Program Files\flashget\Default.jcd.bak [iSearch Toolbar] C:\WINDOWS\unins000.dat [iSearch Toolbar] C:\WINDOWS\Unins000.exe [TopSearch] C:\WINDOWS\Fonts\acrsec.fon [TopSearch] C:\WINDOWS\Fonts\acrsecB.fon [TopSearch] C:\WINDOWS\Fonts\acrsecI.fon __________________________________________________ Registry keys recognized: ========================= [bearShare] HKEY_CLASSES_ROOT.GNU [bearShare] HKEY_CLASSES_ROOT\GNU [bearShare] HKEY_CLASSES_ROOT\GNUFILE [bearShare] HKEY_CURRENT_USER\APPEVENTS\EVENTLABELS\BEARSHARECHATNOTIFYMSG [bearShare] HKEY_CURRENT_USER\AppEvents\Schemes\Apps\BearShare [bearShare] HKEY_CURRENT_USER\AppEvents\Schemes\Apps\BearShare\BearShareChatNotifyMsg [bearShare] HKEY_CURRENT_USER\AppEvents\Schemes\Apps\BearShare\BearShareChatNotifyMsg.Current [bearShare] HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES.GNU [bearShare] HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GNU [bearShare] HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GNUFILE [bearShare] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} [FlashGet] HKEY_CLASSES_ROOT\FlashGet.Document [FlashGet] HKEY_LOCAL_MACHINE\Software\Classes\FlashGet.Document [FlashGet] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{E0E899AB-F487-11D5-8D29-0050BA6940E3} [instaFinder] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\INSTAFINK [Kazaa] HKEY_CURRENT_USER\software\kazaa [Kazaa] HKEY_LOCAL_MACHINE\software\kazaa [MyGlobalSearch Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{37B85A21-692B-4205-9CAD-2626E4993404} [Need2Find] HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2 [Need2Find] HKEY_CLASSES_ROOT\NEED2FINDBAR.SETTINGSPLUGIN [Need2Find] HKEY_CLASSES_ROOT\NEED2FINDBAR.SETTINGSPLUGIN.1 [Need2Find] HKEY_CLASSES_ROOT\NEED2FINDBAR.TOOLBARPLUGIN [Need2Find] HKEY_CLASSES_ROOT\NEED2FINDBAR.TOOLBARPLUGIN.1 [Need2Find] HKEY_LOCAL_MACHINE\Software\Classes\MSIEDe1egate.Application.2 [Need2Find] HKEY_LOCAL_MACHINE\Software\Classes\NEED2FINDBAR.SETTINGSPLUGIN [Need2Find] HKEY_LOCAL_MACHINE\Software\Classes\NEED2FINDBAR.SETTINGSPLUGIN.1 [Need2Find] HKEY_LOCAL_MACHINE\Software\Classes\NEED2FINDBAR.TOOLBARPLUGIN [Need2Find] HKEY_LOCAL_MACHINE\Software\Classes\NEED2FINDBAR.TOOLBARPLUGIN.1 [Need2Find] HKEY_CLASSES_ROOT\CLSID{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} [Need2Find] HKEY_CLASSES_ROOT\CLSID{F78B32D6-D6D8-4137-A18F-91EBE1A4AEDB} [Need2Find] HKEY_CLASSES_ROOT\CLSID{630D6140-04C5-4DB0-B27A-020D766FF09B} [Need2Find] HKEY_CLASSES_ROOT\CLSID{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} [Need2Find] HKEY_CLASSES_ROOT\CLSID{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3} [Need2Find] HKEY_CLASSES_ROOT\TypeLib{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3} [Need2Find] HKEY_CLASSES_ROOT\Interface{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3} [Need2Find] HKEY_CLASSES_ROOT\Interface{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3} [Need2Find] HKEY_LOCAL_MACHINE\Software\Classes\CLSID{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} [Need2Find] HKEY_LOCAL_MACHINE\Software\Classes\CLSID{F78B32D6-D6D8-4137-A18F-91EBE1A4AEDB} [Need2Find] HKEY_LOCAL_MACHINE\Software\Classes\CLSID{630D6140-04C5-4DB0-B27A-020D766FF09B} [Need2Find] HKEY_LOCAL_MACHINE\Software\Classes\CLSID{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} [Need2Find] HKEY_LOCAL_MACHINE\Software\Classes\CLSID{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3} [Need2Find] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3} [Need2Find] HKEY_LOCAL_MACHINE\Software\Classes\Interface{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3} [Need2Find] HKEY_LOCAL_MACHINE\Software\Classes\Interface{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3} [Need2Find] HKEY_CURRENT_USER\SOFTWARE\NEED2FIND [Need2Find] HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND [Need2Find] HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\BAR [Need2Find] HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\NEED2FINDBAR UNINSTALL [P2P Networking] HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking [RXBar] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RXToolBar __________________________________________________ Registry values recognized: =========================== __________________________________________________ Cookies recognized: =================== [DSE] c:\documents and settings\ja\cookies\ja@adserwer.wizaz[1].txt [Tracking Cookies] c:\documents and settings\ja\cookies\ja@hit.gemius[1].txt [Plea] c:\documents and settings\ja\cookies\ja@please[1].txt [Plea] c:\documents and settings\ja\cookies\ja@please[2].txt [Tracking Cookies] c:\documents and settings\ja\cookies\ja@www.mks.com[1].txt __________________________________________________
Dekard
Deckard’s System Scanner v20070426.43 Run by ja on 2007-06-01 at 00:52:53 Computer is in Normal Mode. -------------------------------------------------------------------------------- – System Restore -------------------------------------------------------------- Successfully created a Deckard’s System Scanner Restore Point. – Last 5 Restore Point(s) – 6: 2007-05-31 22:53:10 UTC - RP274 - Deckard’s System Scanner Restore Point 5: 2007-05-27 17:06:21 UTC - RP273 - Punkt kontrolny systemu 4: 2007-05-26 12:22:31 UTC - RP272 - Punkt kontrolny systemu 3: 2007-05-23 05:32:05 UTC - RP271 - Software Distribution Service 2.0 2: 2007-05-22 14:42:16 UTC - RP270 - Punkt kontrolny systemu – First Restore Point – 1: 2007-05-20 10:42:34 UTC - RP269 - Punkt kontrolny systemu Backed up registry hives. Performed disk cleanup. – HijackThis (run as ja.exe) -------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 00:56:17, on 2007-06-01 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\CASIO\Photo Loader\Plauto.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\BearShare\BearShare.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup C:\Documents and Settings\ja\Pulpit\dss.exe C:\DOCUME~1\ja\Pulpit\ja.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM…\Run: [sSBkgdUpdate] “C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot O4 - HKLM…\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM…\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM…\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM…\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM…\Run: [FlashGet] “C:\Program Files\FlashGet\FlashGet.exe” /min O4 - HKLM…\Run: [ZoneAlarm Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ? O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe – HijackThis Fixed Entries (C:\DOCUME~1\ja\Pulpit\backups) ------------------- backup-20070601-005046-796 O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) – File Associations ----------------------------------------------------------- All associations okay. – Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 hmonitor - c:\windows\system32\drivers\hmonitor.sys R3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys S3 npkcrypt - c:\program files\gravity\ro\npkcrypt.sys S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys (file missing) S3 ZDCndis5 (ZDCndis5 Protocol Driver) - c:\windows\system32\zdcndis5.sys (file missing) – Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- All services whitelisted. – Files created between 2007-05-01 and 2007-06-01 ----------------------------- 2007-06-01 00:38:04 225280 --a------ C:\Program Files\Uninstall My Global Search Bar.dll 2007-05-18 19:40:05 4682 --a------ C:\WINDOWS\system32\npptNT2.sys – Find3M Report --------------------------------------------------------------- 2007-06-01 00:44:37 0 d-------- C:\Program Files\BearShare 2007-05-18 19:09:40 65536 --a------ C:\WINDOWS\IFinst27.exe 2007-05-18 11:43:01 0 d-------- C:\Program Files\Windows NT 2007-04-29 12:50:43 0 d-------- C:\Documents and Settings\ja\Dane aplikacji\Image Zone Express 2007-03-25 10:59:51 355830 --a------ C:\WINDOWS\system32\perfh015.dat 2007-03-25 10:59:51 49712 --a------ C:\WINDOWS\system32\perfc015.dat 2007-03-21 21:21:44 4212 —h----- C:\WINDOWS\system32\zllictbl.dat 2007-03-21 21:11:40 1168 --a------ C:\WINDOWS\mozver.dat 2007-03-21 21:07:57 0 --a------ C:\WINDOWS\nsreg.dat 2007-03-21 20:55:38 804 --a------ C:\WINDOWS\unins000.dat – Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll {53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll {C08DF07A-3E49-4E25-9AB0-D3882835F153} C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe” “SSBkgdUpdate”="“C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot" “PaperPort PTD”=“C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe” “IndexSearch”=“C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe” “SetDefPrt”=“C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe” “ControlCenter2.0”=“C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun” “FlashGet”="“C:\Program Files\FlashGet\FlashGet.exe” /min" “ZoneAlarm Client”="“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”" “RemoteControl”="“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “Gadu-Gadu”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray" [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ja^Menu Start^Programy^Autostart^CD-MENU.LNK] “path”=“C:\Documents and Settings\ja\Menu Start\Programy\Autostart\CD-MENU.LNK” “backup”=“C:\WINDOWS\pss\CD-MENU.LNKStartup” “location”=“Startup” “command”="E:\MENU.exe " “item”=“CD-MENU” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adiras] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“adiras” “hkey”=“HKLM” “command”=“adiras.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autoclk] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“autoclk” “hkey”=“HKLM” “command”=“autoclk.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“NeroCheck” “hkey”=“HKLM” “command”=“C:\WINDOWS\system32\NeroCheck.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{97f72800-2a0a-11db-bf6c-806d6172696f}] Shell\AutoRun\command D:\instaluj.exe /VERYSILENT – End of Deckard’s System Scanner: finished at 2007-06-01 at 00:58:08 ---------
Gutek
(Gutek)
2 Czerwiec 2007 18:08
#8