Dawno nie sprzatany system

xjasiux · 3 Styczeń 2007 18:27

witam:)

i prosze o pomoc moj komputer bardzo ale to bardzo wolno dziala i nie potrafie sobie dac z tym rady:( powoli otwiera sie sytem, powoli chodza strony poprostu mega wolno wszystko dziala!

Logfile of HijackThis v1.99.1 Scan saved at 19:14:25, on 2007-01-02 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\AOL\1151295529\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe c:\program files\mcafee.com\agent\mcdetect.exe C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\mcafee.com\personal firewall\MPFService.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\SiteAdvisor\4979\SAService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Common Files\AOL\1151295529\ee\AOLSoftware.exe C:\Program Files\mcafee.com\personal firewall\MPfTray.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\mcafee.com\antivirus\mcvsescn.exe C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe C:\PROGRA~1\MCAFEE.COM\AGENT\McAgent.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\AOL\1151295529\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe C:\Program Files\SiteAdvisor\4979\SiteAdv.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\America Online 9.0b\waol.exe C:\Program Files\Common Files\AOL\1151295529\ee\SSCEvtHdlr.exe c:\program files\common files\aol\1151295529\ee\AOLOpenRide.exe C:\Program Files\Common Files\AOL\1151295529\ee\aolsoftware.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\America Online 9.0b\shellmon.exe C:\Program Files\Common Files\AOL\1151295529\ee\aolsoftware.exe c:\program files\common files\aol\1151295529\ee\anotify.exe C:\Documents and Settings\Owner\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.o2.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll R3 - URLSearchHook: (no name) - {EB662989-B91E-8B27-D8CE-9FDB3077D71B} - C:\WINDOWS\kwxlouhc.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll O2 - BHO: (no name) - {1ADCCDC4-80E6-F846-B938-9B998551654D} - C:\WINDOWS\kwxlouhc.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Search - {F5F0274E-2739-0B7F-6B6C-BA25E4A0746C} - C:\WINDOWS\kwxlouhc.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll O3 - Toolbar: SearchHelper - {B6A5B638-6025-4C2C-A899-867B416453D2} - C:\Program Files\SearchHelper\SearchHelper.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O4 - HKLM…\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM…\Run: [HostManager] C:\Program Files\Common Files\AOL\1151295529\ee\AOLSoftware.exe O4 - HKLM…\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe O4 - HKLM…\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe O4 - HKLM…\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM…\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM…\Run: [sscRun] C:\Program Files\Common Files\AOL\1151295529\ee\SSCRun.exe O4 - HKLM…\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM…\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe O4 - HKLM…\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe O4 - HKLM…\Run: [AOL Spyware Protection] C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe O4 - HKLM…\Run: [spywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot O4 - HKLM…\Run: [PhilipsDM] “C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe” O4 - HKLM…\Run: [PCODelayModule] “C:\PROGRA~1\AOL\PCOPTI~1\Delay.exe” O4 - HKLM…\Run: [bearShare] “C:\Program Files\BearShare\BearShare.exe” /pause O4 - HKLM…\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM…\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\McAgent.exe O4 - HKLM…\Run: [intelliPoint] “C:\Program Files\Microsoft IntelliPoint\point32.exe” O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe” O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1151295529\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe O4 - HKLM…\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\4979\SiteAdv.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU…\Run: [Komunikator] “C:\Program Files\Tlen.pl\tlen.exe” --confdir=home O4 - HKCU…\Run: [PC Registry Cleaner] C:\Program Files\PC Registry Cleaner\PC Registry Cleaner.exe O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\PROGRAM FILES\MESSENGER\msmsgs.exe” /background O4 - HKCU…\Run: [AOL Fast Start] “C:\Program Files\America Online 9.0b\AOL.EXE” -b O4 - Startup: AOL OpenRide.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: Add to AMV Convert Tool… - C:\Program Files\MP3 Player Utilities 3.70\AMVConverter\grab.html O8 - Extra context menu item: Add to Media Manager… - C:\Program Files\MP3 Player Utilities 3.70\MediaManager\grab.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share … insctl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 1819639529 O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - https://support.gateway.com/support/ser … /gwCID.CAB O16 - DPF: {A6916797-7ABD-4F07-93AE-098B6F543129} (CO2Player Class) - http://www.lemontv.pl/lmctrlp.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share … cgdmgr.cab O17 - HKLM\System\CCS\Services\Tcpip…{8048BB1A-4A4C-422E-8CCF-1C2F97037646}: NameServer = 217.173.193.3,217.173.193.11 O17 - HKLM\System\CCS\Services\Tcpip…{8232F403-3C49-40A5-A3C6-A2C35C3D06C9}: NameServer = 217.173.193.3,217.173.193.11 O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll O18 - Filter: text/html - (no CLSID) - (no file) O20 - AppInit_DLLs: pushow19.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1151295529\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\4979\SAService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] “Source”=“About:Home” “SubscribedURL”=“About:Home” “FriendlyName”=“My Current Home Page” !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll AppInit_DLLs !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] “AppInit_DLLs”=“pushow19.dll” Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “System”="" pe386-msguard-lzx32 ; Scanning wininet.dll infection Silent Runners.vbs", revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Komunikator” = ““C:\Program Files\Tlen.pl\tlen.exe” --confdir=home” [file not found] “PC Registry Cleaner” = “C:\Program Files\PC Registry Cleaner\PC Registry Cleaner.exe” [file not found] “swg” = “C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe” [“Google Inc.”] “ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “MSMSGS” = ““C:\PROGRAM FILES\MESSENGER\msmsgs.exe” /background” [MS] “AOL Fast Start” = ““C:\Program Files\America Online 9.0b\AOL.EXE” -b” [“America Online, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “AOLDialer” = “C:\Program Files\Common Files\AOL\ACS\AOLDial.exe” [“AOL LLC”] “HostManager” = “C:\Program Files\Common Files\AOL\1151295529\ee\AOLSoftware.exe” [“America Online, Inc.”] “_AntiSpyware” = “C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe” [“Network Associates, Inc.”] “MPFExe” = “C:\Program Files\mcafee.com\personal firewall\MPfTray.exe” [“McAfee Security”] “URLLSTCK.exe” = “C:\Program Files\Norton Internet Security\UrlLstCk.exe” [file not found] “SSC_UserPrompt” = “C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe” [file not found] “sscRun” = “C:\Program Files\Common Files\AOL\1151295529\ee\SSCRun.exe” [“AOL LLC”] “Recguard” = “%WINDIR%\SMINST\RECGUARD.EXE” [empty string] “OASClnt” = “C:\Program Files\mcafee.com\antivirus\oasclnt.exe” [“McAfee, Inc.”] “EmailScan” = “C:\Program Files\mcafee.com\antivirus\mcvsescn.exe” [“McAfee, Inc.”] “AOL Spyware Protection” = “C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe” [file not found] “SpywareBot” = “C:\Program Files\SpywareBot\SpywareBot.exe -boot” [file not found] “PhilipsDM” = ““C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe”” [“Koninklijke Philips Electronics N.V.”] “PCODelayModule” = ““C:\PROGRA~1\AOL\PCOPTI~1\Delay.exe”” [file not found] “BearShare” = ““C:\Program Files\BearShare\BearShare.exe” /pause” [file not found] “MCUpdateExe” = “c:\PROGRA~1\mcafee.com\agent\mcupdate.exe” [“McAfee, Inc”] “MCAgentExe” = “C:\PROGRA~1\MCAFEE.COM\AGENT\McAgent.exe” [“McAfee, Inc”] “IntelliPoint” = ““C:\Program Files\Microsoft IntelliPoint\point32.exe”” [MS] “iTunesHelper” = ““C:\Program Files\iTunes\iTunesHelper.exe”” [“Apple Computer, Inc.”] “HotKeysCmds” = “C:\WINDOWS\system32\hkcmd.exe” [“Intel Corporation”] “RemoteControl” = ““C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”” [“Cyberlink Corp.”] “SynTPEnh” = “C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [“Synaptics, Inc.”] “AOLSPScheduler” = “C:\Program Files\Common Files\AOL\1151295529\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe” [“AOL LLC”] “SiteAdvisor” = “C:\Program Files\SiteAdvisor\4979\SiteAdv.exe” [“McAfee, Inc.”] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) - {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {089FD14D-132B-48FC-8861-0048AE113215}(Default) = (no title provided) - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\SiteAdvisor\4979\SiteAdv.dll” [“McAfee, Inc.”] {1ADCCDC4-80E6-F846-B938-9B998551654D}(Default) = (no title provided) - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\kwxlouhc.dll” [null data] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Spybot - Search Destroy\SDHelper.dll” [“Safer Networking Limited”] {7C554162-8CB7-45A4-B8F4-8EA1C75885F9}(Default) = “AOL Toolbar Launcher” - {HKLM…CLSID} = “AOL Toolbar Launcher” \InProcServer32(Default) = “C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll” [“AOL LLC”] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided) - {HKLM…CLSID} = “Google Toolbar Helper” \InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Display Panning CPL Extension” - {HKLM…CLSID} = “Display Panning CPL Extension” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “HyperTerminal Icon Ext” - {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” - {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” - {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” - {HKLM…CLSID} = “Outlook File Icon Extension” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{2F603045-309F-11CF-9774-0020AFD0CFF6}” = “Synaptics Control Panel” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Synaptics\SynTP\SynTPCpl.dll” [“Synaptics, Inc.”] “{F2A0229A-C4CA-4789-B606-973D24DCDD1C}” = “McAfee AntiSpyware Shell Extension” - {HKLM…CLSID} = “McAfee AntiSpyware Shell Extension” \InProcServer32(Default) = “C:\Program Files\McAfee\McAfee AntiSpyware\MssShell.dll” [“Network Associates, Inc.”] “{EFA24E62-B078-11d0-89E4-00C04FC9E26E}” = “History Band” - {HKLM…CLSID} = “History Band” \InProcServer32(Default) = “C:\WINDOWS\system32\shdocvw.dll” [MS] “{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}” = “iTunes” - {HKLM…CLSID} = “iTunes” \InProcServer32(Default) = “C:\Program Files\iTunes\iTunesMiniPlayer.dll” [“Apple Computer, Inc.”] “{20082881-FC36-4E47-9A7A-644C95FF749F}” = “IntelliPoint Wireless Control Panel Property Page” - {HKLM…CLSID} = “Wireless Property Page” \InProcServer32(Default) = ““C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll”” [MS] “{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}” = “IntelliPoint Wheel Control Panel Property Page” - {HKLM…CLSID} = “Wheel Property Page” \InProcServer32(Default) = ““C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll”” [MS] “{653DCCC2-13DB-45B2-A389-427885776CFE}” = “IntelliPoint Activities Control Panel Property Page” - {HKLM…CLSID} = “Activities Property Page” \InProcServer32(Default) = ““C:\Program Files\Microsoft IntelliPoint\ipcplact.dll”” [MS] “{124597D8-850A-41AE-849C-017A4FA99CA2}” = “IntelliPoint Buttons Control Panel Property Page” - {HKLM…CLSID} = “Buttons Property Page” \InProcServer32(Default) = ““C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll”” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ “{F2A0229A-C4CA-4789-B606-973D24DCDD1C}” = “McAfee AntiSpyware Shell Extension” - {HKLM…CLSID} = “McAfee AntiSpyware Shell Extension” \InProcServer32(Default) = “C:\Program Files\McAfee\McAfee AntiSpyware\MssShell.dll” [“Network Associates, Inc.”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ “AppInit_DLLs” = “pushow19.dll” [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ igfxcui\DLLName = “igfxsrvc.dll” [“Intel Corporation”] HKLM\Software\Classes\PROTOCOLS\Filter\ text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” - {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “RegWinBackUp” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoLowDiskSpaceChecks” = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoDrives” = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\system32\sstext3d.scr” [MS] Startup items in “Owner” “All Users” startup folders: ------------------------------------------------------- C:\Documents and Settings\Owner\Start Menu\Programs\Startup “AOL OpenRide” - shortcut to: “C:\Program Files\Common Files\AOL\Launch\aollaunch.exe /d suiteid=frontier_1.23.16.1 /d locale=en-US ee://aol/frontierApp /preload” [“America Online, Inc.”] Enabled Scheduled Tasks: ------------------------ “AppleSoftwareUpdate” - launches: “C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task” [“Apple Computer, Inc.”] “McAfee AntiSpyware” - launches: “C:\PROGRA~1\McAfee\MCAFEE~1\McSpy.exe /cmd:Scan” [“Network Associates, Inc.”] “Symantec NetDetect” - launches: “C:\Program Files\Symantec\LiveUpdate\NDetect.exe” [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” - {HKLM…CLSID} = “Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” - {HKLM…CLSID} = “Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”] “{DE9C389F-3316-41A7-809B-AA305ED9D922}” - {HKLM…CLSID} = “AOL Toolbar” \InProcServer32(Default) = “C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll” [“AOL LLC”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{F5F0274E-2739-0B7F-6B6C-BA25E4A0746C}” = (no title provided) - {HKLM…CLSID} = “Search” \InProcServer32(Default) = “C:\WINDOWS\kwxlouhc.dll” [null data] “{0BF43445-2F28-4351-9252-17FE6E806AA0}” = “McAfee SiteAdvisor” - {HKLM…CLSID} = “McAfee SiteAdvisor” \InProcServer32(Default) = “C:\Program Files\SiteAdvisor\4979\SiteAdv.dll” [“McAfee, Inc.”] “{B6A5B638-6025-4C2C-A899-867B416453D2}” = “SearchHelper” - {HKLM…CLSID} = “SearchHelper” \InProcServer32(Default) = “C:\Program Files\SearchHelper\SearchHelper.dll” [null data] “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided) - {HKLM…CLSID} = “Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”] “{DE9C389F-3316-41A7-809B-AA305ED9D922}” = “AOL Toolbar” - {HKLM…CLSID} = “AOL Toolbar” \InProcServer32(Default) = “C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll” [“AOL LLC”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {FE54FA40-D68C-11D2-98FA-00C0F0318AFE}(Default) = (no title provided) - {HKLM…CLSID} = “Real.com” \InProcServer32(Default) = “C:\WINDOWS\system32\Shdocvw.dll” [MS] HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “Research” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}” - {HKLM…CLSID} = “Java Plug-in 1.5.0_02” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll” [“Sun Microsystems, Inc.”] {3369AF0D-62E9-4BDA-8103-B4C75499B578}\ “ButtonText” = “AOL Toolbar” “CLSIDExtension” = “{DE9C389F-3316-41A7-809B-AA305ED9D922}” - {HKLM…CLSID} = “AOL Toolbar” \InProcServer32(Default) = “C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll” [“AOL LLC”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Research” {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\ “ButtonText” = “Real.com” {E2E2DD38-D088-4134-82B7-F2BA38496583}\ “MenuText” = “@xpsp3res.dll,-20001” “Exec” = “%windir%\Network Diagnostic\xpnetdiag.exe” [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ “{EA756889-2338-43DB-8F07-D1CA6FB9C90D}” = “AOL Search” - {HKLM…CLSID} = “AOLTBSearch Class” \InProcServer32(Default) = “C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll” [“AOL LLC”] “{EB662989-B91E-8B27-D8CE-9FDB3077D71B}” = (no title provided) - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\kwxlouhc.dll” [null data] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AOL Antivirus Update Service, aolavupd, ““C:\Program Files\Common Files\AOL\1151295529\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe”” [“AOL LLC”] AOL Connectivity Service, AOL ACS, ““C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe”” [“AOL LLC”] AOL TopSpeed Monitor, AOL TopSpeedMonitor, “C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe” [“America Online, Inc”] CA Pest Patrol Realtime Protection Service, ITMRTSVC, ““C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe”” [“CA, Inc.”] iPod Service, iPod Service, ““C:\Program Files\iPod\bin\iPodService.exe”” [“Apple Computer, Inc.”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS] McAfee AntiSpyware Real-Time Scanner, McAfeeAntiSpyware, “C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe” [“Network Associates, Inc.”] McAfee McShield, McShield, “C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe” [“McAfee Inc.”] McAfee Personal Firewall Service, MpfService, ““C:\Program Files\mcafee.com\personal firewall\MPFService.exe”” [“McAfee Corporation”] McAfee Task Scheduler, McTskshd.exe, “c:\PROGRA~1\mcafee.com\agent\mctskshd.exe” [“McAfee, Inc”] McAfee WSC Integration, McDetect.exe, “c:\program files\mcafee.com\agent\mcdetect.exe” [“McAfee, Inc”] PrismXL, PrismXL, “C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS” [“New Boundary Technologies, Inc.”] SiteAdvisor Service, SiteAdvisor Service, “C:\Program Files\SiteAdvisor\4979\SAService.exe” [“McAfee, Inc.”] WAN Miniport (ATW) Service, WANMiniportService, ““C:\WINDOWS\wanmpsvc.exe”” [“America Online, Inc.”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] ---------- : Suspicious data at a malware launch point. : Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 101 seconds. ---------- (total run time: 165 seconds)

Bieniol · 3 Styczeń 2007 18:43

Użyj narzędzia -> Rustock.b-fix

W trybie awaryjnym z wyłączonym przywracaniem systemu usuwasz (wpisy Hijackiem, pliki/foldery na czerwono ręcznie z dysku):

Po zabiegach nowe logi

xjasiux · 3 Styczeń 2007 20:38

Logfile of HijackThis v1.99.1 Scan saved at 21:24:27, on 2007-01-02 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Common Files\AOL\1151295529\ee\AOLSoftware.exe C:\Program Files\mcafee.com\personal firewall\MPfTray.exe C:\Program Files\mcafee.com\antivirus\oasclnt.exe C:\Program Files\mcafee.com\antivirus\mcvsescn.exe C:\PROGRA~1\MCAFEE.COM\AGENT\McAgent.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\AOL\1151295529\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe C:\Program Files\SiteAdvisor\4979\SiteAdv.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\AOL\1151295529\ee\SSCEvtHdlr.exe C:\Program Files\America Online 9.0b\waol.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\AOL\1151295529\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe c:\program files\mcafee.com\agent\mcdetect.exe C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\AOL\1151295529\ee\aolsoftware.exe c:\program files\common files\aol\1151295529\ee\AOLOpenRide.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\mcafee.com\personal firewall\MPFService.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\SiteAdvisor\4979\SAService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\AOL\1151295529\ee\aolsoftware.exe C:\Program Files\America Online 9.0b\shellmon.exe C:\Documents and Settings\Owner\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.o2.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O4 - HKLM…\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM…\Run: [HostManager] C:\Program Files\Common Files\AOL\1151295529\ee\AOLSoftware.exe O4 - HKLM…\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe O4 - HKLM…\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe O4 - HKLM…\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM…\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM…\Run: [sscRun] C:\Program Files\Common Files\AOL\1151295529\ee\SSCRun.exe O4 - HKLM…\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM…\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe O4 - HKLM…\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe O4 - HKLM…\Run: [AOL Spyware Protection] C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe O4 - HKLM…\Run: [spywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot O4 - HKLM…\Run: [PhilipsDM] “C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe” O4 - HKLM…\Run: [PCODelayModule] “C:\PROGRA~1\AOL\PCOPTI~1\Delay.exe” O4 - HKLM…\Run: [bearShare] “C:\Program Files\BearShare\BearShare.exe” /pause O4 - HKLM…\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM…\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\McAgent.exe O4 - HKLM…\Run: [intelliPoint] “C:\Program Files\Microsoft IntelliPoint\point32.exe” O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe” O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1151295529\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe O4 - HKLM…\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\4979\SiteAdv.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU…\Run: [Komunikator] “C:\Program Files\Tlen.pl\tlen.exe” --confdir=home O4 - HKCU…\Run: [PC Registry Cleaner] C:\Program Files\PC Registry Cleaner\PC Registry Cleaner.exe O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\PROGRAM FILES\MESSENGER\msmsgs.exe” /background O4 - HKCU…\Run: [AOL Fast Start] “C:\Program Files\America Online 9.0b\AOL.EXE” -b O4 - Startup: AOL OpenRide.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: Add to AMV Convert Tool… - C:\Program Files\MP3 Player Utilities 3.70\AMVConverter\grab.html O8 - Extra context menu item: Add to Media Manager… - C:\Program Files\MP3 Player Utilities 3.70\MediaManager\grab.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share … insctl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 1819639529 O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - https://support.gateway.com/support/ser … /gwCID.CAB O16 - DPF: {A6916797-7ABD-4F07-93AE-098B6F543129} (CO2Player Class) - http://www.lemontv.pl/lmctrlp.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share … cgdmgr.cab O17 - HKLM\System\CCS\Services\Tcpip…{8048BB1A-4A4C-422E-8CCF-1C2F97037646}: NameServer = 217.173.193.3,217.173.193.11 O17 - HKLM\System\CCS\Services\Tcpip…{8232F403-3C49-40A5-A3C6-A2C35C3D06C9}: NameServer = 217.173.193.3,217.173.193.11 O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1151295529\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\4979\SAService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Komunikator” = ““C:\Program Files\Tlen.pl\tlen.exe” --confdir=home” [file not found] “PC Registry Cleaner” = “C:\Program Files\PC Registry Cleaner\PC Registry Cleaner.exe” [file not found] “swg” = “C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe” [“Google Inc.”] “ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “MSMSGS” = ““C:\PROGRAM FILES\MESSENGER\msmsgs.exe” /background” [MS] “AOL Fast Start” = ““C:\Program Files\America Online 9.0b\AOL.EXE” -b” [“America Online, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “AOLDialer” = “C:\Program Files\Common Files\AOL\ACS\AOLDial.exe” [“AOL LLC”] “HostManager” = “C:\Program Files\Common Files\AOL\1151295529\ee\AOLSoftware.exe” [“America Online, Inc.”] “_AntiSpyware” = “C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe” [“Network Associates, Inc.”] “MPFExe” = “C:\Program Files\mcafee.com\personal firewall\MPfTray.exe” [“McAfee Security”] “URLLSTCK.exe” = “C:\Program Files\Norton Internet Security\UrlLstCk.exe” [file not found] “SSC_UserPrompt” = “C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe” [file not found] “sscRun” = “C:\Program Files\Common Files\AOL\1151295529\ee\SSCRun.exe” [“AOL LLC”] “Recguard” = “%WINDIR%\SMINST\RECGUARD.EXE” [empty string] “OASClnt” = “C:\Program Files\mcafee.com\antivirus\oasclnt.exe” [“McAfee, Inc.”] “EmailScan” = “C:\Program Files\mcafee.com\antivirus\mcvsescn.exe” [“McAfee, Inc.”] “AOL Spyware Protection” = “C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe” [file not found] “SpywareBot” = “C:\Program Files\SpywareBot\SpywareBot.exe -boot” [file not found] “PhilipsDM” = ““C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe”” [“Koninklijke Philips Electronics N.V.”] “PCODelayModule” = ““C:\PROGRA~1\AOL\PCOPTI~1\Delay.exe”” [file not found] “BearShare” = ““C:\Program Files\BearShare\BearShare.exe” /pause” [file not found] “MCUpdateExe” = “C:\PROGRA~1\mcafee.com\agent\mcupdate.exe” [“McAfee, Inc”] “MCAgentExe” = “C:\PROGRA~1\MCAFEE.COM\AGENT\McAgent.exe” [“McAfee, Inc”] “IntelliPoint” = ““C:\Program Files\Microsoft IntelliPoint\point32.exe”” [MS] “iTunesHelper” = ““C:\Program Files\iTunes\iTunesHelper.exe”” [“Apple Computer, Inc.”] “HotKeysCmds” = “C:\WINDOWS\system32\hkcmd.exe” [“Intel Corporation”] “RemoteControl” = ““C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”” [“Cyberlink Corp.”] “SynTPEnh” = “C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [“Synaptics, Inc.”] “AOLSPScheduler” = “C:\Program Files\Common Files\AOL\1151295529\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe” [“AOL LLC”] “SiteAdvisor” = “C:\Program Files\SiteAdvisor\4979\SiteAdv.exe” [“McAfee, Inc.”] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {089FD14D-132B-48FC-8861-0048AE113215}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\SiteAdvisor\4979\SiteAdv.dll” [“McAfee, Inc.”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Spybot - Search & Destroy\SDHelper.dll” [“Safer Networking Limited”] {7C554162-8CB7-45A4-B8F4-8EA1C75885F9}(Default) = “AOL Toolbar Launcher” -> {HKLM…CLSID} = “AOL Toolbar Launcher” \InProcServer32(Default) = “C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll” [“AOL LLC”] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided) -> {HKLM…CLSID} = “Google Toolbar Helper” \InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Display Panning CPL Extension” -> {HKLM…CLSID} = “Display Panning CPL Extension” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “HyperTerminal Icon Ext” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Outlook File Icon Extension” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{2F603045-309F-11CF-9774-0020AFD0CFF6}” = “Synaptics Control Panel” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Synaptics\SynTP\SynTPCpl.dll” [“Synaptics, Inc.”] “{F2A0229A-C4CA-4789-B606-973D24DCDD1C}” = “McAfee AntiSpyware Shell Extension” -> {HKLM…CLSID} = “McAfee AntiSpyware Shell Extension” \InProcServer32(Default) = “C:\Program Files\McAfee\McAfee AntiSpyware\MssShell.dll” [“Network Associates, Inc.”] “{EFA24E62-B078-11d0-89E4-00C04FC9E26E}” = “History Band” -> {HKLM…CLSID} = “History Band” \InProcServer32(Default) = “C:\WINDOWS\system32\shdocvw.dll” [MS] “{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}” = “iTunes” -> {HKLM…CLSID} = “iTunes” \InProcServer32(Default) = “C:\Program Files\iTunes\iTunesMiniPlayer.dll” [“Apple Computer, Inc.”] “{20082881-FC36-4E47-9A7A-644C95FF749F}” = “IntelliPoint Wireless Control Panel Property Page” -> {HKLM…CLSID} = “Wireless Property Page” \InProcServer32(Default) = ““C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll”” [MS] “{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}” = “IntelliPoint Wheel Control Panel Property Page” -> {HKLM…CLSID} = “Wheel Property Page” \InProcServer32(Default) = ““C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll”” [MS] “{653DCCC2-13DB-45B2-A389-427885776CFE}” = “IntelliPoint Activities Control Panel Property Page” -> {HKLM…CLSID} = “Activities Property Page” \InProcServer32(Default) = ““C:\Program Files\Microsoft IntelliPoint\ipcplact.dll”” [MS] “{124597D8-850A-41AE-849C-017A4FA99CA2}” = “IntelliPoint Buttons Control Panel Property Page” -> {HKLM…CLSID} = “Buttons Property Page” \InProcServer32(Default) = ““C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll”” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{F2A0229A-C4CA-4789-B606-973D24DCDD1C}” = “McAfee AntiSpyware Shell Extension” -> {HKLM…CLSID} = “McAfee AntiSpyware Shell Extension” \InProcServer32(Default) = “C:\Program Files\McAfee\McAfee AntiSpyware\MssShell.dll” [“Network Associates, Inc.”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> igfxcui\DLLName = “igfxsrvc.dll” [“Intel Corporation”] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “RegWinBackUp” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoLowDiskSpaceChecks” = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoDrives” = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\system32\sstext3d.scr” [MS] Startup items in “Owner” & “All Users” startup folders: ------------------------------------------------------- C:\Documents and Settings\Owner\Start Menu\Programs\Startup “AOL OpenRide” -> shortcut to: “C:\Program Files\Common Files\AOL\Launch\aollaunch.exe /d suiteid=frontier_1.23.16.1 /d locale=en-US ee://aol/frontierApp /preload” [“America Online, Inc.”] Enabled Scheduled Tasks: ------------------------ “AppleSoftwareUpdate” -> launches: “C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task” [“Apple Computer, Inc.”] “McAfee AntiSpyware” -> launches: “C:\PROGRA~1\McAfee\MCAFEE~1\McSpy.exe /cmd:Scan” [“Network Associates, Inc.”] “Symantec NetDetect” -> launches: “C:\Program Files\Symantec\LiveUpdate\NDetect.exe” [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”] “{DE9C389F-3316-41A7-809B-AA305ED9D922}” -> {HKLM…CLSID} = “AOL Toolbar” \InProcServer32(Default) = “C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll” [“AOL LLC”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{0BF43445-2F28-4351-9252-17FE6E806AA0}” = “McAfee SiteAdvisor” -> {HKLM…CLSID} = “McAfee SiteAdvisor” \InProcServer32(Default) = “C:\Program Files\SiteAdvisor\4979\SiteAdv.dll” [“McAfee, Inc.”] “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided) -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”] “{DE9C389F-3316-41A7-809B-AA305ED9D922}” = “AOL Toolbar” -> {HKLM…CLSID} = “AOL Toolbar” \InProcServer32(Default) = “C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll” [“AOL LLC”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {FE54FA40-D68C-11D2-98FA-00C0F0318AFE}(Default) = (no title provided) -> {HKLM…CLSID} = “Real.com” \InProcServer32(Default) = “C:\WINDOWS\system32\Shdocvw.dll” [MS] HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Research” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}” -> {HKLM…CLSID} = “Java Plug-in 1.5.0_02” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll” [“Sun Microsystems, Inc.”] {3369AF0D-62E9-4BDA-8103-B4C75499B578}\ “ButtonText” = “AOL Toolbar” “CLSIDExtension” = “{DE9C389F-3316-41A7-809B-AA305ED9D922}” -> {HKLM…CLSID} = “AOL Toolbar” \InProcServer32(Default) = “C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll” [“AOL LLC”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Research” {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\ “ButtonText” = “Real.com” {E2E2DD38-D088-4134-82B7-F2BA38496583}\ “MenuText” = “@xpsp3res.dll,-20001” “Exec” = “%windir%\Network Diagnostic\xpnetdiag.exe” [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <> “{EA756889-2338-43DB-8F07-D1CA6FB9C90D}” = “AOL Search” -> {HKLM…CLSID} = “AOLTBSearch Class” \InProcServer32(Default) = “C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll” [“AOL LLC”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AOL Antivirus Update Service, aolavupd, ““C:\Program Files\Common Files\AOL\1151295529\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe”” [“AOL LLC”] AOL Connectivity Service, AOL ACS, ““C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe”” [“AOL LLC”] AOL TopSpeed Monitor, AOL TopSpeedMonitor, “C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe” [“America Online, Inc”] CA Pest Patrol Realtime Protection Service, ITMRTSVC, ““C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe”” [“CA, Inc.”] iPod Service, iPod Service, ““C:\Program Files\iPod\bin\iPodService.exe”” [“Apple Computer, Inc.”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS] McAfee AntiSpyware Real-Time Scanner, McAfeeAntiSpyware, “C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe” [“Network Associates, Inc.”] McAfee McShield, McShield, “C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe” [“McAfee Inc.”] McAfee Personal Firewall Service, MpfService, ““C:\Program Files\mcafee.com\personal firewall\MPFService.exe”” [“McAfee Corporation”] McAfee Task Scheduler, McTskshd.exe, “c:\PROGRA~1\mcafee.com\agent\mctskshd.exe” [“McAfee, Inc”] McAfee WSC Integration, McDetect.exe, “c:\program files\mcafee.com\agent\mcdetect.exe” [“McAfee, Inc”] PrismXL, PrismXL, “C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS” [“New Boundary Technologies, Inc.”] SiteAdvisor Service, SiteAdvisor Service, “C:\Program Files\SiteAdvisor\4979\SAService.exe” [“McAfee, Inc.”] WAN Miniport (ATW) Service, WANMiniportService, ““C:\WINDOWS\wanmpsvc.exe”” [“America Online, Inc.”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] ---------- <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 304 seconds. ---------- (total run time: 384 seconds)

SmitFraudFix v2.132 Scan done at 21:34:38,43, 2007-01-02 Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode C:\ C:\WINDOWS C:\WINDOWS\system C:\WINDOWS\Web C:\WINDOWS\system32 C:\WINDOWS\system32\LogFiles C:\Documents and Settings\Owner C:\Documents and Settings\Owner\Application Data Start Menu C:\DOCUME~1\Owner\FAVORI~1 Desktop C:\Program Files Corrupted keys Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] “Source”=“About:Home” “SubscribedURL”=“About:Home” “FriendlyName”=“My Current Home Page” Sharedtaskscheduler !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll AppInit_DLLs !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] “AppInit_DLLs”="" Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “System”="" pe386-msguard-lzx32 Scanning wininet.dll infection End

adam9870 · 3 Styczeń 2007 20:52

Czy użyłeś Rustock.b-fix. ?? Jeśli tak to wklej raport.

A SmitFraudFix użyj z opcji numer 2 w trybie awaryjnym.

Możesz przeczyścić rejestr ponieważ masz wiele pustych kluczy opis

xjasiux · 3 Styczeń 2007 20:55

uzylismy tego ale nic sie nie dzieje:(

adam9870 · 3 Styczeń 2007 20:57

Użyj SmitFraudFix ale tym razem z opcji numer 2 w trybie awaryjnym.

Potem wklej raport z niego ( c:\rapport.txt ) oraz raport z Rustock.b-fix

xjasiux · 3 Styczeń 2007 21:10

SmitFraudFix v2.132 Scan done at 22:04:20,23, 2007-01-02 Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “System”="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll »»»»»»»»»»»»»»»»»»»»»»»» End znalazlem tylko takiego loga ************************* Rustock.b-fix – By ejvindh ************************* 2007-01-02 22:08:27,04 No Rustock.b-rootkits found ******************************* End of Logfile ******************************** Rustock.b-ADS attached to the System32-folder: No streams found. Looking for Rustock.b-files in the System32-folder: No Rustock.b-files found in system32 ******************* Post-run Status of system ******************* Rustock.b-driver on the system: NONE! Rustock.b-ADS attached to the System32-folder: No System32-ADS found. Looking for Rustock.b-files in the System32-folder: No Rustock.b-files found in system32 ******************************* End of Logfile ********************************

adam9870 · 3 Styczeń 2007 21:24

Czysto.

Możesz zajrzeć: XP - Optymalizacja, odchudzanie dla trochę bardziej zaawansowanych. Lub Optymalizacja i odchudzanie Windowsa XP dla trochę mniej zaawansowanych.

xjasiux · 3 Styczeń 2007 21:25

dziekuje slicznie:)