once80
(Once)
29 Listopad 2006 16:48
#1
Witam
Mam podobny problem. Dużo połączeń z serwerami smtp. Zastosowałem SmitFraudFix ale to nic nie dało. Blokowanie połączeń za pomocą WWDC też nic nie dało. Wklejam loga z hijackthis:
Logfile of HijackThis v1.99.1 Scan saved at 17:29:32, on 2006-11-29 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\G-VGA.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\EPSON\ESM2\eEBSVC.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\PMJ151LA.BIN C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\services.exe C:\Program Files\Opera\Opera.exe H:\films\instalki\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.icm.edu.pl:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: Shell=explorer.exe O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: ChangerBHO Class - {1D4C7057-EAD2-44C6-AD18-9092905F28F1} - C:\WINDOWS\system32\adsnwv.dll (file missing) O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SpoofBHO Class - {a62d2213-2d9b-4d25-b52d-0bc282501d5b} - C:\WINDOWS\se_spoof.dll (file missing) O2 - BHO: Clicker Class - {A97B5EF1-CA64-466F-AC40-F770ED52DB92} - C:\WINDOWS\system32\mscoriezz.dll O2 - BHO: Alive MP3 WAV Converter Toolbar Helper - {C12D2216-6A10-4c7d-A38F-D801D9CF9D03} - C:\Program Files\Alive MP3 WAV Converter Toolbar\v2.0.0.2\Alive_MP3_WAV_Converter_Toolbar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll O3 - Toolbar: Alive MP3 WAV Converter Toolbar - {50D31413-8B14-4158-94A5-80BE78E23058} - C:\Program Files\Alive MP3 WAV Converter Toolbar\v2.0.0.2\Alive_MP3_WAV_Converter_Toolbar.dll O4 - HKLM…\Run: [VGAUtil] C:\WINDOWS\System32\G-VGA.exe O4 - HKLM…\Run: [AtiPTA] atiptaxx.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM…\Run: [Onet.pl AutoUpdate] “C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe” /updateexe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [DrefIW] C:\WINDOWS\System32\SysDrefIWv2.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [bandwidth Monitor Pro] “C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe” /minimized O4 - HKCU…\Run: [DrefIW] C:\WINDOWS\System32\SysDrefIWv2.exe O4 - HKCU…\Run: [Winsty] C:\WINDOWS\temp\wincss3216384.exe O4 - HKCU…\Run: [Winstf] C:\WINDOWS\temp\wincss3216384.exe O4 - HKCU…\Run: [WinMedia] C:\WINDOWS\temp\wincss323584.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: @btrez.dll ,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra ‘Tools’ menuitem: @btrez.dll ,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O15 - Trusted Zone: http://skaner.mks.com.pl O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - http://slimak.onet.pl/_m/kamerzysta/One … or012s.ocx O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip…{49150395-7157-4FA7-823F-6F6481D44299}: NameServer = 217.30.129.49,217.30.137.200 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
oraz fragment netstat:
Z góry dzieki za pomoc
Gutek
(Gutek)
29 Listopad 2006 17:47
#2
wpisy usuń HJT a pliki ręcznie
Użyj ATF-Cleaner - http://www.atribune.org/ccount/click.php?id=1
Daj log z Silenta
Bieniol
(Bbieniol)
29 Listopad 2006 21:22
#4
Otwórz notatnik i wklej w nim to:
Plik -> zapisz jako -> zmień rozszerzenie na wszystkie pliki -> zapisz pod nazwą FIX.REG
Uruchamiasz narzędzie KillBox , zaznaczasz Delete on reboot , w polu full path of file wklej ścieżkę:
C:\WINDOWS\temp\wincss323584.exe
Klikasz X i restart kompa
Odpal plik FIX.REG i potwierdź dodanie do rejestru i reset kompa
Po zabiegach nowe logi
Gutek
(Gutek)
29 Listopad 2006 22:02
#6
once80
(Once)
29 Listopad 2006 23:21
#7
Użyłem ATF
To co znalazł skan AVG usunąłem i dalej to samo.
Wklejam znowu loga HJT:
Logfile of HijackThis v1.99.1 Scan saved at 00:20:36, on 2006-11-30 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\explorer.exe C:\Program Files\EPSON\ESM2\eEBSVC.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\PMJ151LA.BIN C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\G-VGA.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\System32\services.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Opera\Opera.exe H:\films\instalki\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.icm.edu.pl:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: Shell=explorer.exe O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Alive MP3 WAV Converter Toolbar Helper - {C12D2216-6A10-4c7d-A38F-D801D9CF9D03} - C:\Program Files\Alive MP3 WAV Converter Toolbar\v2.0.0.2\Alive_MP3_WAV_Converter_Toolbar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll O3 - Toolbar: Alive MP3 WAV Converter Toolbar - {50D31413-8B14-4158-94A5-80BE78E23058} - C:\Program Files\Alive MP3 WAV Converter Toolbar\v2.0.0.2\Alive_MP3_WAV_Converter_Toolbar.dll O4 - HKLM…\Run: [VGAUtil] C:\WINDOWS\System32\G-VGA.exe O4 - HKLM…\Run: [AtiPTA] atiptaxx.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [bandwidth Monitor Pro] “C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe” /minimized O4 - HKCU…\Run: [WinMedia] C:\WINDOWS\temp\wincss323584.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll ,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra ‘Tools’ menuitem: @btrez.dll ,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O15 - Trusted Zone: http://skaner.mks.com.pl O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - http://slimak.onet.pl/_m/kamerzysta/One … or012s.ocx O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip…{49150395-7157-4FA7-823F-6F6481D44299}: NameServer = 217.30.129.49,217.30.137.200 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Powoli trace nadzieje:(
Gutek
(Gutek)
29 Listopad 2006 23:41
#8
Log już jest Ok
Pobierz - http://www.gmer.net/?lang=pl
W gmerze w zakładce rootkit zaznacz tylko usługi i pokaż wszystko oraz kliknij szukaj i wklej na forum
once80
(Once)
1 Grudzień 2006 00:33
#11
Witam
Wczoraj w nocy już nie kumałem za bardzo.
Po skanie AVG jest już OK.
Wielkie dzięki za pomoc i poświęcenie czasu
POZDRAWIAM i jeszcze raz dzieki
once
Złączono Posta : 03.12.2006 (Nie) 19:05
Witam!
Znowu to samo:(
Nie mam pojęcia dlaczego w pewnym momencie tego nie było ale… znowu jest to samo.
Odpaliłem Smitfraudfix, zablokowałem wszystko w WWDC, wyczysciłem ATF cleanerem, AVG chodzi.
Nie wiem czy powtarzać te wszystkie wczesniejsze instrukcje jeszcze raz czy juz został tylko format??
Jakby ktos znalazł chwilke i to przejrzał bylbym wdzięczny.
Wklejam fragment netstata:
HJT:
Logfile of HijackThis v1.99.1 Scan saved at 18:54:27, on 2006-12-03 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\G-VGA.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\EPSON\ESM2\eEBSVC.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\PMJ151LA.BIN C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\services.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\cmd.exe H:\films\instalki\wwdc.exe C:\Program Files\Opera\Opera.exe H:\films\instalki\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.icm.edu.pl:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: Shell=explorer.exe O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search Destroy\SDHelper.dll O2 - BHO: Alive MP3 WAV Converter Toolbar Helper - {C12D2216-6A10-4c7d-A38F-D801D9CF9D03} - C:\Program Files\Alive MP3 WAV Converter Toolbar\v2.0.0.2\Alive_MP3_WAV_Converter_Toolbar.dll O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll O3 - Toolbar: Alive MP3 WAV Converter Toolbar - {50D31413-8B14-4158-94A5-80BE78E23058} - C:\Program Files\Alive MP3 WAV Converter Toolbar\v2.0.0.2\Alive_MP3_WAV_Converter_Toolbar.dll O4 - HKLM…\Run: [VGAUtil] C:\WINDOWS\System32\G-VGA.exe O4 - HKLM…\Run: [AtiPTA] atiptaxx.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [bandwidth Monitor Pro] “C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe” /minimized O4 - HKCU…\Run: [WinMedia] C:\WINDOWS\temp\wincss323584.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll ,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra ‘Tools’ menuitem: @btrez.dll ,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O15 - Trusted Zone: http://skaner.mks.com.pl O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - http://slimak.onet.pl/_m/kamerzysta/One … or012s.ocx O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip…{49150395-7157-4FA7-823F-6F6481D44299}: NameServer = 217.30.129.49,217.30.137.200 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Silent runners:
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS] “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“sms-express.com ”] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] “Bandwidth Monitor Pro” = ““C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe” /minimized” [“Pro2soft”] “WinMedia” = “C:\WINDOWS\temp\wincss323584.exe” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “VGAUtil” = “C:\WINDOWS\System32\G-VGA.exe” [empty string] “AtiPTA” = “atiptaxx.exe” [“ATI Technologies, Inc.”] “HPDJ Taskbar Utility” = “C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe” [“HP”] “RemoteControl” = ““C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”” [“Cyberlink Corp.”] “!AVG Anti-Spyware” = ““C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized” [“Anti-Malware Development a.s.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {00C6482D-C502-44C8-8409-FCE54AD9C208}(Default) = (no title provided) - {HKLM…CLSID} = “HelperObject Class” \InProcServer32(Default) = “C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll” [“TechSmith Corporation”] {31FF080D-12A3-439A-A2EF-4BA95A3148E8}(Default) = (no title provided) - {HKLM…CLSID} = “bho2gr Class” \InProcServer32(Default) = “C:\Program Files\GetRight\xx2gr.dll” [“Headlight Software, Inc.”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Spybot - Search Destroy\SDHelper.dll” [“Safer Networking Limited”] {C12D2216-6A10-4c7d-A38F-D801D9CF9D03}(Default) = (no title provided) - {HKLM…CLSID} = “Alive MP3 WAV Converter Toolbar Helper” \InProcServer32(Default) = “C:\Program Files\Alive MP3 WAV Converter Toolbar\v2.0.0.2\Alive_MP3_WAV_Converter_Toolbar.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” - {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” - {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” - {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\Audiodev.dll” [MS] “{D00900BC-23F7-4FD6-BFA2-8232112C5C49}” = “NRad Extension” - {HKLM…CLSID} = “NRadExt Class” \InProcServer32(Default) = “C:\WINDOWS\System32\NRad.dll” [empty string] “{5380C14E-C0A1-4D66-87DB-5995E6FF4623}” = “Rad Extension” - {HKLM…CLSID} = “RadPropExt Class” \InProcServer32(Default) = “C:\WINDOWS\System32\Rad.dll” [empty string] “{D2FD83AE-994A-4D4B-9097-2C9E11ED85F0}” = “RadClkr Extension” - {HKLM…CLSID} = “RadClkRExt Class” \InProcServer32(Default) = “C:\WINDOWS\System32\RadClkR.dll” [empty string] “{C6844A1E-2C59-415A-84B3-C6A458372779}” = “RadType Extension” - {HKLM…CLSID} = “RadTypeExt Class” \InProcServer32(Default) = “C:\WINDOWS\System32\RadType.dll” [empty string] “{75B8D633-9021-442C-9EA4-FF4BE72CE20F}” = “NRad2 Extension” - {HKLM…CLSID} = “NRadExt2 Class” \InProcServer32(Default) = “C:\WINDOWS\System32\NRad.dll” [empty string] “{36518101-49AC-42CB-8E4C-40C1F328A565}” = “Rad2 Extension” - {HKLM…CLSID} = “RadPropExt2 Class” \InProcServer32(Default) = “C:\WINDOWS\System32\Rad.dll” [empty string] “{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}” = “SnagIt” - {HKLM…CLSID} = “SnagIt” \InProcServer32(Default) = “C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll” [“TechSmith Corporation”] “{CF74B903-3389-469c-B3B6-0204D204FCBD}” = “SnagIt Shell Extension” - {HKLM…CLSID} = “SnagItShellExt Class” \InProcServer32(Default) = “C:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll” [“TechSmith Corporation”] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” - {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll” [“Alcohol Soft Development Team”] “{6DEA92E9-8682-4b6a-97DE-354772FE5727}” = “Autodesk DWF Preview” - {HKLM…CLSID} = “ACDWFTHMBPRXY” \InProcServer32(Default) = “C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll” [“Autodesk”] “{36A21736-36C2-4C11-8ACB-D4136F2B57BD}” = “AutoCAD Digital Signatures Icon Overlay Handler” - {HKLM…CLSID} = “AcSignIcon” \InProcServer32(Default) = “C:\WINDOWS\System32\AcSignIcon.dll” [“Autodesk”] “{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}” = “Autodesk Drawing Preview” - {HKLM…CLSID} = “ACTHUMBNAIL” \InProcServer32(Default) = “C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll” [“Autodesk”] “{00020000-0000-1011-8004-0000C06B5161}” = “WIBU-SYSTEMS Shell Extension” - {HKLM…CLSID} = “WIBU-SYSTEMS Shell Extension” \InProcServer32(Default) = “C:\Program Files\WIBU-SYSTEMS\System\WibuShellExt.dll” [“WIBU-SYSTEMS AG”] “{6af09ec9-b429-11d4-a1fb-0090960218cb}” = “My Bluetooth Places” - {HKLM…CLSID} = “My Bluetooth Places” \InProcServer32(Default) = “C:\WINDOWS\System32\btneighborhood.dll” [“WIDCOMM, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ “{35B2861B-2B26-4691-9FF0-09083722C736}” = “RadExe Extension” - {HKLM…CLSID} = “RadExeExt Class” \InProcServer32(Default) = “C:\WINDOWS\System32\RadExe.dll” [empty string] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5” - {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] HKLM\Software\Classes\PROTOCOLS\Filter\ text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {00020000-0000-1011-8004-0000C06B5161}(Default) = (no title provided) - {HKLM…CLSID} = “WIBU-SYSTEMS Shell Extension” \InProcServer32(Default) = “C:\Program Files\WIBU-SYSTEMS\System\WibuShellExt.dll” [“WIBU-SYSTEMS AG”] {CC8D2568-3AC5-459F-851F-6F19A89CBCB1}(Default) = “PMF Custom Columns” - {HKLM…CLSID} = “PMFHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\ESRI\esriShellExt.dll” ["ESRI "] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” - {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] SnagItMainShellExt(Default) = “{CF74B903-3389-469c-B3B6-0204D204FCBD}” - {HKLM…CLSID} = “SnagItShellExt Class” \InProcServer32(Default) = “C:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll” [“TechSmith Corporation”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” - {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] SnagItMainShellExt(Default) = “{CF74B903-3389-469c-B3B6-0204D204FCBD}” - {HKLM…CLSID} = “SnagItShellExt Class” \InProcServer32(Default) = “C:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll” [“TechSmith Corporation”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ FineReader(Default) = “{AC0DD14A-8F29-4F88-BE1D-0F0ED1B06C9F}” - {HKLM…CLSID} = “FineReaderExplorerContextMenuHandler” \InProcServer32(Default) = “c:\program files\abbyy finereader 7.0 professional edition\fecmenu.dll” [“ABBYY (BIT Software)”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Default executables: -------------------- HKCU\Software\Classes.scr(Default) = “AutoCADScriptFile” HKCU\Software\Classes\AutoCADScriptFile\shell\open\command(Default) = "“C:\WINDOWS\System32\notepad.exe” “%1"” [MS] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “DisableRegistryTools” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\Documents and Settings\Monika i Tomek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\ssmypics.scr” [MS] Startup items in “Monika i Tomek” “All Users” startup folders: ---------------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “BlueSoleil” - shortcut to: “C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe” [“IVT Corporation”] “BTTray” - shortcut to: “C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe” [“WIDCOMM, Inc.”] “EPSON Background Monitor” - shortcut to: “C:\Program Files\EPSON\ESM2\STMS.exe” [“SEIKO EPSON CORPORATION”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ “{50D31413-8B14-4158-94A5-80BE78E23058}” - {HKLM…CLSID} = “Alive MP3 WAV Converter Toolbar” \InProcServer32(Default) = “C:\Program Files\Alive MP3 WAV Converter Toolbar\v2.0.0.2\Alive_MP3_WAV_Converter_Toolbar.dll” [null data] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{50D31413-8B14-4158-94A5-80BE78E23058}” - {HKLM…CLSID} = “Alive MP3 WAV Converter Toolbar” \InProcServer32(Default) = “C:\Program Files\Alive MP3 WAV Converter Toolbar\v2.0.0.2\Alive_MP3_WAV_Converter_Toolbar.dll” [null data] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}” = (no title provided) - {HKLM…CLSID} = “SnagIt” \InProcServer32(Default) = “C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll” [“TechSmith Corporation”] “{50D31413-8B14-4158-94A5-80BE78E23058}” = “Alive MP3 WAV Converter Toolbar” - {HKLM…CLSID} = “Alive MP3 WAV Converter Toolbar” \InProcServer32(Default) = “C:\Program Files\Alive MP3 WAV Converter Toolbar\v2.0.0.2\Alive_MP3_WAV_Converter_Toolbar.dll” [null data] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}” - {HKLM…CLSID} = “Java Plug-in 1.5.0_05” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll” [“Sun Microsystems, Inc.”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” {CCA281CA-C863-46EF-9331-5C8D4460577F}\ “ButtonText” = “@btrez.dll ,-4015” “MenuText” = “@btrez.dll ,-4017” “Script” = “C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm” [null data] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\System32\Ati2evxx.exe” [“ATI Technologies Inc.”] AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe” [“Anti-Malware Development a.s.”] BlueSoleil Hid Service, BlueSoleil Hid Service, “C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe” [null data] Bluetooth Service, btwdins, “C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe” [“WIDCOMM, Inc.”] EpsonBidirectionalService, EpsonBidirectionalService, “C:\Program Files\EPSON\ESM2\eEBSVC.exe” [null data] PMJ151 AutoLaunch Service, PMJ151LA, “C:\WINDOWS\PMJ151LA.BIN” [“Matsushita Electric Industrial Co. ,Ltd,”] StarWind iSCSI Service, StarWindService, “C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe” [“Rocket Division Software”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\System32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ BJC-5100 Language Monitor\Driver = “LMCORE32.DLL” [“Canon Information Systems, Inc.”] Bluetooth Printer Port\Driver = “bthcrp.dll” [“WIDCOMM, Inc.”] EPSON BiD Monitor1\Driver = “EBPMON2.DLL” [“SEIKO EPSON CORPORATION”] EPSON BiD Monitor1(1)\Driver = “EBPMON2.dll” [“SEIKO EPSON CORPORATION”] HP DesignJet ECP Monitor\Driver = “HPLTLM.DLL” [“Hewlett-Packard Corporation, Microsoft Corporation”] hpzsnt07\Driver = “hpzsnt07.dll” [“HP”] Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] QPrinter\Driver = “redmonnt.dll” [null data] ---------- : Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 430 seconds, including 6 seconds for message boxes)
Złączono Posta : 03.12.2006 (Nie) 19:09
up