Witam, jestem zupełnym laikiem w temacie - będę wdzięczna za pomoc. Mój komp świruje od jakiegoś czasu, sytem zawiesza się w nieoczekiwanych momentach. Word w ogóle nie działa. AVG wykrył u mnie cztery pliki zainfekowane trojanem VB.aqt. Jak go usunąć?
tresa , proszę zapoznaj się z tą stroną oraz tym tematem, a następnie popraw tytuł tematu, używając przycisku
Plik zainfekował dwa dyski - C:\System Volume Information, E:\System Volume Information i E:\Recycled\ctfmon.exe,
dla pewności dałabyś logi z Hijack This , ComboFix i Sillent Runners to zobczymy co tam siedzi :-o
w takim razie muszę jeszcze zapytać co to są logi?
Zainstalowałam HijackThis. To log z przeskanowania sytemu. AVG poddał pliki kwarantannie, czy to ma wpływ na wygląd poniższego?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:39:23, on 2008-01-26
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Corel\Graphics9\Register\Remind32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM…\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM…\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM…\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM…\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM…\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM…\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM…\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM…\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM…\Run: [ccApp] “c:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 - HKLM…\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM…\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM…\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM…\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM…\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM…\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM…\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033
O4 - HKLM…\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
O4 - HKLM…\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM…\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe
O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart
O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: Rejestrowanie produktów Corela.lnk = C:\Program Files\Corel\Graphics9\Register\Remind32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: http://www.mks.com.pl
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.c … hcImpl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Usługa Auto-Protect programu Norton AntiVirus (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Usługa Norton Protection Center (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
–
End of file - 13294 bytes
Dziękuje Sguall
Poniżej log z Silent Runners:
“Silent Runners.vbs”, revision 55, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS]
“Zinio DLM” = “C:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart” [file not found]
“MsnMsgr” = ““C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background” [file not found]
“swg” = “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [“Google Inc.”]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
“AGRSMMSG” = “AGRSMMSG.exe” [“Agere Systems”]
“SoundMAXPnP” = “C:\Program Files\Analog Devices\Core\smax4pnp.exe” [“Analog Devices, Inc.”]
“SoundMAX” = “C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray” [“Analog Devices, Inc.”]
“PTHOSTTR” = “C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start” [“Hewlett-Packard Development Company, L.P.”]
“HP Software Update” = “C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe” [“Hewlett-Packard Co.”]
“DLA” = “C:\WINDOWS\System32\DLA\DLACTRLW.EXE” [“Sonic Solutions”]
“SynTPEnh” = “C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [“Synaptics, Inc.”]
“igfxtray” = “C:\WINDOWS\system32\igfxtray.exe” [“Intel Corporation”]
“igfxhkcmd” = “C:\WINDOWS\system32\hkcmd.exe” [“Intel Corporation”]
“igfxpers” = “C:\WINDOWS\system32\igfxpers.exe” [“Intel Corporation”]
“hpWirelessAssistant” = “C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe” [“Hewlett-Packard Development Company, L.P.”]
“ccApp” = ““c:\Program Files\Common Files\Symantec Shared\ccApp.exe”” [“Symantec Corporation”]
“CognizanceTS” = “rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule” [MS]
“QlbCtrl” = “C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start”
“Cpqset” = “C:\Program Files\HPQ\Default Settings\cpqset.exe” [null data]
“Recguard” = “C:\WINDOWS\Sminst\Recguard.exe” [empty string]
“Reminder” = “C:\WINDOWS\Creator\Remind_XP.exe” [empty string]
“Scheduler” = “C:\WINDOWS\SMINST\Scheduler.exe” [empty string]
“WatchDog” = “C:\Program Files\InterVideo\DVD Check\DVDCheck.exe” [“InterVideo Inc.”]
“QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”]
“DAEMON Tools-1033” = ““C:\Program Files\D-Tools\daemon.exe” -lang 1033” [“DAEMON’S HOME”]
“ISUSPM Startup” = “C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup” [“InstallShield Software Corporation”]
“ISUSScheduler” = ““C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start” [“InstallShield Software Corporation”]
“(Default)” = (empty string) [file not found]
“StatusClient” = “C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto” [“Hewlett-Packard”]
“TomcatStartup” = “C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe” [“Hewlett-Packard”]
“WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”]
“WOOTASKBARICON” = “C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe” [“France Télécom R&D”]
“iTunesHelper” = ““C:\Program Files\iTunes\iTunesHelper.exe”” [“Apple Computer, Inc.”]
“WinampAgent” = “C:\Program Files\Winamp\winampa.exe” [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM…CLSID} = “Adobe PDF Reader Link Helper”
\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]
{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”]
{5CA3D70E-1895-11CF-8E15-001234567890}(Default) = “*_” (unwritable string)
-> {HKLM…CLSID} = “DriveLetterAccess”
\InProcServer32(Default) = “C:\WINDOWS\System32\DLA\DLASHX_W.DLL” [“Sonic Solutions”]
{9030D464-4C02-4ABF-8ECC-5164760863C6}(Default) = (no title provided)
-> {HKLM…CLSID} = “Windows Live Sign-in Helper”
\InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll” [MS]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}(Default) = “NAV Helper”
-> {HKLM…CLSID} = “CNavExtBho Class”
\InProcServer32(Default) = “c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”]
{AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided)
-> {HKLM…CLSID} = “Google Toolbar Helper”
\InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}(Default) = (no title provided)
-> {HKLM…CLSID} = “Google Toolbar Notifier BHO”
\InProcServer32(Default) = “C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll” [“Google Inc.”]
{DF21F1DB-80C6-11D3-9483-B03D0EC10000}(Default) = “HP Credential Manager for ProtectTools”
-> {HKLM…CLSID} = “HP Credential Manager for ProtectTools”
\InProcServer32(Default) = “C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll” [“Infineon Technologies AG”]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”
-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”
\InProcServer32(Default) = “deskpan.dll” [file not found]
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”
-> {HKLM…CLSID} = “HyperTerminal Icon Ext”
\InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]
“{5CA3D70E-1895-11CF-8E15-001234567890}” = “DriveLetterAccess”
-> {HKLM…CLSID} = “DriveLetterAccess”
\InProcServer32(Default) = “C:\WINDOWS\System32\DLA\DLASHX_W.DLL” [“Sonic Solutions”]
“{2F603045-309F-11CF-9774-0020AFD0CFF6}” = “Synaptics Control Panel”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Synaptics\SynTP\SynTPCpl.dll” [“Synaptics, Inc.”]
“{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu”
-> {HKLM…CLSID} = “Portable Media Devices Menu”
\InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS]
“{666C7831-A9B6-4AB4-94ED-DC238C81E925}” = “Document Manager (Context Menu)”
-> {HKLM…CLSID} = “Document Manager (Shell Context Menu)”
\InProcServer32(Default) = “C:\Program Files\HPQ\IAM\Bin\SFSShell.dll” [“Cognizance Corporation”]
“{666C7832-A9B6-4AB4-94ED-DC238C81E925}” = “Document Manager (File Properties)”
-> {HKLM…CLSID} = “Document Manager (Shell File Properties)”
\InProcServer32(Default) = “C:\Program Files\HPQ\IAM\Bin\SFSShell.dll” [“Cognizance Corporation”]
“{666C7835-A9B6-4AB4-94ED-DC238C81E925}” = “Document Manager (Drive Properties)”
-> {HKLM…CLSID} = “Document Manager (Shell Drive Properties)”
\InProcServer32(Default) = “C:\Program Files\HPQ\IAM\Bin\SFSShell.dll” [“Cognizance Corporation”]
“{7F67036B-66F1-411A-AD85-759FB9C5B0DB}” = “SampleView”
-> {HKLM…CLSID} = “SampleView”
\InProcServer32(Default) = “C:\WINDOWS\system32\ShellvRTF.dll” [“XSS”]
“{6af09ec9-b429-11d4-a1fb-0090960218cb}” = “My Bluetooth Places”
-> {HKLM…CLSID} = “Moje miejsca interfejsu Bluetooth”
\InProcServer32(Default) = “C:\WINDOWS\system32\btneighborhood.dll” [“Broadcom Corporation.”]
“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS]
“{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player”
-> {HKLM…CLSID} = “RealOne Player Context Menu Class”
\InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”]
“{6DEA92E9-8682-4b6a-97DE-354772FE5727}” = “Autodesk DWF Preview”
-> {HKLM…CLSID} = “ACDWFTHMBPRXY”
\InProcServer32(Default) = “C:\Program Files\Common Files\Autodesk Shared\AcDwfThmbPrxy16.dll” [“Autodesk”]
“{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}” = “iTunes”
-> {HKLM…CLSID} = “iTunes”
\InProcServer32(Default) = “C:\Program Files\iTunes\iTunesMiniPlayer.dll” [“Apple Computer, Inc.”]
“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler”
-> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS]
“{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler”
-> {HKLM…CLSID} = “Microsoft Office Outlook”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<> “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5”
-> {HKLM…CLSID} = “CShellExecuteHookImpl Object”
\InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“GRISOFT s.r.o.”]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> igfxcui\DLLName = “igfxdev.dll” [“Intel Corporation”]
<> OneCard\DLLName = “C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll” [“Cognizance Corporation”]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info”
-> {HKLM…CLSID} = “PDF Shell Extension”
\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”]
HKLM\SOFTWARE\Classes*\shellex\ContextMenuHandlers\
AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}”
-> {HKLM…CLSID} = “CContextScan Object”
\InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“GRISOFT s.r.o.”]
Document Manager(Default) = “{666C7831-A9B6-4AB4-94ED-DC238C81E925}”
-> {HKLM…CLSID} = “Document Manager (Shell Context Menu)”
\InProcServer32(Default) = “C:\Program Files\HPQ\IAM\Bin\SFSShell.dll” [“Cognizance Corporation”]
Symantec.Norton.Antivirus.IEContextMenu(Default) = “{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}”
-> {HKLM…CLSID} = “IEContextMenu Class”
\InProcServer32(Default) = “c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}”
-> {HKLM…CLSID} = “CContextScan Object”
\InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“GRISOFT s.r.o.”]
Document Manager(Default) = “{666C7831-A9B6-4AB4-94ED-DC238C81E925}”
-> {HKLM…CLSID} = “Document Manager (Shell Context Menu)”
\InProcServer32(Default) = “C:\Program Files\HPQ\IAM\Bin\SFSShell.dll” [“Cognizance Corporation”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu(Default) = “{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}”
-> {HKLM…CLSID} = “IEContextMenu Class”
\InProcServer32(Default) = “c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
Group Policies {policy setting}:
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
“DisableRegistryTools” = (REG_DWORD) dword:0x00000000
{Prevent access to registry editing tools}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
“shutdownwithoutlogon” = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
“undockwithoutlogon” = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
“Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”
Enabled Screen Saver:
HKCU\Control Panel\Desktop\
“SCRNSAVE.EXE” = “C:\WINDOWS\system32\ssstars.scr” [MS]
DESKTOP.INI DLL launch in local fixed drive directories:
C:\Program Files\WIDCOMM\Bluetooth Software\Moje miejsca interfejsu Bluetooth\DESKTOP.INI
[.ShellClassInfo]
CLSID={6af09ec9-b429-11d4-a1fb-0090960218cb}
-> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\btneighborhood.dll” [“Broadcom Corporation.”]
E:\cmdcons\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ShellvRTF.dll” [“XSS”]
E:\MiniNT\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ShellvRTF.dll” [“XSS”]
E:\i386\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ShellvRTF.dll” [“XSS”]
E:\PRELOAD\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ShellvRTF.dll” [“XSS”]
Startup items in “admin” & “All Users” startup folders:
C:\Documents and Settings\admin\Menu Start\Programy\Autostart
“Picture Motion Browser Media Check Tool” -> shortcut to: “C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe /nobaloononstart” [“Sony Corporation”]
“Rejestrowanie produktów Corela” -> shortcut to: “C:\Program Files\Corel\Graphics9\Register\Remind32.exe” [“IntelliQuest Communications, Inc.”]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
“Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”]
“BTTray” -> shortcut to: “C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe” [“Broadcom Corporation.”]
“DVD Check” -> shortcut to: “C:\Program Files\InterVideo\DVD Check\DVDCheck.exe” [“InterVideo Inc.”]
Enabled Scheduled Tasks:
“AppleSoftwareUpdate” -> launches: “C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task” [“Apple Computer, Inc.”]
“Norton AntiVirus - Uruchom pełne skanowanie systemu - admin” -> launches: “c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe /TASK:“C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca”” [“Symantec Corporation”]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 23
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
“{C4069E3A-68F1-403E-B40E-20066696354B}”
-> {HKLM…CLSID} = “Norton AntiVirus”
\InProcServer32(Default) = “c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”]
“{2318C2B1-4965-11D4-9B18-009027A5CD4F}”
-> {HKLM…CLSID} = “&Google”
\InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
“{C4069E3A-68F1-403E-B40E-20066696354B}” = “Norton AntiVirus”
-> {HKLM…CLSID} = “Norton AntiVirus”
\InProcServer32(Default) = “c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”]
“{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided)
-> {HKLM…CLSID} = “&Google”
\InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”]
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
HKLM\SOFTWARE\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie”
Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
“ButtonText” = “Badanie”
Miscellaneous IE Hijack Points
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<> “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided)
-> {HKLM…CLSID} = “Search Class”
\InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [empty string]
Running Services (Display Name, Service Name, Path {Service DLL}):
Autodesk Licensing Service, Autodesk Licensing Service, ““C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe”” [“Autodesk”]
AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe” [“GRISOFT s.r.o.”]
Bluetooth Service, btwdins, “C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe” [“Broadcom Corporation.”]
France Telecom Routing Table Service, FTRTSVC, “C:\WINDOWS\System32\FTRTSVC.exe” [“France Telecom”]
Harmonogram automatycznej usługi LiveUpdate, Harmonogram automatycznej usługi LiveUpdate, ““C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe”” [“Symantec Corporation”]
hpqwmiex, hpqwmiex, “C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe” [“Hewlett-Packard Development Company, L.P.”]
iPod Service, iPod Service, ““C:\Program Files\iPod\bin\iPodService.exe”” [“Apple Computer, Inc.”]
LightScribeService Direct Disc Labeling Service, LightScribeService, ““C:\Program Files\Common Files\LightScribe\LSSrvc.exe”” [“Hewlett-Packard Company”]
Local Communication Channel, ASChannel, “C:\WINDOWS\System32\svchost.exe -k Cognizance” {“C:\Program Files\HPQ\IAM\Bin\ASChnl.dll” [“Cognizance Corporation”]}
Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS]
RaySat_3dsmax8 Server, mi-raysat_3dsmax8, ““C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe”” [null data]
Symantec Core LC, Symantec Core LC, ““C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe”” [“Symantec Corporation”]
Symantec Event Manager, ccEvtMgr, ““c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe”” [“Symantec Corporation”]
Symantec Network Drivers Service, SNDSrvc, ““c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe”” [“Symantec Corporation”]
Symantec Network Proxy, ccProxy, ““c:\Program Files\Common Files\Symantec Shared\ccProxy.exe”” [“Symantec Corporation”]
Symantec Settings Manager, ccSetMgr, ““c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe”” [“Symantec Corporation”]
Usługa Norton Protection Center, NSCService, “C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE” [“Symantec Corporation”]
Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS]
Print Monitors:
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
HP Master Monitor\Driver = “HPBMMON.DLL” [“Hewlett-Packard”]
HP Mobile Printing Monitor\Driver = “HPMPMW.DLL” [“Hewlett-Packard”]
Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS]
Port drukarki interfejsu Bluetooth\Driver = “bthcrp.dll” [“Broadcom Corporation.”]
---------- (launch time: 2008-01-26 13:51:43)
<>: Suspicious data at a malware launch point.
<>: Suspicious data at a browser hijack point.
-
This report excludes default entries except where indicated.
-
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
- The search for DESKTOP.INI DLL launch points on all local fixed drives
took 36 seconds.
---------- (total run time: 68 seconds)
Jeszcze Combo Fix…
ComboFix 08-01-23.1C - admin 2008-01-26 14:01:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.595 [GMT 1:00]
Running from: C:\Documents and Settings\admin\Ustawienia lokalne\Temporary Internet Files\Content.IE5\QLHV1LJB\ComboFix[1].exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
E:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))
.
2008-01-26 14:00 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-26 13:39 . 2008-01-26 13:39
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 13:04 --------- d-----w C:\Program Files\neostrada tp
2008-01-25 21:42 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-13 13:57 --------- d-----w C:\Program Files\eMule
2007-12-17 21:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 09:00 15360]
“Zinio DLM”=“C:\Program Files\Zinio\ZinioDeliveryManager.exe” []
“MsnMsgr”=“C:\Program Files\MSN Messenger\MsnMsgr.exe” []
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-10-06 13:17 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“AGRSMMSG”=“AGRSMMSG.exe” [2006-01-30 02:00 88203 C:\WINDOWS\AGRSMMSG.exe]
“SoundMAXPnP”=“C:\Program Files\Analog Devices\Core\smax4pnp.exe” [2005-05-20 09:11 925696]
“SoundMAX”=“C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” [2005-05-06 13:06 716800]
“PTHOSTTR”=“C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe” [2006-02-14 10:56 122880]
“HP Software Update”=“C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe” [2005-02-16 22:11 49152]
“DLA”=“C:\WINDOWS\System32\DLA\DLACTRLW.EXE” [2005-08-31 04:20 122940]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2005-11-10 19:04 761945]
“igfxtray”=“C:\WINDOWS\system32\igfxtray.exe” [2006-03-23 13:17 94208]
“igfxhkcmd”=“C:\WINDOWS\system32\hkcmd.exe” [2006-03-23 13:13 77824]
“igfxpers”=“C:\WINDOWS\system32\igfxpers.exe” [2006-03-23 13:17 118784]
“hpWirelessAssistant”=“C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe” [2006-02-14 09:49 454656]
“ccApp”=“c:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2007-03-01 11:29 52840]
“CognizanceTS”=“C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll” [2003-12-22 19:12 17920]
“QlbCtrl”=“C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe” [2006-03-02 14:39 131072]
“Cpqset”=“C:\Program Files\HPQ\Default Settings\cpqset.exe” [2006-02-22 07:03 40960]
“Recguard”=“C:\WINDOWS\Sminst\Recguard.exe” [2005-12-20 14:51 1187840]
“Reminder”=“C:\WINDOWS\Creator\Remind_XP.exe” [2006-01-23 15:11 802816]
“Scheduler”=“C:\WINDOWS\SMINST\Scheduler.exe” [2006-02-15 14:43 892928]
“WatchDog”=“C:\Program Files\InterVideo\DVD Check\DVDCheck.exe” [2005-11-08 10:59 184320]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2006-10-25 18:58 282624]
“DAEMON Tools-1033”=“C:\Program Files\D-Tools\daemon.exe” [2004-08-22 16:05 81920]
“ISUSPM Startup”=“C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe” [2004-07-27 15:50 221184]
“ISUSScheduler”=“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” [2004-07-27 15:50 81920]
“StatusClient”=“C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe” [2002-12-16 15:51 36864]
“TomcatStartup”=“C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe” [2003-03-31 18:28 155648]
“WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2004-08-23 14:49 20480]
“WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\GestMaj.exe” [2004-10-14 16:55 32768]
“iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe” [2006-10-30 09:36 256576]
“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2006-11-21 18:38 35328]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 09:00 15360]
C:\Documents and Settings\admin\Menu Start\Programy\Autostart\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-06-06 20:37:08 344064]
Rejestrowanie produkt˘w Corela.lnk - C:\Program Files\Corel\Graphics9\Register\Remind32.exe [2007-07-16 20:31:58 67584]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-02-15 15:16:02 581693]
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2006-08-08 11:29:51 184320]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll 2005-07-25 19:41 40960 C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 09:00]
R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;“C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe” [2006-08-03 16:40]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 11:07]
S3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 11:03]
S4 Beeidi;Beeidi;C:\WINDOWS\system32\drivers\arp1394.sys [2004-08-04 09:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{735b6422-edbe-11db-bf3c-001302654fbb}]
\Shell\AutoRun\command - H:\USBNB.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8f149120-458c-11dc-bfd0-0016417d3942}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
*Newly Created Service* - COMHOST
.
Contents of the ‘Scheduled Tasks’ folder
“2007-12-14 12:36:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job”
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
“2007-12-14 21:48:04 C:\WINDOWS\Tasks\Norton AntiVirus - Uruchom pełne skanowanie systemu - admin.job”
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!
- co to oznacza?
Próbowałam ostatnio stwrzyć płyty odzyskiwania, komputer podziękował mi przy 6 płycie twierdząc, że moje DVD jest gotowe. Wkładałam płyty CD, wg informacji podanych na poczatku powinno być ich 12. Czy w związku z tym nie mogę przywracać systemu i ustalać punktów przywracania?