system
12 Marzec 2007 22:50
#1
witam
antyvirus wykrywa jakies robaki i konie trojańskie np. Adwere Generic. SFR, Lop.AX itp powywalałem wszystko co sie z tym kojażyło i dalej sie pojawiaja wyskakuja dziwne okna w przegladarce informujace o jakimś virusie i jakis atakach z jakiegos adresu ip z lokalizacji worsaw.
w logu tez sa jakieś adresy ip jak to cos wywalić bo juz mnie nerwa szarpie i zaraz zrobie formata:(((
Logfile of HijackThis v1.99.1 Scan saved at 23:29:09, on 2007-03-12 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\System32\igfxsrvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\System32\WLTRAY.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\igfxext.exe C:\DOCUME~1\STANLE~1\USTAWI~1\Temp\RtkBtMnt.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe C:\PROGRA~1\Grisoft\AVG7\avgwa.dat C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Winamp\winamp.exe C:\WINDOWS\regedit.exe C:\Documents and Settings\stanley&gocha\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ O4 - HKLM…\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM…\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM…\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe O4 - HKLM…\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra ‘Tools’ menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O17 - HKLM\System\CCS\Services\Tcpip…{46E335F6-B0D0-4723-BB7A-0AE06CCBEF6B}: NameServer = 83.238.255.76 213.241.79.37 O17 - HKLM\System\CS1\Services\Tcpip…{46E335F6-B0D0-4723-BB7A-0AE06CCBEF6B}: NameServer = 83.238.255.76 213.241.79.37 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
adam9870
12 Marzec 2007 23:01
#2
Możesz ciachnąć ten wpis HJT.
Użyj Windows Worms Doors Cleanera
Wklej dodatkowo log z SilentRunners Comboscan
system
12 Marzec 2007 23:28
#3
“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS] “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “LManager” = “C:\PROGRA~1\LAUNCH~1\LManager.exe” [“Dritek System Inc.”] “igfxtray” = “C:\WINDOWS\System32\igfxtray.exe” [“Intel Corporation”] “igfxpers” = “C:\WINDOWS\System32\igfxpers.exe” [“Intel Corporation”] “SkyTel” = “SkyTel.EXE” [“Realtek Semiconductor Corp.”] “RTHDCPL” = “RTHDCPL.EXE” [“Realtek Semiconductor Corp.”] “SynTPEnh” = “C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [“Synaptics, Inc.”] “Broadcom Wireless Manager UI” = “C:\WINDOWS\System32\WLTRAY.exe” [“Broadcom Corporation”] “AVG7_CC” = “C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP” [“GRISOFT, s.r.o.”] “SpeedTouch USB Diagnostics” = ““C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {22BF413B-C6D2-4d91-82A9-A0F997BA588C}(Default) = “Skype add-on (mastermind)” -> {HKLM…CLSID} = “Skype add-on (mastermind)” \InProcServer32(Default) = “C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL” [“Skype Technologies S.A.”] {5754FC2A-7AFB-4FC7-886A-9FD8FC071106}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\sstqr.dll” [null data] {B07CB267-5E6F-441F-9B3C-324EFE70F897}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\byxxuvt.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{2F603045-309F-11CF-9774-0020AFD0CFF6}” = “Synaptics Control Panel” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Synaptics\SynTP\SynTPCpl.dll” [“Synaptics, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” = “AVG7 Shell Extension” -> {HKLM…CLSID} = “AVG7 Shell Extension Class” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG7\avgse.dll” [“GRISOFT, s.r.o.”] “{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}” = “AVG7 Find Extension” -> {HKLM…CLSID} = “AVG7 Find Extension Class” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG7\avgse.dll” [“GRISOFT, s.r.o.”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL” [MS] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll” [“Alcohol Soft Development Team”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{B07CB267-5E6F-441F-9B3C-324EFE70F897}” = “*]” (unwritable string) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\byxxuvt.dll” [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> byxxuvt\DLLName = “byxxuvt.dll” [null data] <> igfxcui\DLLName = “igfxdev.dll” [“Intel Corporation”] <> sstqr\DLLName = “C:\WINDOWS\System32\sstqr.dll” [null data] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ AVG7 Shell Extension(Default) = “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” -> {HKLM…CLSID} = “AVG7 Shell Extension Class” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG7\avgse.dll” [“GRISOFT, s.r.o.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AVG7 Shell Extension(Default) = “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” -> {HKLM…CLSID} = “AVG7 Shell Extension Class” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG7\avgse.dll” [“GRISOFT, s.r.o.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\Documents and Settings\stanley&gocha\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\stanley&gocha\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\System32\avgfwafu.dll [“GRISOFT, s.r.o.”], 01 - 05 %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 24 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {77BF5300-1474-4EC7-9980-D32B190E9B07}\ “ButtonText” = “Skype” “CLSIDExtension” = “{77BF5300-1474-4EC7-9980-D32B190E9B07}” -> {HKLM…CLSID} = “Skype add-on (button)” \InProcServer32(Default) = “C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL” [“Skype Technologies S.A.”] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Messenger” “Exec” = “C:\Program Files\Messenger\MSMSGS.EXE” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVG E-mail Scanner, AVGEMS, “C:\PROGRA~1\Grisoft\AVG7\avgemc.exe” [“GRISOFT, s.r.o.”] AVG Firewall, AVGFwSrv, “C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe /srvfsys” [“GRISOFT, s.r.o.”] AVG7 Alert Manager Server, Avg7Alrt, “C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe” [“GRISOFT, s.r.o.”] AVG7 Update Service, Avg7UpdSvc, “C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe” [“GRISOFT, s.r.o.”] Broadcom Wireless LAN Tray Service, wltrysvc, “C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe” [null data] Cyberlink RichVideo Service(CRVS), RichVideo, ““C:\Program Files\CyberLink\Shared Files\RichVideo.exe”” [empty string] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 284 seconds, including 68 seconds for message boxes)
Złączono Posta : 13.03.2007 (Wto) 0:34
ComboScan v20070306.20 run by stanley&gocha on 2007-03-13 at 00:32:04 Computer is in Normal Mode. -------------------------------------------------------------------------------- – System Restore -------------------------------------------------------------- Successfully created ComboScan Restore Point. – Last 5 Restore Point(s) – 10: 2007-03-12 23:32:07 UTC - RP107 - ComboScan Restore Point 9: 2007-03-10 23:04:21 UTC - RP106 - Punkt kontrolny systemu 8: 2007-03-03 09:14:48 UTC - RP105 - Punkt kontrolny systemu 7: 2007-02-26 19:29:12 UTC - RP104 - Punkt kontrolny systemu 6: 2007-02-24 20:01:02 UTC - RP103 - Punkt kontrolny systemu – First Restore Point – 1: 2007-02-17 21:29:42 UTC - RP98 - Punkt kontrolny systemu Performed disk cleanup. – HijackThis (run as stanley&gocha.exe) --------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 00:32:14, on 2007-03-13 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\System32\WLTRAY.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\igfxsrvc.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\igfxext.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\DOCUME~1\STANLE~1\USTAWI~1\Temp\RtkBtMnt.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Documents and Settings\stanley&gocha\Pulpit\comboscan.exe C:\DOCUME~1\STANLE~1\Pulpit\stanley&gocha.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: (no name) - {5754FC2A-7AFB-4FC7-886A-9FD8FC071106} - C:\WINDOWS\System32\sstqr.dll O2 - BHO: (no name) - {B07CB267-5E6F-441F-9B3C-324EFE70F897} - C:\WINDOWS\System32\byxxuvt.dll O4 - HKLM…\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM…\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM…\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe O4 - HKLM…\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra ‘Tools’ menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O17 - HKLM\System\CCS\Services\Tcpip…{46E335F6-B0D0-4723-BB7A-0AE06CCBEF6B}: NameServer = 83.238.255.76 213.241.79.37 O17 - HKLM\System\CS1\Services\Tcpip…{46E335F6-B0D0-4723-BB7A-0AE06CCBEF6B}: NameServer = 83.238.255.76 213.241.79.37 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: byxxuvt - C:\WINDOWS\SYSTEM32\byxxuvt.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: sstqr - C:\WINDOWS\System32\sstqr.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE – HijackThis Fixed Entries (C:\DOCUME~1\STANLE~1\Pulpit\backups) ------------- backup-20070312-224840-532 O4 - HKLM…\Run: [2chkdsk] rundll32.exe “C:\WINDOWS\System32\kwwpmjwn.dll”,setvm backup-20070312-230709-373 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm backup-20070313-000723-614 O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE – File Associations ----------------------------------------------------------- .bat - batfile - “%1” %* .chm - chm.file - “C:\WINDOWS\hh.exe” %1 .cmd - cmdfile - “%1” %* .com - comfile - “%1” %* .exe - exefile - “%1” %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe “%1” %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - “%1” %* .reg - regfile - regedit.exe “%1” .scr - scrfile - “%1” /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe “%1” %* – Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 3R alcan5wn (SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - C:\WINDOWS\system32\drivers\alcan5wn.sys 3R alcaudsl (SpeedTouch ADSL Modem ATM Transport) - C:\WINDOWS\system32\drivers\alcaudsl.sys 3R AR5211 (Atheros Wireless Network Adapter Service) - C:\WINDOWS\system32\drivers\ar5211.sys 1R Avg7Core (AVG7 Kernel) - C:\WINDOWS\system32\drivers\avg7core.sys 1R Avg7RsW (AVG7 Wrap Driver) - C:\WINDOWS\system32\drivers\avg7rsw.sys 1R Avg7RsXP (AVG7 Resident Driver XP) - C:\WINDOWS\system32\drivers\avg7rsxp.sys 1R AvgClean (AVG Clean Driver) - C:\WINDOWS\system32\drivers\avgclean.sys 2R AvgTdi (AVG Network Redirector) - C:\WINDOWS\system32\drivers\avgtdi.sys 3R bcm4sbxp (Broadcom 440x 10/100 Integrated Controller XP Driver) - C:\WINDOWS\system32\drivers\bcm4sbxp.sys 3S Bridge (Mostek MAC) - C:\WINDOWS\system32\drivers\bridge.sys 3S BridgeMP (Miniport mostka MAC) - C:\WINDOWS\system32\drivers\bridge.sys 3S btaudio (Urządzenie dźwiękowe Bluetooth) - C:\WINDOWS\System32\drivers\btaudio.sys (not found) 3S BTDriver (Sterownik do komunikacji wirtualnej Bluetooth) - C:\WINDOWS\System32\DRIVERS\btport.sys (not found) 3S BTKRNL (Licznik magistrali Bluetooth) - C:\WINDOWS\System32\DRIVERS\btkrnl.sys (not found) 3S BTWDNDIS (Serwer dostępu do sieci LAN Bluetooth) - C:\WINDOWS\System32\DRIVERS\btwdndis.sys (not found) 3R Cam5603D (Acer OrbiCam) - C:\WINDOWS\system32\drivers\BisonCam.sys 3S CCDECODE (Dekoder napisów) - C:\WINDOWS\system32\drivers\ccdecode.sys 3R DKbFltr (Dritek Keyboard Filter Driver) - C:\WINDOWS\system32\drivers\DKbFltr.SYS 3R EMSCR - C:\WINDOWS\system32\drivers\EMS7SK.sys 3R ESDCR - C:\WINDOWS\system32\drivers\ESD7SK.sys 3R ESMCR - C:\WINDOWS\system32\drivers\ESM7SK.sys 3R HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudbus.sys 3S HidUsb (Sterownik Microsoft klasy HID) - C:\WINDOWS\system32\drivers\hidusb.sys 3R HSFHWAZL - C:\WINDOWS\system32\drivers\HSFHWAZL.sys 3R HSF_DPV - C:\WINDOWS\system32\drivers\HSF_DPV.sys 3R ialm - C:\WINDOWS\system32\drivers\ialmnt5.sys 3R IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - C:\WINDOWS\system32\drivers\RtkHDAud.Sys 2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys 3S mouhid (Sterownik myszy HID) - C:\WINDOWS\system32\drivers\mouhid.sys 3S MSTEE (Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming) - C:\WINDOWS\system32\drivers\mstee.sys 3S NABTSFEC (Koder-dekoder NABTS/FEC VBI) - C:\WINDOWS\system32\drivers\nabtsfec.sys 3S NdisIP (Połączenie TV/wideo firmy Microsoft) - C:\WINDOWS\system32\drivers\ndisip.sys 3S NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - C:\WINDOWS\system32\nsndis5.sys 1R prodrv06 (StarForce Protection Environment Driver v6) - C:\WINDOWS\system32\drivers\prodrv06.sys 0R prohlp02 (StarForce Protection Helper Driver v2) - C:\WINDOWS\system32\drivers\prohlp02.sys 0R prosync1 (StarForce Protection Synchronization Driver v1) - C:\WINDOWS\system32\drivers\prosync1.sys 0R PxHelp20 - C:\WINDOWS\system32\drivers\PxHelp20.sys 4S s24trans (Transport WLAN) - C:\WINDOWS\System32\DRIVERS\s24trans.sys (not found) 0R sfhlp01 (StarForce Protection Helper Driver) - C:\WINDOWS\system32\drivers\sfhlp01.sys 3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\slip.sys 3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\streamip.sys 3R SynTP (Synaptics TouchPad Driver) - C:\WINDOWS\system32\drivers\SynTP.sys 3R usbehci (Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft) - C:\WINDOWS\system32\drivers\usbehci.sys 3S usbscan (Sterownik skanera USB) - C:\WINDOWS\system32\drivers\usbscan.sys 3R winachsf - C:\WINDOWS\system32\drivers\HSF_CNXT.sys 1R WmiAcpi (Interfejs zarządzania Microsoft Windows dla ACPI) - C:\WINDOWS\system32\drivers\wmiacpi.sys 3S WSTCODEC (Kodery-dekodery teletekstu w standardzie światowym) - C:\WINDOWS\system32\drivers\wstcodec.sys 0R xmasbus - C:\WINDOWS\system32\drivers\xmasbus.sys 0R xmasscsi - C:\WINDOWS\system32\drivers\xmasscsi.sys – Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- 2R Avg7Alrt (AVG7 Alert Manager Server) - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe 2R Avg7UpdSvc (AVG7 Update Service) - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe 2R AVGEMS (AVG E-mail Scanner) - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe 2R AVGFwSrv (AVG Firewall) - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe /srvfsys 2R RichVideo (Cyberlink RichVideo Service(CRVS)) - “C:\Program Files\CyberLink\Shared Files\RichVideo.exe” 3S SCardDrv (Pomocnik karty inteligentnej) - C:\WINDOWS\System32\SCardSvr.exe 2R uploadmgr (Menedżer przekazywania) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R wltrysvc (Broadcom Wireless LAN Tray Service) - C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe 2R WmdmPmSp (Numer seryjny nośnika przenośnego) - C:\WINDOWS\System32\svchost.exe -k netsvcs – Files created between 2007-02-13 and 2007-03-13 ----------------------------- 2007-03-13 00:00:15 0 d-------- C:!KillBox 2007-03-12 21:46:39 5606 --a------ C:\WINDOWS\System32\stci.dll 2007-03-12 21:46:36 0 d-------- C:\Program Files\Thomson 2007-03-12 21:42:05 416097 —hs---- C:\WINDOWS\System32\rqtss.bak1 2007-03-12 21:41:49 282212 —hs---- C:\WINDOWS\System32\sstqr.dll 2007-03-11 21:02:51 193383 --a------ C:\WINDOWS\System32\gebcy.dll 2007-03-11 20:02:52 220179 --a------ C:\WINDOWS\System32\awvvw.dll 2007-03-11 19:56:40 190179 --a------ C:\WINDOWS\System32\ddayx.dll 2007-03-11 19:43:54 236523 --a------ C:\WINDOWS\System32\ssqrp.dll 2007-03-11 13:47:36 0 d-------- C:\Program Files\RegCleaner 2007-03-08 21:36:10 26685 —hs---- C:\WINDOWS\System32\pmnlmmk.dll 2007-03-08 21:34:45 26685 —hs---- C:\WINDOWS\System32\urqrrpp.dll 2007-03-08 21:32:52 26685 —hs---- C:\WINDOWS\System32\byxxuvt.dll 2007-03-07 21:02:48 53600 --a------ C:\WINDOWS\System32\drivers\alcan5wn.sys 2007-03-07 21:02:34 5280 -ra------ C:\WINDOWS\System32\drivers\alcawh.sys 2007-03-07 21:02:34 70688 -ra------ C:\WINDOWS\System32\drivers\alcaudsl.sys 2007-03-07 21:02:34 3968 -ra------ C:\WINDOWS\System32\drivers\alcacr.sys 2007-03-02 19:16:18 0 d-------- C:\Program Files\Deutsch Translator 2 2007-02-22 18:20:41 0 d-------- C:\Program Files\IPSPI 2007-02-21 18:13:06 0 d-------- C:\Program Files\CyberLink 2007-02-21 17:13:29 125184 -----n— C:\WINDOWS\System32\drivers\imagesrv.sys 2007-02-21 17:13:29 5504 -----n— C:\WINDOWS\System32\drivers\imagedrv.sys 2007-02-21 17:13:14 106496 --a------ C:\WINDOWS\System32\TwnLib20.dll 2007-02-21 17:13:14 155648 --a------ C:\WINDOWS\System32\NeroCheck.exe 2007-02-21 17:13:14 471040 -----n— C:\WINDOWS\System32\ImagXRA7.dll 2007-02-21 17:13:14 262144 -----n— C:\WINDOWS\System32\ImagXR7.dll 2007-02-21 17:13:14 476320 -----n— C:\WINDOWS\System32\ImagXpr7.dll 2007-02-21 17:13:14 1568768 -----n— C:\WINDOWS\System32\ImagX7.dll 2007-02-21 17:13:14 0 d-------- C:\Program Files\Common Files\Ahead 2007-02-21 17:13:10 0 d-------- C:\Program Files\Ahead 2007-02-18 13:24:35 0 d-------- C:\Program Files\Network Stumbler 2007-02-17 22:48:39 249856 -----n— C:\WINDOWS\Setup1.exe 2007-02-17 22:48:37 73216 --a------ C:\WINDOWS\ST6UNST.EXE 2007-02-16 23:04:39 8464 --a------ C:\WINDOWS\System32\sporder.dll 2007-02-16 23:04:39 1429504 --a------ C:\WINDOWS\System32\rlvknlg.exe 2007-02-16 23:00:37 0 d-------- C:\Program Files\Save 2007-02-16 23:00:27 0 dr-h----- C:$VAULT$.AVG 2007-02-14 23:30:39 0 d-------- C:\Program Files\Advanced IP Scanner – Find3M Report --------------------------------------------------------------- 2007-03-13 00:17:34 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\Skype 2007-03-12 23:10:47 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\AVG7 2007-03-12 22:25:19 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\Help 2007-03-12 21:46:34 0 d–h----- C:\Program Files\InstallShield Installation Information 2007-03-11 12:40:01 0 d-------- C:\Program Files\English Translator 3 2007-03-08 22:05:45 0 d-------- C:\Program Files\DC++ 2007-03-07 21:04:24 356068 --a------ C:\WINDOWS\System32\perfh015.dat 2007-03-07 21:04:24 49910 --a------ C:\WINDOWS\System32\perfc015.dat 2007-03-05 08:40:09 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\Dokumenty AFi 2007-03-04 21:00:41 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\CyberLink 2007-02-20 20:02:20 0 d—s---- C:\Documents and Settings\stanley&gocha\Dane aplikacji\Microsoft 2007-02-18 11:55:31 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\Mikrotik 2007-02-11 21:57:29 0 d-------- C:\Program Files\PITy 2007-02-09 20:53:25 0 d-------- C:\Program Files\BitComet 2007-01-29 00:33:10 0 d-------- C:\Program Files\eMule 2007-01-27 20:30:51 0 d-------- C:\Program Files\Winamp 2007-01-25 21:40:22 0 d-------- C:\Program Files\Alcohol Soft 2007-01-24 20:17:04 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\Identities 2007-01-24 19:31:44 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\Microsoft Web Folders 2007-01-24 19:31:36 0 d-------- C:\Program Files\microsoft frontpage 2007-01-24 00:30:46 110592 --a------ C:\WINDOWS\System32\avgfwafu.dll 2007-01-23 23:54:39 0 d-------- C:\Program Files\Grisoft 2007-01-23 20:18:46 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\GetRightToGo 2007-01-23 19:35:35 0 d-------- C:\Program Files\Launch Manager 2007-01-23 18:54:47 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\AdobeUM 2007-01-23 18:30:00 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\Adobe 2007-01-23 00:51:39 0 d-------- C:\Program Files\Common Files\Adobe 2007-01-23 00:29:45 0 d-------- C:\Program Files\Messenger 2007-01-22 23:05:14 0 d–h----- C:\Program Files\WindowsUpdate 2007-01-21 21:45:00 0 d-------- C:\Program Files\Skype 2007-01-21 21:45:00 0 d-------- C:\Program Files\Common Files\Skype 2007-01-21 21:28:59 0 d-------- C:\Program Files\Gadu-Gadu 2007-01-20 23:06:38 0 d-------- C:\Program Files\Common Files\ODBC 2007-01-20 23:06:35 0 d-------- C:\Program Files\Common Files\SpeechEngines 2007-01-20 23:06:09 62 --ahs---- C:\Documents and Settings\stanley&gocha\Dane aplikacji\desktop.ini 2007-01-20 19:43:19 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\Macromedia 2007-01-20 19:31:22 0 d-------- C:\Program Files\Common Files\Logitech 2007-01-20 16:59:56 0 d-------- C:\Program Files\Broadcom 2007-01-20 16:54:36 0 d-------- C:\Program Files\Atheros 2007-01-20 16:51:46 0 d-------- C:\Program Files\Common Files\Acer 2007-01-20 16:49:55 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\Intel 2007-01-20 16:48:54 0 d-------- C:\Program Files\Intel 2007-01-20 16:45:50 0 d-------- C:\Program Files\Synaptics 2007-01-20 16:45:44 0 d-------- C:\Program Files\Common Files\InstallShield 2007-01-20 16:45:18 0 d-------- C:\Program Files\CONEXANT 2007-01-20 16:43:54 0 d-------- C:\Program Files\Realtek 2007-01-20 16:21:43 0 -rahs---- C:\MSDOS.SYS 2007-01-20 16:21:43 0 -rahs---- C:\IO.SYS 2007-01-20 16:21:43 0 --a------ C:\CONFIG.SYS 2007-01-20 16:21:43 0 --a------ C:\AUTOEXEC.BAT 2007-01-20 16:20:06 0 d-------- C:\Program Files\Movie Maker 2007-01-20 16:19:27 0 d-------- C:\Program Files\Common Files\MSSoap 2007-01-20 16:18:33 21856 --a------ C:\WINDOWS\System32\emptyregdb.dat 2007-01-20 16:18:10 0 d-------- C:\Program Files\Usługi online 2007-01-20 16:17:58 0 d-------- C:\Program Files\MSN Gaming Zone 2007-01-20 16:17:55 0 d-------- C:\Program Files\Windows NT 2007-01-01 06:56:00 545 --a------ C:\WINDOWS\UC.PIF 2007-01-01 06:56:00 545 --a------ C:\WINDOWS\RAR.PIF 2007-01-01 06:56:00 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-01-01 06:56:00 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-01-01 06:56:00 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-01-01 06:56:00 545 --a------ C:\WINDOWS\LHA.PIF 2007-01-01 06:56:00 545 --a------ C:\WINDOWS\ARJ.PIF – Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” “Gadu-Gadu”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray" “Skype”="“C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized" “MSMSGS”="“C:\Program Files\Messenger\msmsgs.exe” /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “LManager”=“C:\PROGRA~1\LAUNCH~1\LManager.exe” “igfxtray”=“C:\WINDOWS\System32\igfxtray.exe” “igfxpers”=“C:\WINDOWS\System32\igfxpers.exe” “SkyTel”=“SkyTel.EXE” “RTHDCPL”=“RTHDCPL.EXE” “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” “Broadcom Wireless Manager UI”=“C:\WINDOWS\System32\WLTRAY.exe” “AVG7_CC”=“C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP” “SpeedTouch USB Diagnostics”="“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “NoChange”=“1” “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] “path”=“C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk” “backup”=“C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE " “item”=“Adobe Reader Speed Launch” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] “path”=“C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk” “backup”=“C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\MICROS~2\Office\OSA9.EXE -b -l” “item”=“Microsoft Office” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“AzMixerSel” “hkey”=“HKLM” “command”=“C:\Program Files\Realtek\InstallShield\AzMixerSel.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“hkcmd” “hkey”=“HKLM” “command”=“C:\WINDOWS\System32\hkcmd.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“dumprep 0 -k” “hkey”=“HKLM” “command”=”%systemroot%\system32\dumprep 0 -k" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“Language” “hkey”=“HKLM” “command”="“C:\Program Files\CyberLink\PowerDVD\Language\Language.exe”" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“msmsgs” “hkey”=“HKCU” “command”="“C:\Program Files\Messenger\msmsgs.exe” /background" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“NeroCheck” “hkey”=“HKLM” “command”=“C:\WINDOWS\system32\NeroCheck.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“PDVDServ” “hkey”=“HKLM” “command”="“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“winampa” “hkey”=“HKLM” “command”=“C:\Program Files\Winamp\winampa.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{B07CB267-5E6F-441F-9B3C-324EFE70F897}”="" [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” “AVG7_Run”=“C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE” [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” “AVG7_Run”=“C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE” HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxuvt HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstqr [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 – End of ComboScan: finished at 2007-03-13 at 00:32:31 ------------------------
Złączono Posta : 13.03.2007 (Wto) 1:03
czy coś tu jeszcze mozna zrobić czy wszysto jest ok???
adam9870
13 Marzec 2007 14:16
#4
Pobierz Gmer’a
Teraz czynności będziesz wykonywał w Gmerze więc uruchom go, poczekaj chwilkę, kliknij na zakładkę >>> w celu otworzenia pozostałych.
Użyj VundoFix FixVundo VirtumundoBeGone
Usuń wpisy HJT jeśli będą.
Po wykonaniu wklej log z Comboscan, silenta oraz zawartość pliku c:\vundofix.txt
system
14 Marzec 2007 21:16
#5
DZIEKI kolego za pomoc mam nadzieje że jest juz wszystko ok
dla mnie jest to czarna magia
ComboScan v20070306.20 run by stanley&gocha on 2007-03-14 at 22:08:26 Computer is in Normal Mode. -------------------------------------------------------------------------------- – HijackThis (run as stanley&gocha.exe) --------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 22:08:31, on 2007-03-14 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\System32\WLTRAY.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\System32\igfxsrvc.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\igfxext.exe C:\DOCUME~1\STANLE~1\USTAWI~1\Temp\RtkBtMnt.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\stanley&gocha\Pulpit\comboscan.exe C:\DOCUME~1\STANLE~1\Pulpit\stanley&gocha.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll O4 - HKLM…\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM…\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM…\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe O4 - HKLM…\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [2chkdsk] rundll32.exe “C:\WINDOWS\System32\yrtwimem.dll”,setvm O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra ‘Tools’ menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O17 - HKLM\System\CCS\Services\Tcpip…{46E335F6-B0D0-4723-BB7A-0AE06CCBEF6B}: NameServer = 83.238.255.76 213.241.79.37 O17 - HKLM\System\CS1\Services\Tcpip…{46E335F6-B0D0-4723-BB7A-0AE06CCBEF6B}: NameServer = 83.238.255.76 213.241.79.37 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE – Files created between 2007-02-14 and 2007-03-14 ----------------------------- 2007-03-14 21:34:15 602 --a------ C:\WINDOWS\gmer.reg 2007-03-14 00:55:45 80 --a------ C:\WINDOWS\gmer_uninstall.cmd 2007-03-14 00:42:35 123412 --a------ C:\WINDOWS\System32\yrtwimem.dll 2007-03-14 00:41:46 0 d-a------ C:\Program Files\VSAdd-in 2007-03-14 00:41:45 88340 --a------ C:\WINDOWS\System32\ikjshqlj.exe 2007-03-13 00:47:24 40960 --a------ C:\WINDOWS\System32\swsc.exe 2007-03-13 00:47:24 90112 --a------ C:\WINDOWS\System32\RegDACL.exe 2007-03-13 00:47:24 4096 --a------ C:\WINDOWS\System32\reboot.exe 2007-03-13 00:47:24 53248 --a------ C:\WINDOWS\System32\process.exe 2007-03-13 00:47:24 38400 --a------ C:\WINDOWS\System32\moveex.exe 2007-03-13 00:47:24 8234 --a------ C:\clean.bat 2007-03-13 00:00:15 0 d-------- C:!KillBox 2007-03-12 21:46:39 5606 --a------ C:\WINDOWS\System32\stci.dll 2007-03-12 21:46:36 0 d-------- C:\Program Files\Thomson 2007-03-11 19:56:40 190179 --a------ C:\WINDOWS\System32\ddayx.dll 2007-03-11 13:47:36 0 d-------- C:\Program Files\RegCleaner 2007-03-08 21:34:45 26685 —hs---- C:\WINDOWS\System32\urqrrpp.dll 2007-03-07 21:02:48 53600 --a------ C:\WINDOWS\System32\drivers\alcan5wn.sys 2007-03-07 21:02:34 5280 -ra------ C:\WINDOWS\System32\drivers\alcawh.sys 2007-03-07 21:02:34 70688 -ra------ C:\WINDOWS\System32\drivers\alcaudsl.sys 2007-03-07 21:02:34 3968 -ra------ C:\WINDOWS\System32\drivers\alcacr.sys 2007-03-02 19:16:18 0 d-------- C:\Program Files\Deutsch Translator 2 2007-02-22 18:20:41 0 d-------- C:\Program Files\IPSPI 2007-02-21 18:13:06 0 d-------- C:\Program Files\CyberLink 2007-02-21 17:13:29 125184 -----n— C:\WINDOWS\System32\drivers\imagesrv.sys 2007-02-21 17:13:29 5504 -----n— C:\WINDOWS\System32\drivers\imagedrv.sys 2007-02-21 17:13:14 106496 --a------ C:\WINDOWS\System32\TwnLib20.dll 2007-02-21 17:13:14 155648 --a------ C:\WINDOWS\System32\NeroCheck.exe 2007-02-21 17:13:14 471040 -----n— C:\WINDOWS\System32\ImagXRA7.dll 2007-02-21 17:13:14 262144 -----n— C:\WINDOWS\System32\ImagXR7.dll 2007-02-21 17:13:14 476320 -----n— C:\WINDOWS\System32\ImagXpr7.dll 2007-02-21 17:13:14 1568768 -----n— C:\WINDOWS\System32\ImagX7.dll 2007-02-21 17:13:14 0 d-------- C:\Program Files\Common Files\Ahead 2007-02-21 17:13:10 0 d-------- C:\Program Files\Ahead 2007-02-18 13:24:35 0 d-------- C:\Program Files\Network Stumbler 2007-02-17 22:48:37 73216 --a------ C:\WINDOWS\ST6UNST.EXE 2007-02-16 23:04:39 8464 --a------ C:\WINDOWS\System32\sporder.dll 2007-02-16 23:00:27 0 dr-h----- C:$VAULT$.AVG 2007-02-14 23:30:39 0 d-------- C:\Program Files\Advanced IP Scanner – Find3M Report --------------------------------------------------------------- 2007-03-14 22:08:33 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\Skype 2007-03-14 20:50:34 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\AVG7 2007-03-14 00:41:55 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\SearchToolbarCorp 2007-03-12 22:25:19 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\Help 2007-03-12 21:46:34 0 d–h----- C:\Program Files\InstallShield Installation Information 2007-03-11 12:40:01 0 d-------- C:\Program Files\English Translator 3 2007-03-08 22:05:45 0 d-------- C:\Program Files\DC++ 2007-03-07 21:04:24 356068 --a------ C:\WINDOWS\System32\perfh015.dat 2007-03-07 21:04:24 49910 --a------ C:\WINDOWS\System32\perfc015.dat 2007-03-05 08:40:09 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\Dokumenty AFi 2007-03-04 21:00:41 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\CyberLink 2007-02-20 20:02:20 0 d—s---- C:\Documents and Settings\stanley&gocha\Dane aplikacji\Microsoft 2007-02-18 11:55:31 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\Mikrotik 2007-02-11 21:57:29 0 d-------- C:\Program Files\PITy 2007-02-09 20:53:25 0 d-------- C:\Program Files\BitComet 2007-01-29 00:33:10 0 d-------- C:\Program Files\eMule 2007-01-27 20:30:51 0 d-------- C:\Program Files\Winamp 2007-01-25 21:40:22 0 d-------- C:\Program Files\Alcohol Soft 2007-01-24 20:17:04 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\Identities 2007-01-24 19:31:44 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\Microsoft Web Folders 2007-01-24 19:31:36 0 d-------- C:\Program Files\microsoft frontpage 2007-01-24 00:30:46 110592 --a------ C:\WINDOWS\System32\avgfwafu.dll 2007-01-23 23:54:39 0 d-------- C:\Program Files\Grisoft 2007-01-23 20:18:46 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\GetRightToGo 2007-01-23 19:35:35 0 d-------- C:\Program Files\Launch Manager 2007-01-23 18:54:47 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\AdobeUM 2007-01-23 18:30:00 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\Adobe 2007-01-23 00:51:39 0 d-------- C:\Program Files\Common Files\Adobe 2007-01-23 00:29:45 0 d-------- C:\Program Files\Messenger 2007-01-22 23:05:14 0 d–h----- C:\Program Files\WindowsUpdate 2007-01-21 21:45:00 0 d-------- C:\Program Files\Skype 2007-01-21 21:45:00 0 d-------- C:\Program Files\Common Files\Skype 2007-01-21 21:28:59 0 d-------- C:\Program Files\Gadu-Gadu 2007-01-20 23:06:38 0 d-------- C:\Program Files\Common Files\ODBC 2007-01-20 23:06:35 0 d-------- C:\Program Files\Common Files\SpeechEngines 2007-01-20 23:06:09 62 --ahs---- C:\Documents and Settings\stanley&gocha\Dane aplikacji\desktop.ini 2007-01-20 19:43:19 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\Macromedia 2007-01-20 19:31:22 0 d-------- C:\Program Files\Common Files\Logitech 2007-01-20 16:59:56 0 d-------- C:\Program Files\Broadcom 2007-01-20 16:54:36 0 d-------- C:\Program Files\Atheros 2007-01-20 16:51:46 0 d-------- C:\Program Files\Common Files\Acer 2007-01-20 16:49:55 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\Intel 2007-01-20 16:48:54 0 d-------- C:\Program Files\Intel 2007-01-20 16:45:50 0 d-------- C:\Program Files\Synaptics 2007-01-20 16:45:44 0 d-------- C:\Program Files\Common Files\InstallShield 2007-01-20 16:45:18 0 d-------- C:\Program Files\CONEXANT 2007-01-20 16:43:54 0 d-------- C:\Program Files\Realtek 2007-01-20 16:21:43 0 -rahs---- C:\MSDOS.SYS 2007-01-20 16:21:43 0 -rahs---- C:\IO.SYS 2007-01-20 16:21:43 0 --a------ C:\CONFIG.SYS 2007-01-20 16:21:43 0 --a------ C:\AUTOEXEC.BAT 2007-01-20 16:20:06 0 d-------- C:\Program Files\Movie Maker 2007-01-20 16:19:27 0 d-------- C:\Program Files\Common Files\MSSoap 2007-01-20 16:18:33 21856 --a------ C:\WINDOWS\System32\emptyregdb.dat 2007-01-20 16:18:10 0 d-------- C:\Program Files\Usługi online 2007-01-20 16:17:58 0 d-------- C:\Program Files\MSN Gaming Zone 2007-01-20 16:17:55 0 d-------- C:\Program Files\Windows NT 2007-01-01 06:56:00 545 --a------ C:\WINDOWS\UC.PIF 2007-01-01 06:56:00 545 --a------ C:\WINDOWS\RAR.PIF 2007-01-01 06:56:00 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-01-01 06:56:00 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-01-01 06:56:00 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-01-01 06:56:00 545 --a------ C:\WINDOWS\LHA.PIF 2007-01-01 06:56:00 545 --a------ C:\WINDOWS\ARJ.PIF – Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” “Gadu-Gadu”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray" “Skype”="“C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized" “MSMSGS”="“C:\Program Files\Messenger\msmsgs.exe” /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “LManager”=“C:\PROGRA~1\LAUNCH~1\LManager.exe” “igfxtray”=“C:\WINDOWS\System32\igfxtray.exe” “igfxpers”=“C:\WINDOWS\System32\igfxpers.exe” “SkyTel”=“SkyTel.EXE” “RTHDCPL”=“RTHDCPL.EXE” “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” “Broadcom Wireless Manager UI”=“C:\WINDOWS\System32\WLTRAY.exe” “AVG7_CC”=“C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP” “SpeedTouch USB Diagnostics”="“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon" “2chkdsk”=“rundll32.exe “C:\WINDOWS\System32\yrtwimem.dll”,setvm” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “NoChange”=“1” “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] “path”=“C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk” “backup”=“C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE " “item”=“Adobe Reader Speed Launch” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] “path”=“C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk” “backup”=“C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\MICROS~2\Office\OSA9.EXE -b -l” “item”=“Microsoft Office” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“AzMixerSel” “hkey”=“HKLM” “command”=“C:\Program Files\Realtek\InstallShield\AzMixerSel.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“hkcmd” “hkey”=“HKLM” “command”=“C:\WINDOWS\System32\hkcmd.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“dumprep 0 -k” “hkey”=“HKLM” “command”=”%systemroot%\system32\dumprep 0 -k" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“Language” “hkey”=“HKLM” “command”="“C:\Program Files\CyberLink\PowerDVD\Language\Language.exe”" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“msmsgs” “hkey”=“HKCU” “command”="“C:\Program Files\Messenger\msmsgs.exe” /background" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“NeroCheck” “hkey”=“HKLM” “command”=“C:\WINDOWS\system32\NeroCheck.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“PDVDServ” “hkey”=“HKLM” “command”="“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“winampa” “hkey”=“HKLM” “command”=“C:\Program Files\Winamp\winampa.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{B07CB267-5E6F-441F-9B3C-324EFE70F897}”="" [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” “AVG7_Run”=“C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE” [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” “AVG7_Run”=“C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE” [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 – End of ComboScan: finished at 2007-03-14 at 22:08:43 ------------------------
adam9870
14 Marzec 2007 21:27
#6
Teraz czynności będziesz wykonywał w Gmerze więc uruchom go, poczekaj chwilkę, kliknij na zakładkę >>> w celu otworzenia pozostałych.
Usuń wpisy HJT.
Po wykonaniu pokaż nowy log z Comboscan i SilentRunners
system
20 Marzec 2007 15:55
#7
nie wiem czy wszystko udało mi sie zrobić poprawnie ale napewno mi sporo pomogłes bo juz mi niemuli komp i nie wyskakuja mi komunikaty o zagrożeniach
jak byś mugł jeszcze sprawdzic loga to bede bardzo wdzięczny
ComboScan v20070306.20 run by stanley&gocha on 2007-03-20 at 16:37:49 Computer is in Normal Mode. -------------------------------------------------------------------------------- – HijackThis (run as stanley&gocha.exe) --------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 16:37:59, on 2007-03-20 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\System32\WLTRAY.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\System32\igfxsrvc.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\igfxext.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\System32\svchost.exe C:\DOCUME~1\STANLE~1\USTAWI~1\Temp\RtkBtMnt.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe E:\ins\comboscan.exe C:\DOCUME~1\STANLE~1\Pulpit\STANLE~1.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O4 - HKLM…\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM…\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM…\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe O4 - HKLM…\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra ‘Tools’ menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O17 - HKLM\System\CCS\Services\Tcpip…{46E335F6-B0D0-4723-BB7A-0AE06CCBEF6B}: NameServer = 83.238.255.76 213.241.79.37 O17 - HKLM\System\CS1\Services\Tcpip…{46E335F6-B0D0-4723-BB7A-0AE06CCBEF6B}: NameServer = 83.238.255.76 213.241.79.37 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE – Files created between 2007-02-20 and 2007-03-20 ----------------------------- 2007-03-20 16:27:57 459058 --a------ C:\WINDOWS\Mario.exe 2007-03-20 15:39:43 116472 -----n— C:\WINDOWS\System32\pxcpyi64.exe 2007-03-20 15:39:32 0 d-------- C:\Program Files\DivX 2007-03-20 15:23:00 0 d-------- C:\Program Files\AVIcodec 2007-03-19 19:12:37 0 d-------- C:\Program Files\Grupa33 2007-03-15 08:29:39 0 d-------- C:\Program Files\QuickTime 2007-03-15 08:29:24 0 d-------- C:\Program Files\Apple Software Update 2007-03-14 21:34:15 121 --a------ C:\WINDOWS\gmer.reg 2007-03-14 00:55:45 80 --a------ C:\WINDOWS\gmer_uninstall.cmd 2007-03-13 00:47:24 40960 --a------ C:\WINDOWS\System32\swsc.exe 2007-03-13 00:47:24 90112 --a------ C:\WINDOWS\System32\RegDACL.exe 2007-03-13 00:47:24 4096 --a------ C:\WINDOWS\System32\reboot.exe 2007-03-13 00:47:24 53248 --a------ C:\WINDOWS\System32\process.exe 2007-03-13 00:47:24 38400 --a------ C:\WINDOWS\System32\moveex.exe 2007-03-13 00:47:24 8234 --a------ C:\clean.bat 2007-03-13 00:00:15 0 d-------- C:!KillBox 2007-03-12 21:46:39 5606 --a------ C:\WINDOWS\System32\stci.dll 2007-03-12 21:46:36 0 d-------- C:\Program Files\Thomson 2007-03-11 13:47:36 0 d-------- C:\Program Files\RegCleaner 2007-03-07 21:02:48 53600 --a------ C:\WINDOWS\System32\drivers\alcan5wn.sys 2007-03-07 21:02:34 5280 -ra------ C:\WINDOWS\System32\drivers\alcawh.sys 2007-03-07 21:02:34 70688 -ra------ C:\WINDOWS\System32\drivers\alcaudsl.sys 2007-03-07 21:02:34 3968 -ra------ C:\WINDOWS\System32\drivers\alcacr.sys 2007-03-02 19:16:18 0 d-------- C:\Program Files\Deutsch Translator 2 2007-02-23 05:29:58 524288 --a------ C:\WINDOWS\System32\DivXsm.exe 2007-02-23 05:29:56 3596288 --a------ C:\WINDOWS\System32\qt-dx331.dll 2007-02-23 05:29:49 200704 --a------ C:\WINDOWS\System32\ssldivx.dll 2007-02-23 05:29:49 1044480 --a------ C:\WINDOWS\System32\libdivx.dll 2007-02-23 05:25:24 196608 --a------ C:\WINDOWS\System32\dtu100.dll 2007-02-23 05:25:24 73728 --a------ C:\WINDOWS\System32\dpl100.dll 2007-02-23 05:25:23 53248 --a------ C:\WINDOWS\System32\dpuGUI10.dll 2007-02-23 05:25:22 57344 --a------ C:\WINDOWS\System32\dpv11.dll 2007-02-23 05:25:22 344064 --a------ C:\WINDOWS\System32\dpus11.dll 2007-02-23 05:25:22 593920 --a------ C:\WINDOWS\System32\dpuGUI11.dll 2007-02-23 05:25:22 294912 --a------ C:\WINDOWS\System32\dpu11.dll 2007-02-23 05:25:22 294912 --a------ C:\WINDOWS\System32\dpu10.dll 2007-02-23 05:25:19 802816 --a------ C:\WINDOWS\System32\divx_xx11.dll 2007-02-23 05:25:19 823296 --a------ C:\WINDOWS\System32\divx_xx0c.dll 2007-02-23 05:25:19 823296 --a------ C:\WINDOWS\System32\divx_xx07.dll 2007-02-23 05:25:19 639066 --a------ C:\WINDOWS\System32\DivX.dll 2007-02-22 18:20:41 0 d-------- C:\Program Files\IPSPI 2007-02-21 18:13:06 0 d-------- C:\Program Files\CyberLink 2007-02-21 17:13:29 125184 -----n— C:\WINDOWS\System32\drivers\imagesrv.sys 2007-02-21 17:13:29 5504 -----n— C:\WINDOWS\System32\drivers\imagedrv.sys 2007-02-21 17:13:14 106496 --a------ C:\WINDOWS\System32\TwnLib20.dll 2007-02-21 17:13:14 155648 --a------ C:\WINDOWS\System32\NeroCheck.exe 2007-02-21 17:13:14 471040 -----n— C:\WINDOWS\System32\ImagXRA7.dll 2007-02-21 17:13:14 262144 -----n— C:\WINDOWS\System32\ImagXR7.dll 2007-02-21 17:13:14 476320 -----n— C:\WINDOWS\System32\ImagXpr7.dll 2007-02-21 17:13:14 1568768 -----n— C:\WINDOWS\System32\ImagX7.dll 2007-02-21 17:13:14 0 d-------- C:\Program Files\Common Files\Ahead 2007-02-21 17:13:10 0 d-------- C:\Program Files\Ahead – Find3M Report --------------------------------------------------------------- 2007-03-20 16:14:21 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\WinRAR 2007-03-20 15:56:50 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\Skype 2007-03-20 15:37:34 0 d-------- C:\Program Files\DC++ 2007-03-20 15:23:48 0 d-------- C:\Program Files\BitComet 2007-03-20 12:41:12 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\AVG7 2007-03-15 08:33:49 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\Apple Computer 2007-03-12 22:25:19 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\Help 2007-03-12 21:46:34 0 d–h----- C:\Program Files\InstallShield Installation Information 2007-03-11 12:40:01 0 d-------- C:\Program Files\English Translator 3 2007-03-07 21:04:24 356068 --a------ C:\WINDOWS\System32\perfh015.dat 2007-03-07 21:04:24 49910 --a------ C:\WINDOWS\System32\perfc015.dat 2007-03-05 08:40:09 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\Dokumenty AFi 2007-03-04 21:00:41 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\CyberLink 2007-02-23 05:29:52 118520 -----n— C:\WINDOWS\System32\pxinsi64.exe 2007-02-20 20:02:20 0 d—s---- C:\Documents and Settings\stanley&gocha\Dane aplikacji\Microsoft 2007-02-18 13:24:36 0 d-------- C:\Program Files\Network Stumbler 2007-02-18 11:55:31 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\Mikrotik 2007-02-16 23:04:39 8464 --a------ C:\WINDOWS\System32\sporder.dll 2007-02-16 02:40:35 124472 --a------ C:\WINDOWS\System32\DivXCodecUpdateChecker.exe 2007-02-14 23:30:39 0 d-------- C:\Program Files\Advanced IP Scanner 2007-02-11 21:57:29 0 d-------- C:\Program Files\PITy 2007-01-29 00:33:10 0 d-------- C:\Program Files\eMule 2007-01-27 20:30:51 0 d-------- C:\Program Files\Winamp 2007-01-25 21:40:22 0 d-------- C:\Program Files\Alcohol Soft 2007-01-24 20:17:04 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\Identities 2007-01-24 19:31:44 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\Microsoft Web Folders 2007-01-24 19:31:36 0 d-------- C:\Program Files\microsoft frontpage 2007-01-24 00:30:46 110592 --a------ C:\WINDOWS\System32\avgfwafu.dll 2007-01-23 23:54:39 0 d-------- C:\Program Files\Grisoft 2007-01-23 20:18:46 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\GetRightToGo 2007-01-23 19:35:35 0 d-------- C:\Program Files\Launch Manager 2007-01-23 18:54:47 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\AdobeUM 2007-01-23 18:30:00 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\Adobe 2007-01-23 00:51:39 0 d-------- C:\Program Files\Common Files\Adobe 2007-01-23 00:29:45 0 d-------- C:\Program Files\Messenger 2007-01-22 23:05:14 0 d–h----- C:\Program Files\WindowsUpdate 2007-01-21 21:45:00 0 d-------- C:\Program Files\Skype 2007-01-21 21:45:00 0 d-------- C:\Program Files\Common Files\Skype 2007-01-21 21:28:59 0 d-------- C:\Program Files\Gadu-Gadu 2007-01-20 23:06:38 0 d-------- C:\Program Files\Common Files\ODBC 2007-01-20 23:06:35 0 d-------- C:\Program Files\Common Files\SpeechEngines 2007-01-20 23:06:09 62 --ahs---- C:\Documents and Settings\stanley&gocha\Dane aplikacji\desktop.ini 2007-01-20 19:43:19 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\Macromedia 2007-01-20 19:31:22 0 d-------- C:\Program Files\Common Files\Logitech 2007-01-20 16:59:56 0 d-------- C:\Program Files\Broadcom 2007-01-20 16:54:36 0 d-------- C:\Program Files\Atheros 2007-01-20 16:51:46 0 d-------- C:\Program Files\Common Files\Acer 2007-01-20 16:49:55 0 d-------- C:\Documents and Settings\stanley&gocha\Dane aplikacji\Intel 2007-01-20 16:48:54 0 d-------- C:\Program Files\Intel 2007-01-20 16:45:50 0 d-------- C:\Program Files\Synaptics 2007-01-20 16:45:44 0 d-------- C:\Program Files\Common Files\InstallShield 2007-01-20 16:45:18 0 d-------- C:\Program Files\CONEXANT 2007-01-20 16:43:54 0 d-------- C:\Program Files\Realtek 2007-01-20 16:21:43 0 -rahs---- C:\MSDOS.SYS 2007-01-20 16:21:43 0 -rahs---- C:\IO.SYS 2007-01-20 16:21:43 0 --a------ C:\CONFIG.SYS 2007-01-20 16:21:43 0 --a------ C:\AUTOEXEC.BAT 2007-01-20 16:20:06 0 d-------- C:\Program Files\Movie Maker 2007-01-20 16:19:27 0 d-------- C:\Program Files\Common Files\MSSoap 2007-01-20 16:18:33 21856 --a------ C:\WINDOWS\System32\emptyregdb.dat 2007-01-20 16:18:10 0 d-------- C:\Program Files\Usługi online 2007-01-20 16:17:58 0 d-------- C:\Program Files\MSN Gaming Zone 2007-01-20 16:17:55 0 d-------- C:\Program Files\Windows NT 2007-01-01 06:56:00 545 --a------ C:\WINDOWS\UC.PIF 2007-01-01 06:56:00 545 --a------ C:\WINDOWS\RAR.PIF 2007-01-01 06:56:00 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-01-01 06:56:00 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-01-01 06:56:00 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-01-01 06:56:00 545 --a------ C:\WINDOWS\LHA.PIF 2007-01-01 06:56:00 545 --a------ C:\WINDOWS\ARJ.PIF – Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” “Gadu-Gadu”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray" “Skype”="“C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized" “MSMSGS”="“C:\Program Files\Messenger\msmsgs.exe” /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “LManager”=“C:\PROGRA~1\LAUNCH~1\LManager.exe” “igfxtray”=“C:\WINDOWS\System32\igfxtray.exe” “igfxpers”=“C:\WINDOWS\System32\igfxpers.exe” “SkyTel”=“SkyTel.EXE” “RTHDCPL”=“RTHDCPL.EXE” “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” “Broadcom Wireless Manager UI”=“C:\WINDOWS\System32\WLTRAY.exe” “AVG7_CC”=“C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP” “SpeedTouch USB Diagnostics”="“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon" “QuickTime Task”="“C:\Program Files\QuickTime\qttask.exe” -atboottime" “RemoteControl”="“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “NoChange”=“1” “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] “path”=“C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk” “backup”=“C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE " “item”=“Adobe Reader Speed Launch” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] “path”=“C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk” “backup”=“C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\MICROS~2\Office\OSA9.EXE -b -l” “item”=“Microsoft Office” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“AzMixerSel” “hkey”=“HKLM” “command”=“C:\Program Files\Realtek\InstallShield\AzMixerSel.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“hkcmd” “hkey”=“HKLM” “command”=“C:\WINDOWS\System32\hkcmd.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“dumprep 0 -k” “hkey”=“HKLM” “command”=”%systemroot%\system32\dumprep 0 -k" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“Language” “hkey”=“HKLM” “command”="“C:\Program Files\CyberLink\PowerDVD\Language\Language.exe”" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“msmsgs” “hkey”=“HKCU” “command”="“C:\Program Files\Messenger\msmsgs.exe” /background" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“NeroCheck” “hkey”=“HKLM” “command”=“C:\WINDOWS\system32\NeroCheck.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“PDVDServ” “hkey”=“HKLM” “command”="“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“winampa” “hkey”=“HKLM” “command”=“C:\Program Files\Winamp\winampa.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{B07CB267-5E6F-441F-9B3C-324EFE70F897}”="" [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” “AVG7_Run”=“C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE” [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” “AVG7_Run”=“C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE” [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 – End of ComboScan: finished at 2007-03-20 at 16:38:14 ------------------------
Złączono Posta : 20.03.2007 (Wto) 17:07
wydaje mi sie że jeszcze coś siedzi ???
“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS] “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “LManager” = “C:\PROGRA~1\LAUNCH~1\LManager.exe” [“Dritek System Inc.”] “igfxtray” = “C:\WINDOWS\System32\igfxtray.exe” [“Intel Corporation”] “igfxpers” = “C:\WINDOWS\System32\igfxpers.exe” [“Intel Corporation”] “SkyTel” = “SkyTel.EXE” [“Realtek Semiconductor Corp.”] “RTHDCPL” = “RTHDCPL.EXE” [“Realtek Semiconductor Corp.”] “SynTPEnh” = “C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [“Synaptics, Inc.”] “Broadcom Wireless Manager UI” = “C:\WINDOWS\System32\WLTRAY.exe” [“Broadcom Corporation”] “AVG7_CC” = “C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP” [“GRISOFT, s.r.o.”] “SpeedTouch USB Diagnostics” = ““C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”] “QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”] “RemoteControl” = ““C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”” [“Cyberlink Corp.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {22BF413B-C6D2-4d91-82A9-A0F997BA588C}(Default) = “Skype add-on (mastermind)” -> {HKLM…CLSID} = “Skype add-on (mastermind)” \InProcServer32(Default) = “C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL” [“Skype Technologies S.A.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{2F603045-309F-11CF-9774-0020AFD0CFF6}” = “Synaptics Control Panel” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Synaptics\SynTP\SynTPCpl.dll” [“Synaptics, Inc.”] “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” = “AVG7 Shell Extension” -> {HKLM…CLSID} = “AVG7 Shell Extension Class” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG7\avgse.dll” [“GRISOFT, s.r.o.”] “{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}” = “AVG7 Find Extension” -> {HKLM…CLSID} = “AVG7 Find Extension Class” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG7\avgse.dll” [“GRISOFT, s.r.o.”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL” [MS] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll” [“Alcohol Soft Development Team”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> igfxcui\DLLName = “igfxdev.dll” [“Intel Corporation”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ AVG7 Shell Extension(Default) = “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” -> {HKLM…CLSID} = “AVG7 Shell Extension Class” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG7\avgse.dll” [“GRISOFT, s.r.o.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AVG7 Shell Extension(Default) = “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” -> {HKLM…CLSID} = “AVG7 Shell Extension Class” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG7\avgse.dll” [“GRISOFT, s.r.o.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\Documents and Settings\stanley&gocha\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\stanley&gocha\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\sstext3d.scr” [MS] Enabled Scheduled Tasks: ------------------------ “AppleSoftwareUpdate” -> launches: “C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task” [“Apple Computer, Inc.”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000004\LibraryPath = “%SystemRoot%\System32\nwprovau.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {77BF5300-1474-4EC7-9980-D32B190E9B07}\ “ButtonText” = “Skype” “CLSIDExtension” = “{77BF5300-1474-4EC7-9980-D32B190E9B07}” -> {HKLM…CLSID} = “Skype add-on (button)” \InProcServer32(Default) = “C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL” [“Skype Technologies S.A.”] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Messenger” “Exec” = “C:\Program Files\Messenger\MSMSGS.EXE” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVG E-mail Scanner, AVGEMS, “C:\PROGRA~1\Grisoft\AVG7\avgemc.exe” [“GRISOFT, s.r.o.”] AVG7 Alert Manager Server, Avg7Alrt, “C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe” [“GRISOFT, s.r.o.”] AVG7 Update Service, Avg7UpdSvc, “C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe” [“GRISOFT, s.r.o.”] Broadcom Wireless LAN Tray Service, wltrysvc, “C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe” [null data] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 68 seconds. ---------- (total run time: 417 seconds)
Złączono Posta : 20.03.2007 (Wto) 17:08
wydaje mi sie że jeszcze coś siedzi ???
“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS] “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “LManager” = “C:\PROGRA~1\LAUNCH~1\LManager.exe” [“Dritek System Inc.”] “igfxtray” = “C:\WINDOWS\System32\igfxtray.exe” [“Intel Corporation”] “igfxpers” = “C:\WINDOWS\System32\igfxpers.exe” [“Intel Corporation”] “SkyTel” = “SkyTel.EXE” [“Realtek Semiconductor Corp.”] “RTHDCPL” = “RTHDCPL.EXE” [“Realtek Semiconductor Corp.”] “SynTPEnh” = “C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [“Synaptics, Inc.”] “Broadcom Wireless Manager UI” = “C:\WINDOWS\System32\WLTRAY.exe” [“Broadcom Corporation”] “AVG7_CC” = “C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP” [“GRISOFT, s.r.o.”] “SpeedTouch USB Diagnostics” = ““C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”] “QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”] “RemoteControl” = ““C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”” [“Cyberlink Corp.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {22BF413B-C6D2-4d91-82A9-A0F997BA588C}(Default) = “Skype add-on (mastermind)” -> {HKLM…CLSID} = “Skype add-on (mastermind)” \InProcServer32(Default) = “C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL” [“Skype Technologies S.A.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{2F603045-309F-11CF-9774-0020AFD0CFF6}” = “Synaptics Control Panel” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Synaptics\SynTP\SynTPCpl.dll” [“Synaptics, Inc.”] “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” = “AVG7 Shell Extension” -> {HKLM…CLSID} = “AVG7 Shell Extension Class” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG7\avgse.dll” [“GRISOFT, s.r.o.”] “{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}” = “AVG7 Find Extension” -> {HKLM…CLSID} = “AVG7 Find Extension Class” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG7\avgse.dll” [“GRISOFT, s.r.o.”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL” [MS] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll” [“Alcohol Soft Development Team”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> igfxcui\DLLName = “igfxdev.dll” [“Intel Corporation”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ AVG7 Shell Extension(Default) = “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” -> {HKLM…CLSID} = “AVG7 Shell Extension Class” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG7\avgse.dll” [“GRISOFT, s.r.o.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AVG7 Shell Extension(Default) = “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” -> {HKLM…CLSID} = “AVG7 Shell Extension Class” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG7\avgse.dll” [“GRISOFT, s.r.o.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\Documents and Settings\stanley&gocha\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\stanley&gocha\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\sstext3d.scr” [MS] Enabled Scheduled Tasks: ------------------------ “AppleSoftwareUpdate” -> launches: “C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task” [“Apple Computer, Inc.”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000004\LibraryPath = “%SystemRoot%\System32\nwprovau.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {77BF5300-1474-4EC7-9980-D32B190E9B07}\ “ButtonText” = “Skype” “CLSIDExtension” = “{77BF5300-1474-4EC7-9980-D32B190E9B07}” -> {HKLM…CLSID} = “Skype add-on (button)” \InProcServer32(Default) = “C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL” [“Skype Technologies S.A.”] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Messenger” “Exec” = “C:\Program Files\Messenger\MSMSGS.EXE” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVG E-mail Scanner, AVGEMS, “C:\PROGRA~1\Grisoft\AVG7\avgemc.exe” [“GRISOFT, s.r.o.”] AVG7 Alert Manager Server, Avg7Alrt, “C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe” [“GRISOFT, s.r.o.”] AVG7 Update Service, Avg7UpdSvc, “C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe” [“GRISOFT, s.r.o.”] Broadcom Wireless LAN Tray Service, wltrysvc, “C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe” [null data] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 68 seconds. ---------- (total run time: 417 seconds)
system
21 Marzec 2007 20:31
#9
Spoko jeszcze raz wielkie dzięki za pomoc
pozdrawiam bart