Gibsong
(Gibsong)
8 Maj 2007 21:01
#1
Witam mam stałe łącze, z kablowki ACN. Mój problem jest taki że jak używam torrentów to po jakimś czasie tracę połączenie z netem. Z tego co widzę we właściwościach niema bramy domyślnej. Zmieniłem nawet klienta torentów ale pochodziło cały dzień i wieczorkiem znowu blokuje. Od dostawcy neta żadnych informacji nie dostaje że jestem blokowany przez niego.
Logi z Hijack:
Logfile of HijackThis v1.99.1 Scan saved at 22:48:09, on 2007-05-08 Platform: Windows 2003 (WinNT 5.02.3790) MSIE: Internet Explorer v6.00 (6.00.3790.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\CPUCooL\CooLSrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Dfssvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PeerGuardian2\pg2.exe C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe C:\Program Files\Gadu-Gadu76\gg.exe C:\Documents and Settings\gibsong\Moje dokumenty\hijackthis_199\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ehurtownia.pl/ehurtownia/eh_ … _login.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tdt.org/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: @msdxmLC.dll ,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O4 - HKLM…\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUCooL\CooLSrv.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Joan
(Joan Sunshine)
8 Maj 2007 21:06
#2
Obejmij proszę loga w tagi QUOTE lub CODE > użyj przycisku
Daj loga z silentrunners, skan AVG AntySpyware 7.5 po update, wklej raport.
Gibsong
(Gibsong)
9 Maj 2007 07:13
#3
log z silentrunners:
“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows Server 2003 (interpreted as Windows XP) Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “PeerGuardian” = “C:\Program Files\PeerGuardian2\pg2.exe” [“Methlabs”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Zone Labs Client” = “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [“Zone Labs, LLC”] “ccApp” = ““C:\Program Files\Common Files\Symantec Shared\ccApp.exe”” [“Symantec Corporation”] “vptray” = “C:\PROGRA~1\SYMANT~1\VPTray.exe” [“Symantec Corporation”] “TkBellExe” = ““C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [“RealNetworks, Inc.”] “!AVG Anti-Spyware” = ““C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized” [“Anti-Malware Development a.s.”] HKLM\Software\Microsoft\Active Setup\Installed Components\ {A509B1A7-37EF-4b3f-8CFC-4F3A74704073}(Default) = “%IEHARDENADMIN_BASE_DESC%” \StubPath = “C:\WINDOWS\system32\rundll32.exe iesetup.dll,IEHardenAdmin” [MS] {A509B1A8-37EF-4b3f-8CFC-4F3A74704073}(Default) = “%IEHARDENUSER_DESC%” \StubPath = “C:\WINDOWS\system32\rundll32.exe iesetup.dll,IEHardenUser” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {A5366673-E8CA-11D3-9CD9-0090271D075B}(Default) = (no title provided) -> {HKLM…CLSID} = “IeCatch2 Class” \InProcServer32(Default) = “C:\PROGRA~1\FlashGet\jccatch.dll” [“Amaze Soft”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{4648F940-EFE3-4BAB-9211-3BE45CD5029D}” = “VSSShellExt” -> {HKLM…CLSID} = “VSSShellExt Class” \InProcServer32(Default) = “C:\WINDOWS\system32\vssui.dll” [MS] “{BDA77241-42F6-11d0-85E2-00AA001FE28C}” = “LDVP Shell Extensions” -> {HKLM…CLSID} = “VpshellEx Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll” [“Symantec Corporation”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~1\Office\OLKFSTUB.DLL” [MS] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\Real\RealOne Player\rpshellext.dll” [“RealNetworks”] “{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}” = “TrojanHunter Menu Shell Extension” -> {HKLM…CLSID} = “TrojanHunter Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\TROJAN~1.2\contmenu.dll” [null data] “{A426B331-7F6F-4937-9B08-676A10A62F95}” = “Record Image to CD” -> {HKLM…CLSID} = “CDBurnerContextMenuHandler Class” \InProcServer32(Default) = “C:\Program Files\Alex Feinman\ISO Recorder\ISORecorder.dll” [“Alex Feinman”] “{5E2121EE-0300-11D4-8D3B-444553540000}” = “Catalyst Context Menu extension” -> {HKLM…CLSID} = “SimpleShlExt Class” \InProcServer32(Default) = “C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll” [empty string] “{ED65AC21-B24F-11d3-BA80-00C0CA16AA37}” = “Siemens Device” -> {HKLM…CLSID} = “Siemens Device” \InProcServer32(Default) = “C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll” [“Siemens AG”] “{ED65AC22-B24F-11d3-BA80-00C0CA16AA37}” = “Siemens Device ContextMenuHandler” -> {HKLM…CLSID} = “Siemens Device ContextMenuHandler” \InProcServer32(Default) = “C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll” [“Siemens AG”] “{ED65AC23-B24F-11d3-BA80-00C0CA16AA37}” = “Siemens SX1 PropertySheetHandler” -> {HKLM…CLSID} = “Siemens Device PropertySheetHandler” \InProcServer32(Default) = “C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll” [“Siemens AG”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] <> NavLogon\DLLName = “C:\WINDOWS\system32\NavLogon.dll” [“Symantec Corporation”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] LDVPMenu(Default) = “{BDA77241-42F6-11d0-85E2-00AA001FE28C}” -> {HKLM…CLSID} = “VpshellEx Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll” [“Symantec Corporation”] TrojanHunter(Default) = “{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}” -> {HKLM…CLSID} = “TrojanHunter Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\TROJAN~1.2\contmenu.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] WinUHA(Default) = “{095177B8-8097-4D32-9081-A8949C47020E}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\PROGRA~1\WinUHA\SHELLW~1.DLL” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] TrojanHunter(Default) = “{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}” -> {HKLM…CLSID} = “TrojanHunter Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\TROJAN~1.2\contmenu.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ LDVPMenu(Default) = “{BDA77241-42F6-11d0-85E2-00AA001FE28C}” -> {HKLM…CLSID} = “VpshellEx Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll” [“Symantec Corporation”] TrojanHunter(Default) = “{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}” -> {HKLM…CLSID} = “TrojanHunter Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\TROJAN~1.2\contmenu.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] WinUHA(Default) = “{095177B8-8097-4D32-9081-A8949C47020E}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\PROGRA~1\WinUHA\SHELLW~1.DLL” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “ShowSuperHidden” = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “DisableRegistryTools” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “disablecad” = (REG_DWORD) hex:0x00000001 {unrecognized setting} “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000000 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\gibsong\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 15 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{E0E899AB-F487-11D5-8D29-0050BA6940E3}” = “FlashGet Bar” -> {HKLM…CLSID} = “FlashGet Bar” \InProcServer32(Default) = “C:\PROGRA~1\FlashGet\fgiebar.dll” [“Amaze Soft”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{014DA6CE-189F-421A-88CD-07CFE51CFF10}(Default) = “My Search Bar Quick View” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\WINDOWS\system32\shdocvw.dll” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}” -> {HKLM…CLSID} = “Java Plug-in 1.5.0_02” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll” [“Sun Microsystems, Inc.”] {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ “ButtonText” = “FlashGet” “MenuText” = “&FlashGet” “Exec” = “C:\PROGRA~1\FlashGet\flashget.exe” [“Amaze Soft”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\system32\Ati2evxx.exe” [“ATI Technologies Inc.”] AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe” [“Anti-Malware Development a.s.”] CPUCooLServer Service, CPUCooLServer, ““C:\Program Files\CPUCooL\CooLSrv.exe”” [null data] Firebird Guardian - DefaultInstance, FirebirdGuardianDefaultInstance, “C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe -s” [“The Firebird Project”] Firebird Server - DefaultInstance, FirebirdServerDefaultInstance, “C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe -s” [“The Firebird Project”] LightScribeService Direct Disc Labeling Service, LightScribeService, ““C:\Program Files\Common Files\LightScribe\LSSrvc.exe”” [“Hewlett-Packard Company”] Symantec AntiVirus, Symantec AntiVirus, ““C:\Program Files\Symantec AntiVirus\Rtvscan.exe”” [“Symantec Corporation”] TrueVector Internet Monitor, vsmon, “C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service” [“Zone Labs, LLC”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 117 seconds. ---------- (total run time: 180 seconds)
Złączono Posta : 09.05.2007 (Sro) 9:14
log z silentrunners:
“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows Server 2003 (interpreted as Windows XP) Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “PeerGuardian” = “C:\Program Files\PeerGuardian2\pg2.exe” [“Methlabs”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Zone Labs Client” = “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [“Zone Labs, LLC”] “ccApp” = ““C:\Program Files\Common Files\Symantec Shared\ccApp.exe”” [“Symantec Corporation”] “vptray” = “C:\PROGRA~1\SYMANT~1\VPTray.exe” [“Symantec Corporation”] “TkBellExe” = ““C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [“RealNetworks, Inc.”] “!AVG Anti-Spyware” = ““C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized” [“Anti-Malware Development a.s.”] HKLM\Software\Microsoft\Active Setup\Installed Components\ {A509B1A7-37EF-4b3f-8CFC-4F3A74704073}(Default) = “%IEHARDENADMIN_BASE_DESC%” \StubPath = “C:\WINDOWS\system32\rundll32.exe iesetup.dll,IEHardenAdmin” [MS] {A509B1A8-37EF-4b3f-8CFC-4F3A74704073}(Default) = “%IEHARDENUSER_DESC%” \StubPath = “C:\WINDOWS\system32\rundll32.exe iesetup.dll,IEHardenUser” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {A5366673-E8CA-11D3-9CD9-0090271D075B}(Default) = (no title provided) -> {HKLM…CLSID} = “IeCatch2 Class” \InProcServer32(Default) = “C:\PROGRA~1\FlashGet\jccatch.dll” [“Amaze Soft”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{4648F940-EFE3-4BAB-9211-3BE45CD5029D}” = “VSSShellExt” -> {HKLM…CLSID} = “VSSShellExt Class” \InProcServer32(Default) = “C:\WINDOWS\system32\vssui.dll” [MS] “{BDA77241-42F6-11d0-85E2-00AA001FE28C}” = “LDVP Shell Extensions” -> {HKLM…CLSID} = “VpshellEx Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll” [“Symantec Corporation”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~1\Office\OLKFSTUB.DLL” [MS] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\Real\RealOne Player\rpshellext.dll” [“RealNetworks”] “{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}” = “TrojanHunter Menu Shell Extension” -> {HKLM…CLSID} = “TrojanHunter Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\TROJAN~1.2\contmenu.dll” [null data] “{A426B331-7F6F-4937-9B08-676A10A62F95}” = “Record Image to CD” -> {HKLM…CLSID} = “CDBurnerContextMenuHandler Class” \InProcServer32(Default) = “C:\Program Files\Alex Feinman\ISO Recorder\ISORecorder.dll” [“Alex Feinman”] “{5E2121EE-0300-11D4-8D3B-444553540000}” = “Catalyst Context Menu extension” -> {HKLM…CLSID} = “SimpleShlExt Class” \InProcServer32(Default) = “C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll” [empty string] “{ED65AC21-B24F-11d3-BA80-00C0CA16AA37}” = “Siemens Device” -> {HKLM…CLSID} = “Siemens Device” \InProcServer32(Default) = “C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll” [“Siemens AG”] “{ED65AC22-B24F-11d3-BA80-00C0CA16AA37}” = “Siemens Device ContextMenuHandler” -> {HKLM…CLSID} = “Siemens Device ContextMenuHandler” \InProcServer32(Default) = “C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll” [“Siemens AG”] “{ED65AC23-B24F-11d3-BA80-00C0CA16AA37}” = “Siemens SX1 PropertySheetHandler” -> {HKLM…CLSID} = “Siemens Device PropertySheetHandler” \InProcServer32(Default) = “C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll” [“Siemens AG”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] <> NavLogon\DLLName = “C:\WINDOWS\system32\NavLogon.dll” [“Symantec Corporation”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] LDVPMenu(Default) = “{BDA77241-42F6-11d0-85E2-00AA001FE28C}” -> {HKLM…CLSID} = “VpshellEx Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll” [“Symantec Corporation”] TrojanHunter(Default) = “{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}” -> {HKLM…CLSID} = “TrojanHunter Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\TROJAN~1.2\contmenu.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] WinUHA(Default) = “{095177B8-8097-4D32-9081-A8949C47020E}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\PROGRA~1\WinUHA\SHELLW~1.DLL” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] TrojanHunter(Default) = “{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}” -> {HKLM…CLSID} = “TrojanHunter Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\TROJAN~1.2\contmenu.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ LDVPMenu(Default) = “{BDA77241-42F6-11d0-85E2-00AA001FE28C}” -> {HKLM…CLSID} = “VpshellEx Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll” [“Symantec Corporation”] TrojanHunter(Default) = “{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}” -> {HKLM…CLSID} = “TrojanHunter Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\TROJAN~1.2\contmenu.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] WinUHA(Default) = “{095177B8-8097-4D32-9081-A8949C47020E}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\PROGRA~1\WinUHA\SHELLW~1.DLL” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “ShowSuperHidden” = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “DisableRegistryTools” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “disablecad” = (REG_DWORD) hex:0x00000001 {unrecognized setting} “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000000 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\gibsong\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 15 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{E0E899AB-F487-11D5-8D29-0050BA6940E3}” = “FlashGet Bar” -> {HKLM…CLSID} = “FlashGet Bar” \InProcServer32(Default) = “C:\PROGRA~1\FlashGet\fgiebar.dll” [“Amaze Soft”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{014DA6CE-189F-421A-88CD-07CFE51CFF10}(Default) = “My Search Bar Quick View” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\WINDOWS\system32\shdocvw.dll” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}” -> {HKLM…CLSID} = “Java Plug-in 1.5.0_02” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll” [“Sun Microsystems, Inc.”] {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ “ButtonText” = “FlashGet” “MenuText” = “&FlashGet” “Exec” = “C:\PROGRA~1\FlashGet\flashget.exe” [“Amaze Soft”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\system32\Ati2evxx.exe” [“ATI Technologies Inc.”] AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe” [“Anti-Malware Development a.s.”] CPUCooLServer Service, CPUCooLServer, ““C:\Program Files\CPUCooL\CooLSrv.exe”” [null data] Firebird Guardian - DefaultInstance, FirebirdGuardianDefaultInstance, “C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe -s” [“The Firebird Project”] Firebird Server - DefaultInstance, FirebirdServerDefaultInstance, “C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe -s” [“The Firebird Project”] LightScribeService Direct Disc Labeling Service, LightScribeService, ““C:\Program Files\Common Files\LightScribe\LSSrvc.exe”” [“Hewlett-Packard Company”] Symantec AntiVirus, Symantec AntiVirus, ““C:\Program Files\Symantec AntiVirus\Rtvscan.exe”” [“Symantec Corporation”] TrueVector Internet Monitor, vsmon, “C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service” [“Zone Labs, LLC”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 117 seconds. ---------- (total run time: 180 seconds)
Złączono Posta : 09.05.2007 (Sro) 9:16
przepraszam że dwa razy. teraz log z AVG:
Logi ok.
Najlepiej sie zapytaj się admina Twojej sieci.