matix_pl
(698425224)
27 Grudzień 2006 13:24
#1
Kilka dni temu dostałem kilka dziwnych linków na gg a teraz komputer cały czas pobiera lub wysyła coś. Proszę o sprawdzenie…
hijackthis
Logfile of HijackThis v1.99.1 Scan saved at 14:23:51, on 2006-12-27 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe E:\WidComm Bluetooth\bin\btwdins.exe C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\Common\FSMA32.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsqh.exe E:\Nokia\NOKIAP~1\LAUNCH~1.EXE E:\Winamp\winampa.exe C:\Program Files\F-Secure\FSPC\fspc.exe C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\F-Secure\FSAUA\program\fsaua.exe C:\Program Files\QuickTime\qttask.exe E:\ITunes\iTunesHelper.exe C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe C:\WINDOWS\vsnpstd.exe C:\WINDOWS\CameraFixer.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\Program Files\F-Secure\Common\FSM32.EXE C:\Program Files\iPod\bin\iPodService.exe E:\Nokia\Nokia PC Suite 6\PcSync2.exe C:\PROGRA~1\Wapster\AQQ\AQQ.exe E:\DOINST~1\speedx\SpeedX.exe E:\RocketDock\RocketDock.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe E:\UberIcon\UberIcon Manager.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe E:\WidComm Bluetooth\BTTray.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Common Files\PCSuite\Services\NclBTHandler.exe E:\WIDCOM~1\BTSTAC~1.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\Program Files\F-Secure\FSGUI\fsguidll.exe C:\WINDOWS\system32\wuauclt.exe E:\Opera\Opera.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\Administrator\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.zschoszczno.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\ActiveX\AcroIEHelper.dll O4 - HKLM…\Run: [diagnostics] “C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe” /icon -l:pl O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [PCSuiteTrayApplication] E:\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM…\Run: [WinampAgent] E:\Winamp\winampa.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [iTunesHelper] “E:\ITunes\iTunesHelper.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [C-Media Speaker Configuration] C:\PROGRA~1\C-Media\WIN_ME\Setup.exe /SPEAKER O4 - HKLM…\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM…\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe O4 - HKLM…\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM…\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM…\Run: [F-Secure Manager] “C:\Program Files\F-Secure\Common\FSM32.EXE” /splash O4 - HKLM…\Run: [F-Secure TNB] “C:\Program Files\F-Secure\FSGUI\TNBUtil.exe” /CHECKALL /WAITFORSW O4 - HKCU…\Run: [PcSync] E:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU…\Run: [AQQ] C:\PROGRA~1\Wapster\AQQ\AQQ.exe O4 - HKCU…\Run: [speedX] E:\DOINST~1\speedx\SpeedX.exe O4 - HKCU…\Run: [RocketDock] “E:\RocketDock\RocketDock.exe” O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” O4 - HKCU…\Run: [uberIcon] “E:\UberIcon\UberIcon Manager.exe” O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Kontrola rodzicielska… - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure\FSPC\fspcmsie.dll O9 - Extra ‘Tools’ menuitem: Kontrola rodzicielska… - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure\FSPC\fspcmsie.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll ,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\WidComm Bluetooth\btsendto_ie.htm O9 - Extra ‘Tools’ menuitem: @btrez.dll ,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\WidComm Bluetooth\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O16 - DPF: MCodeViewerCab - http://www.connexto.com/OCX/MCodeViewerCab02.CAB O17 - HKLM\System\CCS\Services\Tcpip…{66413EB3-7F23-42DE-8161-9FFF74A4C687}: NameServer = 194.204.152.34 217.98.63.164 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\WidComm Bluetooth\bin\btwdins.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - E:\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “PcSync” = “E:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog” [“Time Information Services Ltd.”] “AQQ” = “C:\PROGRA~1\Wapster\AQQ\AQQ.exe” [“AQQ Sp. z o.o.”] “SpeedX” = “E:\DOINST~1\speedx\SpeedX.exe” [“MyPortal.pl”] “RocketDock” = ““E:\RocketDock\RocketDock.exe”” [null data] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}” = ““C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”” [“Nero AG”] “UberIcon” = ““E:\UberIcon\UberIcon Manager.exe”” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “diagnostics” = ““C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe” /icon -l:pl” [“THOMSON Telecom Belgium”] “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “PCSuiteTrayApplication” = “E:\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup” [“Nokia”] “WinampAgent” = “E:\Winamp\winampa.exe” [null data] “QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”] “iTunesHelper” = ““E:\ITunes\iTunesHelper.exe”” [“Apple Computer, Inc.”] “NeroFilterCheck” = “C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [“Nero AG”] “C-Media Speaker Configuration” = “C:\PROGRA~1\C-Media\WIN_ME\Setup.exe /SPEAKER” [file not found] “snpstd” = “C:\WINDOWS\vsnpstd.exe” [empty string] “CameraFixer” = “C:\WINDOWS\CameraFixer.exe” [empty string] “tsnpstd3” = “C:\WINDOWS\tsnpstd3.exe” [empty string] “snpstd3” = “C:\WINDOWS\vsnpstd3.exe” [empty string] “F-Secure Manager” = ““C:\Program Files\F-Secure\Common\FSM32.EXE” /splash” [“F-Secure Corporation”] “F-Secure TNB” = ““C:\Program Files\F-Secure\FSGUI\TNBUtil.exe” /CHECKALL /WAITFORSW” [“F-Secure Corporation”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “E:\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}” = “PhoneBrowser” -> {HKLM…CLSID} = “Nokia Phone Browser” \InProcServer32(Default) = “E:\Nokia\Nokia PC Suite 6\PhoneBrowser.dll” [“Nokia”] “{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}” = “iTunes” -> {HKLM…CLSID} = “iTunes” \InProcServer32(Default) = “E:\ITunes\iTunesMiniPlayer.dll” [“Apple Computer, Inc.”] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “E:\MICROS~1\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “E:\MICROS~1\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “E:\Microsoft Office\OFFICE11\msohev.dll” [MS] “{6af09ec9-b429-11d4-a1fb-0090960218cb}” = “My Bluetooth Places” -> {HKLM…CLSID} = “Moje miejsca interfejsu Bluetooth” \InProcServer32(Default) = “C:\WINDOWS\system32\btneighborhood.dll” [“Broadcom Corporation.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{2B3453E4-49DF-11D3-8229-0080BE509050}” = “GMail Drive” -> {HKLM…CLSID} = “GMail Drive” \InProcServer32(Default) = “C:\WINDOWS\system32\ShellExt\GMailFS.dll” [“Bjarke Viksoe”] “{2B3453E4-49DF-11D3-8229-0080BE509052}” = “GMailFS Property Sheet” -> {HKLM…CLSID} = “GMailFS Property Sheet” \InProcServer32(Default) = “C:\WINDOWS\system32\ShellExt\GMailFS.dll” [“Bjarke Viksoe”] “{2B3453E4-49DF-11D3-8229-0080BE509054}” = “GMailFS Drop Handler” -> {HKLM…CLSID} = “GMailFS Drop Handler” \InProcServer32(Default) = “C:\WINDOWS\system32\ShellExt\GMailFS.dll” [“Bjarke Viksoe”] “{2B3453E4-49DF-11D3-8229-0080BE509056}” = “GMailFS Context Menu” -> {HKLM…CLSID} = “GMailFS Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\ShellExt\GMailFS.dll” [“Bjarke Viksoe”] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” -> {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “E:\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “Administrator” & “All Users” startup folders: --------------------------------------------------------------- C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart “Adobe Gamma” -> shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Reader Speed Launch” -> shortcut to: “E:\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] “BTTray” -> shortcut to: “E:\WidComm Bluetooth\BTTray.exe” [“Broadcom Corporation.”] Enabled Scheduled Tasks: ------------------------ “AppleSoftwareUpdate” -> launches: “C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task” [“Apple Computer, Inc.”] “eMule” -> launches: “E:\eMule\emule.exe” [“http://www.emule-project.net ”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL [“F-Secure Corporation”], 01 - 16, 35 %SystemRoot%\system32\mswsock.dll [MS], 17 - 19, 22 - 34 %SystemRoot%\system32\rsvpsp.dll [MS], 20 - 21 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “E:\MICROS~1\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {200DB664-75B5-47C0-8B45-A44ACCF73C00}\ “ButtonText” = “Kontrola rodzicielska…” “CLSIDExtension” = “{D68926FD-18FD-4B0E-A1C7-917D13FAB760}” -> {HKLM…CLSID} = “F-Secure Parental Control COM button” \InProcServer32(Default) = “C:\Program Files\F-Secure\FSPC\fspcmsie.dll” [“F-Secure Corporation”] {200DB664-75B5-47C0-8B45-A44ACCF73F01}\ “MenuText” = “Kontrola rodzicielska…” “CLSIDExtension” = “{D68926FD-18FD-4B0E-A1C7-917D13FAB760}” -> {HKLM…CLSID} = “F-Secure Parental Control COM button” \InProcServer32(Default) = “C:\Program Files\F-Secure\FSPC\fspcmsie.dll” [“F-Secure Corporation”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” {CCA281CA-C863-46EF-9331-5C8D4460577F}\ “ButtonText” = “@btrez.dll ,-4015” “MenuText” = “@btrez.dll ,-12650” “Script” = “E:\WidComm Bluetooth\btsendto_ie.htm” [null data] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\system32\Ati2evxx.exe” [“ATI Technologies Inc.”] Bluetooth Service, btwdins, “E:\WidComm Bluetooth\bin\btwdins.exe” [“Broadcom Corporation.”] F-Secure Anti-Virus Firewall Daemon, FSDFWD, ““C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe”” [“F-Secure Corporation”] F-Secure Automatic Update Agent, FSAUA, ““C:\Program Files\F-Secure\FSAUA\program\fsaua.exe”” [“F-Secure Corporation”] F-Secure Management Agent, FSMA, ““C:\Program Files\F-Secure\Common\FSMA32.EXE”” [“F-Secure Corporation”] FSGKHS, F-Secure Gatekeeper Handler Starter, ““C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe”” [“F-Secure Corporation”] iPod Service, iPod Service, ““C:\Program Files\iPod\bin\iPodService.exe”” [“Apple Computer, Inc.”] ServiceLayer, ServiceLayer, ““C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe”” [“Nokia.”] SpeedTouch 330 Manager, st330service, “C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe -service” [“THOMSON Telecom Belgium”] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] Port drukarki interfejsu Bluetooth\Driver = “bthcrp.dll” [“Broadcom Corporation.”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 12 seconds. ---------- (total run time: 57 seconds)
Z góry wielkie dzięki
Bieniol
(Bbieniol)
27 Grudzień 2006 13:29
#2
Usuń kosmetycznie ten wpis:
Przeczyść rejestr (polecam do tego jv16 PowerTools ), zrób defragmentację, oraz przejrzyj: Optymalizacja XP
Wejdź: Start -> uruchom -> msconfig i w zakładce uruchamianie odznacz (według Ciebie) niepotrzebne przy autostarcie programy
Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (jeżeli jakieś znaczki są żółte, to niech takie zostaną). Po użyciu tego narzędzia wymagany jest reset sysa.