Witam.
Ja może przejdę od razu do konkretów:
1) Opera (wersja 9.02) zamienia mi czasem obrazki na stronie, które pokazują się w innych miejscach na stronie niż powinny. Najlepiej pokaże na screenie jak to wygląda. Po odświeżeniu stronki, raz lub dwa… wszystko wyświetla się poprawnie.
1+) Jeszcze jedna sprawa do Opery. Jak nacisnąłem “Podgląd” (tego posta, przed jego wysłaniem) to Opera chciała mi zapisać plik “posting.php”. Hmm… Czasem też tak jest na innych stronach (ale sporadycznie to występuje).
2) Uruchamiam GG (7.6) i gdy zmienię status na dostępny, zaraz wracam lub niewidoczny to gg natychmiast wyłącza się bez żadnego komunikatu.
I tak już zmieniam komunikator, ale chciałem się dowiedzieć czy to wina jakichś syfów w moim kompie czy może samego p(pffff)rogramu.
3) Kiedyś zainstalowałem sobie Kazaa (3.2.6). Jednak nie doszedłem z tym programem do porozumienia i chciałem go jak najszybciej odinstalować… bo zrobił mi syf na kompie. Jednak nie udało mi się go całkowicie odinstalować… Tzn. w końcu się wkurzyłem i usunąłem “ręcznie”, ale w Dodaj/Usuń programy nadal jest Kazaa jakby byla zainstalowana A teoretycznie wszystkie pliki juz usunąłem. Jak chce usunąć ją z Dodaj/Usun progr. to mi wyskakuje to:
…i nie wiem co z tym zrobić?
Zainstalować od nowa ten cały syf do mojego komputera i odinstalować przez D/U Programy ?
Pozdrawiam, z góry dzieki za pomoc!
Logfile of HijackThis v1.99.1 Scan saved at 12:38:25, on 2007-02-14 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe E:\programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe D:\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\system32\rundll32.exe E:\programy\Opera\Opera.exe F:\chron_komputer\dobreprogramy\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\programy\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\CHRON_~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM…\Run: [smapp] “C:\Program Files\Analog Devices\SoundMAX\Smtray.exe” O4 - HKLM…\Run: [NvCplDaemon] “RUNDLL32.EXE” C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] “nwiz.exe” /install O4 - HKLM…\Run: [NvMediaCenter] “RUNDLL32.EXE” C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [{68FA2437-06A3-1045-1020-021022020030}] “C:\Program Files\Common Files{68FA2437-06A3-1045-1020-021022020030}\Update.exe” mc-110-12-0001291 O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [AWMON] “C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe” O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [QuickTime Task] “E:\programy\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [sony Ericsson PC Suite] “D:\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions O4 - HKCU…\Run: [updateMgr] “E:\programy\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_8 -reboot 1 O4 - HKCU…\Run: [Wow] C:\WINDOWS\system32?icrosoft.NET?ti2evxx.exe O4 - HKCU…\Run: [Mcan] “C:\WINDOWS\TSKS~1\regsvr32.exe” -vt yazb O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\programy\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Pobierz z BitSpirit - F:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - F:\CHRON_~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O17 - HKLM\System\CCS\Services\Tcpip…{AA4E8A86-4C33-44D8-A0A5-4B94DEA7FF1B}: NameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip…{CD310137-4CD9-42A0-9C41-706F17F1C468}: NameServer = 192.168.0.1 O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - F:\chron_komputer\Spyware Doctor\sdhelp.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - F:\chron_komputer\Webroot\Spy Sweeper\WRSSSDK.exe
“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “updateMgr” = ““E:\programy\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_8 -reboot 1” [“Adobe Systems Incorporated”] “Wow” = “C:\WINDOWS\system32?icrosoft.NET?ti2evxx.exe ” [file not found] “Mcan” = ““C:\WINDOWS\TSKS~1\regsvr32.exe” -vt yazb” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Smapp” = ““C:\Program Files\Analog Devices\SoundMAX\Smtray.exe”” [“Analog Devices, Inc.”] “NvCplDaemon” = ““RUNDLL32.EXE” C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “nwiz” = ““nwiz.exe” /install” [“NVIDIA Corporation”] “NvMediaCenter” = ““RUNDLL32.EXE” C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS] “{68FA2437-06A3-1045-1020-021022020030}” = ““C:\Program Files\Common Files{68FA2437-06A3-1045-1020-021022020030}\Update.exe” mc-110-12-0001291” [file not found] “nod32kui” = ““C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE” ["Eset "] “AWMON” = ““C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe”” [file not found] “SpeedTouch USB Diagnostics” = ““C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON multimedia”] “WOOWATCH” = “C:\PROGRA~1\Wanadoo\Watch.exe” [file not found] “WOOTASKBARICON” = “C:\Program Files\Wanadoo\taskbaricon.exe” [file not found] “TkBellExe” = ““C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [“RealNetworks, Inc.”] “QuickTime Task” = ““E:\programy\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”] “(Default)” = “(empty string)” [file not found] “Sony Ericsson PC Suite” = ““D:\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions” [“Sony Ericsson Mobile Communications AB”] HKLM\Software\Microsoft\Active Setup\Installed Components\ {26923b43-4d38-484f-9b9e-de460746276c}(Default) = “Internet Explorer” \StubPath = “C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE” [MS] {881dd1c5-3dcf-431b-b061-f3f88e8be88a}(Default) = “Outlook Express” \StubPath = “C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) - {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “E:\programy\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “F:\CHRON_~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) - {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” - {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” - {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” - {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “E:\programy\ALCOHO~1\ALCOHO~1\AXShlEx.dll” [“Alcohol Soft Development Team”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “E:\programy\WinRAR\rarext.dll” [null data] “{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}” = “OpenOffice.org Column Handler” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{087B3AE3-E237-4467-B8DB-5A38AB959AC9}” = “OpenOffice.org Infotip Handler” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{63542C48-9552-494A-84F7-73AA6A7C99C1}” = “OpenOffice.org Property Sheet Handler” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{3B092F0C-7696-40E3-A80F-68D74DA84210}” = “OpenOffice.org Thumbnail Viewer” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” - {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” - {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”] “{B8323370-FF27-11D2-97B6-204C4F4F5020}” = “SmartFTP Shell Extension DLL” - {HKLM…CLSID} = “SmartFTP Shell Extension DLL” \InProcServer32(Default) = “C:\Program Files\SmartFTP Client 2.0\smarthook.dll” [file not found] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” - {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” - {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” - {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” - {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{EFA24E62-B078-11d0-89E4-00C04FC9E26E}” = “History Band” - {HKLM…CLSID} = “History Band” \InProcServer32(Default) = “C:\WINDOWS\system32\Shdocvw.dll” [MS] “{3028902F-6374-48b2-8DC6-9725E775B926}” = “IE Microsoft AutoComplete” - {HKLM…CLSID} = “IE Microsoft AutoComplete” \InProcServer32(Default) = “C:\WINDOWS\system32\Browseui.dll” [MS] “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” = “NOD32 Context Menu Shell Extension” - {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data] “{A5110426-177D-4e08-AB3F-785F10B4439C}” = “Sony Ericsson File Manager” - {HKLM…CLSID} = “Sony Ericsson File Manager” \InProcServer32(Default) = “D:\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll” [“Sony Ericsson Mobile Communications AB”] HKLM\System\CurrentControlSet\Control\Session Manager\ “BootExecute” = “autocheck autochk *”|“SsiEfr.e” [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ WRNotifier\DLLName = “WRLogonNTF.dll” [“Webroot Software, Inc.”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}(Default) = “OpenOffice.org Column Handler” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” - {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “E:\programy\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” - {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “E:\programy\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “E:\programy\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” - {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “E:\programy\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Grzesiek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “Grzesiek” “All Users” startup folders: ---------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Gamma Loader” - shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”] “Adobe Reader Speed Launch” - shortcut to: “E:\programy\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 11 %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 23 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}” - {HKCU…CLSID} = “Java Plug-in” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] - {HKLM…CLSID} = “Java Plug-in 1.5.0_06” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”] {2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\ “ButtonText” = “Spyware Doctor” “CLSIDExtension” = “{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}” - {HKLM…CLSID} = “PCTools Browser Monitor” \InProcServer32(Default) = “F:\CHRON_~1\SPYWAR~1\tools\iesdpb.dll” [“PC Tools”] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ NOD32 Kernel Service, NOD32krn, ““C:\Program Files\Eset\nod32krn.exe”” ["Eset "] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] Panda Process Protection Service, PavPrSrv, ““C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe”” [“Panda Software”] SoundMAX Agent Service, SoundMAX Agent Service (default), “C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe” [“Analog Devices, Inc.”] StarWind iSCSI Service, StarWindService, “E:\programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe” [“Rocket Division Software”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] ---------- : Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 135 seconds. ---------- (total run time: 273 seconds)
adam9870
(adam9870)
14 Luty 2007 14:19
#2
Otwórz Notatnik i wklej w nim to:
Windows Registry Editor Version 5.00 [HKEY_CURRENT_USERftware\Microsoft\Windows\CurrentVersion\Run] “Wow”=- “Mcan”=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] “{68FA2437-06A3-1045-1020-021022020030}”=- “(Default)”=- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager] “BootExecute”=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\ 00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.
Usuń wpisy HJT.
Jeżeli nie masz już Windows Messenger’a to ciachnij też:
Spyware Doctor jest programem wątpliwej reputacji dlatego proponuję go usunąć. Sposób usunięcia jest podany tutaj:
http://forum.dobreprogramy.pl/viewtopic … 332#791332
Proponuję przeczyścić rejestr ponieważ masz kilka pustych kluczy, opis .
Czy masz jeszcze Pandę?
Po wykonaniu pokaż nowy log z Silenta plus log z ComboFix . Aby zrobić w nim log należy go uruchomić => nacisnąć klawisz Y => czekać cierpliwie i log powinien być w formie pliku .txt o nazwie combofix na partycji C.
Nie mam… zmieniłem ją na inny program.
Wszystko wykonałem wg. wskazówek. Tylko np. nie było w HJT wpisu:
nie wiem może ten “fix.reg” coś na to poradził…?
Oto nowe logi:
“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “updateMgr” = ““E:\programy\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_8 -reboot 1” [“Adobe Systems Incorporated”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Smapp” = ““C:\Program Files\Analog Devices\SoundMAX\Smtray.exe”” [“Analog Devices, Inc.”] “NvCplDaemon” = ““RUNDLL32.EXE” C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “nwiz” = ““nwiz.exe” /install” [“NVIDIA Corporation”] “NvMediaCenter” = ““RUNDLL32.EXE” C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS] “nod32kui” = ““C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE” ["Eset "] “SpeedTouch USB Diagnostics” = ““C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON multimedia”] “TkBellExe” = ““C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [“RealNetworks, Inc.”] “QuickTime Task” = ““E:\programy\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”] “(Default)” = “(empty string)” [file not found] “Sony Ericsson PC Suite” = ““D:\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions” [“Sony Ericsson Mobile Communications AB”] HKLM\Software\Microsoft\Active Setup\Installed Components\ >{26923b43-4d38-484f-9b9e-de460746276c}(Default) = “Internet Explorer” \StubPath = “C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE” [MS] >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}(Default) = “Outlook Express” \StubPath = “C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “E:\programy\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “F:\CHRON_~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “E:\programy\ALCOHO~1\ALCOHO~1\AXShlEx.dll” [“Alcohol Soft Development Team”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “E:\programy\WinRAR\rarext.dll” [null data] “{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}” = “OpenOffice.org Column Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{087B3AE3-E237-4467-B8DB-5A38AB959AC9}” = “OpenOffice.org Infotip Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{63542C48-9552-494A-84F7-73AA6A7C99C1}” = “OpenOffice.org Property Sheet Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{3B092F0C-7696-40E3-A80F-68D74DA84210}” = “OpenOffice.org Thumbnail Viewer” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{EFA24E62-B078-11d0-89E4-00C04FC9E26E}” = “History Band” -> {HKLM…CLSID} = “History Band” \InProcServer32(Default) = “C:\WINDOWS\system32\Shdocvw.dll” [MS] “{3028902F-6374-48b2-8DC6-9725E775B926}” = “IE Microsoft AutoComplete” -> {HKLM…CLSID} = “IE Microsoft AutoComplete” \InProcServer32(Default) = “C:\WINDOWS\system32\Browseui.dll” [MS] “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” = “NOD32 Context Menu Shell Extension” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data] “{A5110426-177D-4e08-AB3F-785F10B4439C}” = “Sony Ericsson File Manager” -> {HKLM…CLSID} = “Sony Ericsson File Manager” \InProcServer32(Default) = “D:\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll” [“Sony Ericsson Mobile Communications AB”] HKLM\System\CurrentControlSet\Control\Session Manager\ <> “BootExecute” = “autocheck autochk *”|“SsiEfr.e” [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> WRNotifier\DLLName = “WRLogonNTF.dll” [“Webroot Software, Inc.”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}(Default) = “OpenOffice.org Column Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “E:\programy\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “E:\programy\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “E:\programy\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “E:\programy\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Grzesiek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “Grzesiek” & “All Users” startup folders: ---------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Gamma Loader” -> shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”] “Adobe Reader Speed Launch” -> shortcut to: “E:\programy\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 11 %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 23 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_06” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”] {2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\ “ButtonText” = “Spyware Doctor” “CLSIDExtension” = “{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}” Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ NOD32 Kernel Service, NOD32krn, ““C:\Program Files\Eset\nod32krn.exe”” ["Eset "] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] Panda Process Protection Service, PavPrSrv, ““C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe”” [“Panda Software”] SoundMAX Agent Service, SoundMAX Agent Service (default), “C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe” [“Analog Devices, Inc.”] StarWind iSCSI Service, StarWindService, “E:\programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe” [“Rocket Division Software”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 138 seconds. ---------- (total run time: 268 seconds)
“Grzesiek” - 07-02-14 18:11:54 Dodatek Service Pack 2 ComboFix 07-02-11 - Running from: “C:\Documents and Settings\Grzesiek\Pulpit\porady” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\unsvchosts.lzma C:\Program Files\Common Files{68FA2~1 C:\Program Files\Common Files{68FA2~2 ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\qoobox\purity\Program Files\WNSXS~1 C:\qoobox\purity\WINDOWS\TSKS~1 C:\qoobox\purity\WINDOWS\system32\ICROSO~1.NET C:\qoobox\purity\WINDOWS\TSKS~1\T?sks C:\qoobox\purity\WINDOWS\TSKS~1\T?sks\ctxad-539.0000 C:\qoobox\purity\WINDOWS\TSKS~1\T?sks\ctxad-539.0001 C:\qoobox\purity\WINDOWS\TSKS~1\T?sks\ctxad-539.0002 C:\qoobox\purity\WINDOWS\TSKS~1\T?sks\ctxad-539.0003 C:\qoobox\purity\WINDOWS\TSKS~1\T?sks\ctxad-539.0004 C:\qoobox\purity\WINDOWS\TSKS~1\T?sks\ctxad-539.0005 C:\qoobox\purity\WINDOWS\TSKS~1\T?sks\ctxad-539.0006 ((((((((((((((((((((((((((((((( Files Created from 2007-01-14 to 2007-02-14 )))))))))))))))))))))))))))))))))) 2007-02-13 19:10 2007-02-13 18:51 2007-02-13 18:51 2007-02-13 18:50 2007-02-13 18:50 2007-02-13 18:50 2007-02-13 18:43 2007-02-13 18:40 94,064 --a------ C:\WINDOWS\system32\drivers\k510mdm.sys 2007-02-13 18:40 85,408 --a------ C:\WINDOWS\system32\drivers\k510mgmt.sys 2007-02-13 18:40 83,344 --a------ C:\WINDOWS\system32\drivers\k510obex.sys 2007-02-13 18:40 8,336 --a------ C:\WINDOWS\system32\drivers\k510mdfl.sys 2007-02-13 18:40 6,176 --a------ C:\WINDOWS\system32\drivers\k510cmnt.sys 2007-02-13 18:40 6,176 --a------ C:\WINDOWS\system32\drivers\k510cm.sys 2007-02-13 18:40 58,288 --a------ C:\WINDOWS\system32\drivers\k510bus.sys 2007-02-13 18:40 5,808 --a------ C:\WINDOWS\system32\drivers\k510whnt.sys 2007-02-13 18:40 5,808 --a------ C:\WINDOWS\system32\drivers\k510wh.sys 2007-02-12 12:46 2007-02-12 12:46 2007-02-11 12:11 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-02-11 12:10 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2007-02-11 12:08 57,344 --a------ C:\WINDOWS\system32\SAIGON.dll 2007-02-11 12:08 45,056 --a------ C:\WINDOWS\system32\SAIKICK.dll 2007-02-11 12:08 155,648 --a------ C:\WINDOWS\system32\nY.exe 2007-02-11 12:08 2007-02-09 14:12 2007-02-08 18:39 2 --a------ C:\WINDOWS\system32\wapitr.exe 2007-02-08 14:20 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2007-02-08 14:20 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2007-02-08 14:20 2007-02-08 14:20 2007-02-08 14:16 6,656 --a------ C:\WINDOWS\system32\drivers\RKPavProc.sys 2007-02-08 14:15 78,336 --a------ C:\WINDOWS\system32\drivers\ssi.sys 2007-02-08 14:15 102,912 --a------ C:\WINDOWS\system32\islzma.dll 2007-02-08 14:15 2007-02-08 14:15 2007-02-08 14:13 2007-02-05 22:14 2007-02-05 21:16 2007-01-21 21:39 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-01-21 21:39 274,432 --a------ C:\WINDOWS\system32\imon.dll 2007-01-20 23:03 2007-01-20 23:02 2007-01-14 23:01 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-02-14 16:43 87626 --a------ C:\WINDOWS\system32\perfc015.dat 2007-02-14 16:43 476082 --a------ C:\WINDOWS\system32\perfh015.dat 2007-02-13 19:21 -------- d—s---- C:\DOCUME~1\Grzesiek\Dane aplikacji\microsoft 2007-02-13 10:24 -------- d-------- C:\DOCUME~1\Grzesiek\Dane aplikacji\openoffice.ux.pl2 2007-02-13 09:56 -------- d-------- C:\DOCUME~1\Grzesiek\Dane aplikacji\adobe 2007-02-11 22:44 -------- d-------- C:\Program Files\gamespy arcade 2007-02-11 12:08 -------- d–h----- C:\Program Files\installshield installation information 2007-02-09 10:51 -------- d-------- C:\Program Files\wmr11 2007-02-08 23:23 -------- d-------- C:\Program Files\Common Files\macromedia 2007-02-05 14:24 -------- d-------- C:\Program Files\wanadoo 2007-01-30 23:02 -------- d-------- C:\DOCUME~1\Grzesiek\Dane aplikacji\lavasoft 2007-01-19 23:17 -------- d-------- C:\DOCUME~1\Grzesiek\Dane aplikacji\adobeum 2007-01-14 20:50 10345 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2007-01-11 18:51 -------- d-------- C:\DOCUME~1\Grzesiek\Dane aplikacji\publish providers 2007-01-11 18:50 -------- d-------- C:\DOCUME~1\Grzesiek\Dane aplikacji\sony 2007-01-11 18:43 -------- d-------- C:\Program Files\microsoft sql server 2007-01-11 18:39 -------- d-------- C:\Program Files\vstplugins 2007-01-11 18:06 -------- d-------- C:\DOCUME~1\Grzesiek\Dane aplikacji\sony setup 2007-01-11 16:29 -------- d-------- C:\Program Files\conference 2006-12-28 12:44 655 --a------ C:\WINDOWS\unins002.dat 2006-12-11 11:52 21840 --a------ C:\WINDOWS\system32\sintfnt.dll 2006-12-11 11:52 17212 --a------ C:\WINDOWS\system32\sintf32.dll 2006-12-11 11:52 12067 --a------ C:\WINDOWS\system32\sintf16.dll 2006-12-07 07:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll 2006-12-06 11:25 1200128 --a------ C:\WINDOWS\system32\cfhd.dll 2006-11-21 08:52 11690 --ahs---- C:\WINDOWS\system32\kgygaavl.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “updateMgr”="“E:\programy\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_8 -reboot 1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “Smapp”="“C:\Program Files\Analog Devices\SoundMAX\Smtray.exe”" “NvCplDaemon”="“RUNDLL32.EXE” C:\WINDOWS\system32\NvCpl.dll,NvStartup" “nwiz”="“nwiz.exe” /install" “NvMediaCenter”="“RUNDLL32.EXE” C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" “nod32kui”="“C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE" “SpeedTouch USB Diagnostics”="“C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe” /icon" “TkBellExe”="“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot" “QuickTime Task”="“E:\programy\QuickTime\qttask.exe” -atboottime" @="" “Sony Ericsson PC Suite”="“D:\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“kazaa” “hkey”=“HKLM” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“dumprep 0 -k” “hkey”=“HKLM” “command”="%systemroot%\system32\dumprep 0 -k" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mcan] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“regsvr32” “hkey”=“HKCU” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“qttask” “hkey”=“HKLM” “command”="“E:\programy\QuickTime\qttask.exe” -atboottime" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“realplay” “hkey”=“HKCU” “command”="“C:\Program Files\Real\RealPlayer\realplay.exe” /RunUPGToolCommandReBoot" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“jusched” “hkey”=“HKLM” “command”="“C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe”" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“realsched” “hkey”=“HKLM” “command”="“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“taskbaricon” “hkey”=“HKLM” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“Watch” “hkey”=“HKLM” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wow] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”="?ti2evxx" “hkey”=“HKCU” “command”=“C:\WINDOWS\system32\?icrosoft.NET \?ti2evxx.exe” “inimapping”=“0” [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Spyware Doctor”="" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “Spyware Doctor”="" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H] Shell\AutoRun\command H:\autorun.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{aeb64bf4-9c14-11da-9aed-0090d0a6e023}] Shell\AutoRun\command H:\autorun.exe ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070214-170010-686 O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) backup-20070214-170009-958 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) backup-20070214-170010-121 O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) backup-20070214-170010-387 O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - F:\chron_komputer\Spyware Doctor\sdhelp.exe backup-20070214-170009-178 O4 - HKCU…\Run: [Mcan] “C:\WINDOWS\TSKS~1\regsvr32.exe” -vt yazb backup-20070214-170009-385 O4 - HKCU…\Run: [Wow] C:\WINDOWS\system32?icrosoft.NET?ti2evxx.exe ******************************************************************** catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-02-14 18:14:55