Problem Z konikami trojańskimi!Help exhm i exinjs?

amper717 · 6 Czerwiec 2007 22:02

Ratunku! mam problemy z trojanamii!! Avast cały czas wykrywa jakies konie 23exhm.exe, 48exinjs.txt itd. nie wiem co mam robić bo one cały czas wyskakuja i róznia sie tylko liczba przed exhm. Proszę o pomoc.

Pozdrawiam, Wróg Wirusów

Gutek · 6 Czerwiec 2007 22:09

Daj log z Combofix

amper717 · 6 Czerwiec 2007 22:51

“Piotrek” - 2007-06-07 0:29:01 Dodatek Service Pack 2 NTFS

ComboFix 07-06-3B - Running from: “C:\Documents and Settings\Piotrek\Pulpit”

((((((((((((((((((((((((( Files Created from 2007-05-06 to 2007-06-06 )))))))))))))))))))))))))))))))

2007-06-07 00:21 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-03 16:33 75,512 --a------ C:\WINDOWS\zllsputility.exe

2007-06-03 16:33 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll

2007-06-03 16:32 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll

2007-05-24 07:32

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-06 22:30:35 -------- d-----w C:\DOCUME~1\Piotrek\DANEAP~1\Skype

2007-06-03 14:37:55 4,212 —h–w C:\WINDOWS\system32\zllictbl.dat

2007-05-24 15:52:25 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2007-05-06 17:21:58 -------- d-----w C:\DOCUME~1\Piotrek\DANEAP~1\Nokia Multimedia Player

2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-18 16:06:12 -------- d–h--w C:\Program Files\InstallShield Installation Information

2007-03-25 08:28:12 74,230 ----a-w C:\WINDOWS\system32\perfc015.dat

2007-03-25 08:28:12 448,004 ----a-w C:\WINDOWS\system32\perfh015.dat

2007-03-17 13:45:36 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll

2007-03-08 15:38:47 579,072 ----a-w C:\WINDOWS\system32\user32.dll

2007-03-08 15:38:47 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll

2007-03-08 15:38:47 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll

2007-03-08 15:37:33 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys

2001-10-26 15:45:30 94,832 --sh–w C:\WINDOWS\twain.dll

2004-08-03 22:44:14 50,688 --sh–w C:\WINDOWS\twain_32.dll

2004-08-03 22:44:02 1,028,096 --sh–w C:\WINDOWS\system32\mfc42.dll

2004-08-03 22:44:06 54,784 --sh–w C:\WINDOWS\system32\msvcirt.dll

2004-08-03 22:44:06 413,696 --sh–w C:\WINDOWS\system32\msvcp60.dll

2004-08-03 22:44:06 343,040 --sh–w C:\WINDOWS\system32\msvcrt.dll

2004-08-03 22:44:08 553,472 --sh–w C:\WINDOWS\system32\oleaut32.dll

2004-08-03 22:44:08 83,456 --sh–w C:\WINDOWS\system32\olepro32.dll

2004-08-03 22:44:28 12,288 --sh–w C:\WINDOWS\system32\regsvr32.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-11-22 14:46]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 13:02]

{2A8A997F-BB9F-48F6-AA2B-2762D50F9289}=C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll [2006-11-06 11:22]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22]

{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2006-10-12 11:38]

{b5146c40-189a-4311-bda9-fbae3e023187}=C:\Program Files\Multi_Media\tbMult.dll [2007-03-07 12:01]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“nwiz”=“nwiz.exe” [2004-05-05 16:34 C:\WINDOWS\system32\nwiz.exe]

“SoundMan”=“SOUNDMAN.EXE” [2004-07-01 12:23 C:\WINDOWS\SOUNDMAN.EXE]

“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2003-10-31 19:42]

“InCD”=“C:\Program Files\Ahead\InCD\InCD.exe” [2004-03-24 12:41]

“Ad-aware”=“C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe” [2003-07-12 21:00]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-01-15 18:28]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [2005-11-10 13:03]

“QuickTime Task”=“C:\program files\camedia\qttask.exe” [2005-08-31 23:01]

“Adobe Photo Downloader”=“D:\photoshop\3.0\Apps\apdproxy.exe” [2005-06-06 23:46]

“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2006-01-06 19:22]

“DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2005-11-09 00:00]

“WinampAgent”=“D:\Winamp\winampa.exe” [2006-05-25 19:35]

“CloneCDTray”=“D:\CloneCD\CloneCDTray.exe” [2004-09-02 23:57]

“UserFaultCheck”="%systemroot%\system32\dumprep 0 -u" []

“OrderReminder”=“C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe” [2005-12-21 11:00]

“@”="" []

“HPUsageTracking”=“C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe” [2006-06-09 12:23]

“DataLayer”=“C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe” [2005-06-07 12:31]

“PCSuiteTrayApplication”=“D:\PCSuite\Nokia PC Suite 6\LaunchApplication.exe” [2005-06-29 16:29]

“ZoneAlarm Client”=“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [2007-03-09 01:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24]

“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2005-10-24 20:37]

“Creative Detector”=“C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe” [2004-12-02 19:23]

“Gadu-Gadu”=“D:\Gadu-Gadu 7.5\Gadu-Gadu\gg.exe” [2006-09-14 17:49]

“PcSync”=“D:\PCSuite\Nokia PC Suite 6\PcSync2.exe” [2005-06-24 15:08]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-07 00:31:20

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HPUsageTracking = C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe “C:\Program Files\Hewlett-Packard\HP UT”???

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Creative Detector = “C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe” /R???l??|q??|???|???|???$???|???|x??|???|p??|???m??|???|???|???w ??w6???s???<???rl?wUV?w???|?k?w

scanning hidden files …

**************************************************************************

Completion time: 2007-06-07 0:33:06

C:\ComboFix-quarantined-files.txt … 2007-06-07 00:32

— E O F —

Złączono Posta : 07.06.2007 (Czw) 10:41

cop dalej z tym logiem??

adam9870 · 7 Czerwiec 2007 08:46

Korzystając z apletu Dodaj/usuń programy odinstaluj Multi_Media.

Uruchom system w trybie awaryjnym i usuń z dysku ręcznie katalog C:\Program Files** Multi_Media**

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Po wykonaniu wklej log z SilentRunners.

amper717 · 7 Czerwiec 2007 11:57

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS]

“MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS]

“Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”]

“Creative Detector” = ““C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe” /R” [“Creative Technology Ltd”]

“Gadu-Gadu” = ““D:\Gadu-Gadu 7.5\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z o.o.”]

“PcSync” = “D:\PCSuite\Nokia PC Suite 6\PcSync2.exe /NoDialog” [“Time Information Services Ltd.”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”]

“SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”]

“RemoteControl” = ““C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”” [“Cyberlink Corp.”]

“InCD” = “C:\Program Files\Ahead\InCD\InCD.exe” [“Ahead Software AG”]

“Ad-aware” = ““C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe” +c” [“Lavasoft Sweden”]

“avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data]

“SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [“Sun Microsystems, Inc.”]

“QuickTime Task” = ““C:\program files\camedia\qttask.exe” -atboottime” [“Apple Computer, Inc.”]

“Adobe Photo Downloader” = ““D:\photoshop\3.0\Apps\apdproxy.exe”” [“Adobe Systems Incorporated”]

“TkBellExe” = ““C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [“RealNetworks, Inc.”]

“DAEMON Tools” = ““C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”]

“WinampAgent” = “D:\Winamp\winampa.exe” [null data]

“CloneCDTray” = ““D:\CloneCD\CloneCDTray.exe” /s” [“SlySoft, Inc.”]

“UserFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -u”

“OrderReminder” = “C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe” [“Hewlett-Packard”]

“(Default)” = “(empty string)” [file not found]

“HPUsageTracking” = “C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe “C:\Program Files\Hewlett-Packard\HP UT”” [null data]

“DataLayer” = “C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe” [“Nokia Mobile Phones Ltd.”]

“PCSuiteTrayApplication” = “D:\PCSuite\Nokia PC Suite 6\LaunchApplication.exe -onlytray” [“Nokia”]

“ZoneAlarm Client” = ““C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”” [“Zone Labs, LLC”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided)

-> {HKLM…CLSID} = “Yahoo! Toolbar Helper”

\InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM…CLSID} = “AcroIEHlprObj Class”

\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx” [empty string]

{2A8A997F-BB9F-48F6-AA2B-2762D50F9289}(Default) = “ShprRprts”

-> {HKLM…CLSID} = “ShprRprts”

\InProcServer32(Default) = “C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll” [“ShopperReports”]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)

-> {HKLM…CLSID} = “SSVHelper Class”

\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”]

{AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided)

-> {HKLM…CLSID} = “Google Toolbar Helper”

\InProcServer32(Default) = “c:\program files\google\googletoolbar3.dll” [“Google Inc.”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”

-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”

\InProcServer32(Default) = “deskpan.dll” [file not found]

“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”

-> {HKLM…CLSID} = “HyperTerminal Icon Ext”

\InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”]

“{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class”

-> {HKLM…CLSID} = “DesktopContext Class”

\InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”]

“{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper”

-> {HKLM…CLSID} = “NVIDIA CPL Extension”

\InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”]

“{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer”

-> {HKLM…CLSID} = “Desktop Explorer”

\InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”]

“{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”]

“{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu”

-> {HKLM…CLSID} = “nView Desktop Context Menu”

\InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”]

“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler”

-> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL” [MS]

“{950FF917-7A57-46BC-8017-59D9BF474000}” = “Shell Extension for CDRW”

-> {HKLM…CLSID} = “Shell Extension for CDRW”

\InProcServer32(Default) = “C:\Program Files\Ahead\InCD\incdshx.dll” [“Ahead Software AG”]

“{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu”

-> {HKLM…CLSID} = “Portable Media Devices Menu”

\InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS]

“{472083B0-C522-11CF-8763-00608CC02F24}” = “avast”

-> {HKLM…CLSID} = “avast”

\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”]

“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

“{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player”

-> {HKLM…CLSID} = “RealOne Player Context Menu Class”

\InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”]

“{0E40CBF0-0263-4AD4-A71B-11316667CBB7}” = “MuVo V200 Media Explorer”

-> {HKLM…CLSID} = “MuVo V200 Media Explorer”

\InProcServer32(Default) = “D:\creative\CTMvns.dll” [“Creative Technology Ltd”]

“{BAF55D20-7BC0-4bcc-A91F-A5223FFFDC9D}” = “Sorcerer Shell Extension”

-> {HKLM…CLSID} = “Sorcerer Shell Extension”

\InProcServer32(Default) = “C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1005SX.DLL” [“Software 2000 Limited”]

“{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}” = “PhoneBrowser”

-> {HKLM…CLSID} = “Nokia Phone Browser”

\InProcServer32(Default) = “D:\PCSuite\Nokia PC Suite 6\PhoneBrowser.dll” [“Nokia”]

“{FBFE7864-D495-41f0-B7DC-4BB601CC295E}” = “Contact View”

-> {HKLM…CLSID} = “Contact View”

\InProcServer32(Default) = “D:\PCSuite\Nokia PC Suite 6\ContactView.dll” [“Nokia”]

“{C0C4375A-5B72-4efe-929D-3B848C3A1E91}” = “Message View”

-> {HKLM…CLSID} = “Message View”

\InProcServer32(Default) = “D:\PCSuite\Nokia PC Suite 6\MessageView.dll” [“Nokia”]

“{D9872D13-7651-4471-9EEE-F0A00218BEBB}” = “Multiscan”

-> {HKLM…CLSID} = “ZLAVShExt Class”

\InProcServer32(Default) = “C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll” [“Zone Labs, LLC”]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}”

-> {HKLM…CLSID} = “avast”

\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

ZLAVShExt(Default) = “{D9872D13-7651-4471-9EEE-F0A00218BEBB}”

-> {HKLM…CLSID} = “ZLAVShExt Class”

\InProcServer32(Default) = “C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll” [“Zone Labs, LLC”]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}”

-> {HKLM…CLSID} = “avast”

\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

ZLAVShExt(Default) = “{D9872D13-7651-4471-9EEE-F0A00218BEBB}”

-> {HKLM…CLSID} = “ZLAVShExt Class”

\InProcServer32(Default) = “C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll” [“Zone Labs, LLC”]

Group Policies {GPedit.msc branch and setting}:

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

“undockwithoutlogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

“Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

“Wallpaper” = “C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”

Startup items in “Piotrek” & “All Users” startup folders:

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

“Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS]

“Witryna internetowa myPrintMileage” -> shortcut to: “C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe” [null data]

Winsock2 Service Provider DLLs:

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]

000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

“{2318C2B1-4965-11D4-9B18-009027A5CD4F}”

-> {HKLM…CLSID} = “&Google”

\InProcServer32(Default) = “c:\program files\google\googletoolbar3.dll” [“Google Inc.”]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

“{2318C2B1-4965-11D4-9B18-009027A5CD4F}”

-> {HKLM…CLSID} = “&Google”

\InProcServer32(Default) = “c:\program files\google\googletoolbar3.dll” [“Google Inc.”]

“{EF99BD32-C1FB-11D2-892F-0090271D4F88}”

-> {HKLM…CLSID} = “Yahoo! Toolbar”

\InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

“{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = (no title provided)

-> {HKLM…CLSID} = “Yahoo! Toolbar”

\InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”]

“{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided)

-> {HKLM…CLSID} = “&Google”

\InProcServer32(Default) = “c:\program files\google\googletoolbar3.dll” [“Google Inc.”]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}(Default) = (no title provided)

-> {HKLM…CLSID} = “ShopperReports”

\InProcServer32(Default) = “C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll” [“ShopperReports”]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

“MenuText” = “Sun Java Console”

“CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}”

-> {HKCU…CLSID} = “Java Plug-in”

\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”]

-> {HKLM…CLSID} = “Java Plug-in 1.5.0_06”

\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”]

{946B3E9E-E21A-49C8-9F63-900533FAFE14}\

“ButtonText” = “ShopperReports - Compare product prices”

“CLSIDExtension” = “{580a1f3f-89b4-433b-bbdb-b97aeb13f3fc}”

-> {HKLM…CLSID} = “IEButton”

\InProcServer32(Default) = “C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll” [“ShopperReports”]

{946B3E9E-E21A-49C8-9F63-900533FAFE15}\

“ButtonText” = “ShopperReports - Compare travel rates”

“CLSIDExtension” = “{454b4812-e572-4703-a1bb-63490809eac0}”

-> {HKLM…CLSID} = “IEButtonA”

\InProcServer32(Default) = “C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll” [“ShopperReports”]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

“ButtonText” = “Messenger”

“MenuText” = “Windows Messenger”

“Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):

avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data]

avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data]

avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”]

avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”]

Creative Service for CDROM Access, Creative Service for CDROM Access, “C:\WINDOWS\system32\CTsvcCDA.EXE” [“Creative Technology Ltd”]

InCD Helper, InCDsrv, “C:\Program Files\Ahead\InCD\InCDsrv.exe” [“Ahead Software AG”]

NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”]

SecuROM User Access Service (V7), UserAccess7, “C:\WINDOWS\system32\UAService7.exe” [null data]

TrueVector Internet Monitor, vsmon, “C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service” [“Zone Labs, LLC”]

Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS]

Print Monitors:

HKLM\System\CurrentControlSet\Control\Print\Monitors\

HP LaserJet M1005 Language Monitor\Driver = “HP1005LM.DLL” [“Software 2000 Limited”]

This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

The search for DESKTOP.INI DLL launch points on all local fixed drives

took 169 seconds.

---------- (total run time: 229 seconds)

Złączono Posta : 07.06.2007 (Czw) 13:58