przemo04
(Przemo04)
15 Grudzień 2006 19:05
#1
Mam problem z spywarem!! Mianowicie wczoraj niewiadomo skąd pojawił się program bar888. po przeszukaniu google znalazłem ten link http://forum.dobreprogramy.pl/viewtopic.php?t=116122
Kierując się nim próbowałem usunąć nieproszonego gościa, lecz nadal system pokazywał możliwość iż owy program jest na komputerze. Dziś po włączeniu komputera i sprawdzeniu folderu program files/Common Files pojawiły się od nowa pomimo wyrzucenia foldery:
{00E58BA7-0000-1045-8-048080030} i {30E58BA7-0000-1045-8-048080030}.
Proszę o pomoc
Z góry dziękuję!
A tu są logi:
Hijackthis:
Logfile of HijackThis v1.99.1 Scan saved at 20:06:47, on 2006-12-15 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavprot.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Prevsrv.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\apvxdwin.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\PWN\Definicje\Bin\Starter.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe F:\Programy\Winamp\winampa.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe F:\Programy\q\iTunesHelper.exe C:\Program Files\AGEIA Technologies\TrayIcon.exe C:\Program Files\Common Files{00E58BA7-0000-1045-8-048080030}\Update.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe F:\Programy\BitTorrent\bittorrent.exe C:\PROGRA~1\COMMON~1\STEM~1\rundll.exe C:\Program Files\Common Files\F?nts?explore.exe C:\Program Files\iPod\bin\iPodService.exe F:\Programy\Spybot - Search Destroy\TeaTimer.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe F:\Programy\firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe C:\Documents and Settings\TAIGER\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://206.165.1.6/signup R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL R3 - URLSearchHook: (no name) - {FEDF5E96-E52D-88BD-2C51-EE5B5529669B} - C:\WINDOWS\system32\qcs.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\Programy\BitComet\tools\BitCometBHO.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programy\Spybot - Search Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {FEDF5E96-E52D-88BD-2C51-EE5B5529669B} - C:\WINDOWS\system32\qcs.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [AceGain LiveUpdate] F:\GRY\BTV\LiveUpdate.exe O4 - HKLM…\Run: [DemonStarter] C:\Program Files\PWN\Definicje\Bin\Starter.exe O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [APVXDWIN] “C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE” /s O4 - HKLM…\Run: [WinampAgent] F:\Programy\Winamp\winampa.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [iTunesHelper] “F:\Programy\q\iTunesHelper.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe O4 - HKLM…\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvxuh.dll,startup O4 - HKCU…\Run: [Gadu-Gadu] “F:\Programy\gg\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [skype] “F:\Programy\skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [steam] F:\hl2\Steam.exe -silent O4 - HKCU…\Run: [bitTorrent] “F:\Programy\BitTorrent\bittorrent.exe” --force_start_minimized O4 - HKCU…\Run: [bsti] “C:\PROGRA~1\COMMON~1\STEM~1\rundll.exe” -vt yazb O4 - HKCU…\Run: [Htx] C:\Program Files\Common Files\F?nts?explore.exe O4 - HKCU…\Run: [spybotSD TeaTimer] F:\Programy\Spybot - Search Destroy\TeaTimer.exe O4 - HKCU…\Run: [Windows installer] C:\winstall.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Download all links using BitComet - res://F:\Programy\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://F:\Programy\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using BitComet - res://F:\Programy\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) - O17 - HKLM\System\CCS\Services\Tcpip…{28A631F2-AB8E-4ACC-BDB8-00B0DD81B689}: NameServer = 194.204.152.34 217.98.63.164 O18 - Protocol: bw+0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - AppInit_DLLs: PAVWAIT.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winwea32 - C:\WINDOWS\SYSTEM32\winwea32.dll O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Panda PAVFNSVR (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe O23 - Service: Panda PAVPROT (PAVPROT) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavprot.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Prevsrv.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe a tu log SilentRunners: “Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ “{00E58BA7-0000-1045-8-048080030}” = ““C:\Program Files\Common Files{00E58BA7-0000-1045-8-048080030}\Update.exe” mc-110-12-0000272” [null data] HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Gadu-Gadu” = ““F:\Programy\gg\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z oo”] “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] “Skype” = ““F:\Programy\skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] “LDM” = “C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe” [“Logitech”] “swg” = “C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe” [“Google Inc.”] “Steam” = “F:\hl2\Steam.exe -silent” [“Valve Corporation”] “BitTorrent” = ““F:\Programy\BitTorrent\bittorrent.exe” --force_start_minimized” [null data] “Bsti” = ““C:\PROGRA~1\COMMON~1\STEM~1\rundll.exe” -vt yazb” [null data] “Htx” = “C:\Program Files\Common Files\F*nts*explore.exe” (unwritable string) [null data] “SpybotSD TeaTimer” = “F:\Programy\Spybot - Search Destroy\TeaTimer.exe” [“Safer Networking Limited”] “Windows installer” = “C:\winstall.exe” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++} “ISHOST.EXE” = “ISHOST.EXE” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “ATIPTA” = “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [“ATI Technologies, Inc.”] “AceGain LiveUpdate” = “F:\GRY\BTV\LiveUpdate.exe” [file not found] “DemonStarter” = “C:\Program Files\PWN\Definicje\Bin\Starter.exe” [null data] “WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [empty string] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom RD”] “WOOTASKBARICON” = “C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [“France Télécom RD”] “APVXDWIN” = ““C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE” /s” [“Panda Software International”] “WinampAgent” = “F:\Programy\Winamp\winampa.exe” [null data] “SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [“Sun Microsystems, Inc.”] “TkBellExe” = ““C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [“RealNetworks, Inc.”] “QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”] “iTunesHelper” = ““F:\Programy\q\iTunesHelper.exe”” [“Apple Computer, Inc.”] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “AGEIA PhysX SysTray” = “C:\Program Files\AGEIA Technologies\TrayIcon.exe” [null data] “CTDrive” = “rundll32.exe C:\WINDOWS\system32\drvxuh.dll,startup” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided) - {HKLM…CLSID} = “Yahoo! Toolbar Helper” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}(Default) = “BitComet ClickCapture” - {HKLM…CLSID} = “BitComet Helper” \InProcServer32(Default) = “F:\Programy\BitComet\tools\BitCometBHO.dll” [“BitComet”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “F:\Programy\Spybot - Search Destroy\SDHelper.dll” [“Safer Networking Limited”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) - {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided) - {HKLM…CLSID} = “Google Toolbar Helper” \InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] {FEDF5E96-E52D-88BD-2C51-EE5B5529669B}(Default) = (no title provided) - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\qcs.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” - {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” - {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” - {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\Audiodev.dll” [MS] “{65756541-C65C-11CD-0000-4B656E696100}” = “Panda Antivirus” - {HKLM…CLSID} = “Panda Antivirus” \InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\ShellTit.DLL” [“Panda Software International”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” - {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” - {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “F:\Programy\real\rpshell.dll” [“RealNetworks, Inc.”] “{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}” = “iTunes” - {HKLM…CLSID} = “iTunes” \InProcServer32(Default) = “F:\Programy\q\iTunesMiniPlayer.dll” [“Apple Computer, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “SystemCheck2” = “{54645654-2225-4455-44A1-9F4543D34546}” - {HKLM…CLSID} = “System Check Application” \InProcServer32(Default) = “C:\WINDOWS\System32\vbsys2.dll” [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ “AppInit_DLLs” = “PAVWAIT.DLL” [“Panda Software”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] winwea32\DLLName = “winwea32.dll” [null data] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Panda Antivirus(Default) = “{65756541-C65C-11CD-0000-4B656E696100}” - {HKLM…CLSID} = “Panda Antivirus” \InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\ShellTit.DLL” [“Panda Software International”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Panda Antivirus(Default) = “{65756541-C65C-11CD-0000-4B656E696100}” - {HKLM…CLSID} = “Panda Antivirus” \InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\ShellTit.DLL” [“Panda Software International”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “%APPDATA%\Microsoft\Internet Explorer\Tapeta programu Internet Explorer.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\TAIGER\Dane aplikacji\Microsoft\Internet Explorer\Tapeta programu Internet Explorer.bmp” Startup items in “TAIGER” “All Users” startup folders: -------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “DSLMON” - shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W” [empty string] “Logitech Desktop Messenger” - shortcut to: “C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start” [“Logitech”] “Logitech SetPoint” - shortcut to: “C:\Program Files\Logitech\SetPoint\KEM.exe” [“Logitech Inc.”] “Microsoft Office” - shortcut to: “C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l” [MS] Enabled Scheduled Tasks: ------------------------ “AppleSoftwareUpdate” - launches: “C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task” [“Apple Computer, Inc.”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavlsp.dll ["Panda Software "], 01 - 03, 09 %SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 10 - 23 %SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” - {HKLM…CLSID} = “Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” - {HKLM…CLSID} = “Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] “{EF99BD32-C1FB-11D2-892F-0090271D4F88}” - {HKLM…CLSID} = “Yahoo! Toolbar” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] “{C1B4DEC2-2623-438E-9CA2-C9043AB28508}” - {HKLM…CLSID} = “Bar888” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1{30E58~1\Bar888.dll” [null data] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = (no title provided) - {HKLM…CLSID} = “Yahoo! Toolbar” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided) - {HKLM…CLSID} = “Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = “ToolBand Class” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}” - {HKCU…CLSID} = “Java Plug-in” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] - {HKLM…CLSID} = “Java Plug-in 1.5.0_06” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided) - {HKLM…CLSID} = “Search Class” \InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [empty string] “{FEDF5E96-E52D-88BD-2C51-EE5B5529669B}” = (no title provided) - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\qcs.dll” [null data] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\system32\Ati2evxx.exe” [“ATI Technologies Inc.”] iPod Service, iPod Service, ““C:\Program Files\iPod\bin\iPodService.exe”” [“Apple Computer, Inc.”] Panda anti-virus service, PAVSRV, “C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe” [“Panda Software”] Panda IManager Service, PSIMSVC, ““C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe”” [“Panda Software Internacional”] Panda PAVFNSVR, PAVFNSVR, ““C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe”” [“Panda Software”] Panda PAVPROT, PAVPROT, ““C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavprot.exe”” [“Panda Software”] Panda Preventium+ Service, PREVSRV, ““C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Prevsrv.exe”” [“Panda Software”] Panda Process Protection Service, PavPrSrv, “C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe” [“Panda Software”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\System32\wdfmgr.exe” [MS] ---------- : Suspicious data at a malware launch point. : Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 60 seconds, including 3 seconds for message boxes)
Monczkin
(Monczkin)
15 Grudzień 2006 19:09
#2
przemo04 proszę poprawić temat (tytuł) i posta zgodnie z zasadami opisanymi w przyklejonych tematach w tym dziale. Inaczej temat zostanie usunięty.
adam9870
(adam9870)
15 Grudzień 2006 19:13
#3
Pobierz The avenger . Wypakuj => uruchom => zaznacz opcję Input script manually => kliknij w taką lupkę => w okienku, które się otworzy wklej:
=> Kliknij klawisz Done => teraz kliknij na zielone światełko => powinna pojawić się pewna informacja i kliknij OK (teraz restart).
Po resecie może pojawić się okienko na dosłownie kilka sekund oraz log w notatniku. Wejdź tam gdzie masz avangera i skasuj plik backup.zip czyli np. c:\avanger\backup.zip.
Wpis R3 nie usuwasz hijackiem tylko usuniesz Registrar Lite , opis masz TUTAJ .
Usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)
R3 - URLSearchHook: (no name) - {FEDF5E96-E52D-88BD-2C51-EE5B5529669B} - C:\WINDOWS\system32\qcs.dll O2 - BHO: (no name) - {FEDF5E96-E52D-88BD-2C51-EE5B5529669B} - C:\WINDOWS\system32\qcs.dll O4 - HKLM…\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvxuh.dll,startup O4 - HKCU…\Run: [Windows installer] C:\winstall.exe O4 - HKCU…\Run: [bsti] “C:\PROGRA~1\COMMON~1\STEM~1\rundll.exe” -vt yazb O4 - HKCU…\Run: [Htx] C:\Program Files\Common Files\F?nts?explore.exe O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) - O20 - Winlogon Notify: winwea32 - C:\WINDOWS\SYSTEM32\winwea32.dll O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll
Wpisy w hjt, a pliki i foldery ręcznie. Poczytaj o usuwaniu plików z pytajnikiem - Usuwanie PurityScan .
Użyj narzędzia SmitFraudFix z opcji numer 2 w trybie awaryjnym z wyłączonym przywracaniem systemu.
Po wykonaniu pokaż nowy log z hjt, SilentRunners oraz c:\rapport.txt
przemo04
(Przemo04)
15 Grudzień 2006 20:39
#4
To tak:
Gdy Używałem The avenger Wystąpiły jakieś errory a w folderze avanger nie pojawił się plik bądź folder backup.zip.
Ten link Registrar Lite zaprowadził mnie do strony, z której ściągałem Registrar Registry Manager
No i chyba nie mam czymkolwiek jest c:\rapport.txt
tu sa logi:
hijackthis Logfile of HijackThis v1.99.1 Scan saved at 21:35:09, on 2006-12-15 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavprot.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Prevsrv.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\PWN\Definicje\Bin\Starter.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE F:\Programy\Winamp\winampa.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe F:\Programy\q\iTunesHelper.exe C:\Program Files\AGEIA Technologies\TrayIcon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe F:\Programy\BitTorrent\bittorrent.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe F:\Programy\BitTorrent\bittorrent.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe F:\Programy\firefox\firefox.exe C:\Documents and Settings\TAIGER\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://206.165.1.6/signup R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL R3 - URLSearchHook: (no name) - {FEDF5E96-E52D-88BD-2C51-EE5B5529669B} - (no file) R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\Programy\BitComet\tools\BitCometBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [AceGain LiveUpdate] F:\GRY\BTV\LiveUpdate.exe O4 - HKLM…\Run: [DemonStarter] C:\Program Files\PWN\Definicje\Bin\Starter.exe O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [APVXDWIN] “C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE” /s O4 - HKLM…\Run: [WinampAgent] F:\Programy\Winamp\winampa.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [iTunesHelper] “F:\Programy\q\iTunesHelper.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU…\Run: [bitTorrent] “F:\Programy\BitTorrent\bittorrent.exe” --force_start_minimized O4 - HKCU…\Run: [steam] F:\hl2\Steam.exe -silent O4 - HKCU…\Run: [spybotSD TeaTimer] F:\Programy\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Download all links using BitComet - res://F:\Programy\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://F:\Programy\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://F:\Programy\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip…{28A631F2-AB8E-4ACC-BDB8-00B0DD81B689}: NameServer = 194.204.152.34 217.98.63.164 O18 - Protocol: bw+0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - AppInit_DLLs: PAVWAIT.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Panda PAVFNSVR (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe O23 - Service: Panda PAVPROT (PAVPROT) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavprot.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Prevsrv.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe SilentRunners “Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ “{00E58BA7-0000-1045-8-048080030}” = ““C:\Program Files\Common Files{00E58BA7-0000-1045-8-048080030}\Update.exe” mc-110-12-0000272” [file not found] HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] “LDM” = “C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe” [“Logitech”] “BitTorrent” = ““F:\Programy\BitTorrent\bittorrent.exe” --force_start_minimized” [null data] “Steam” = “F:\hl2\Steam.exe -silent” [file not found] “SpybotSD TeaTimer” = “F:\Programy\Spybot - Search & Destroy\TeaTimer.exe” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++} “ISHOST.EXE” = “ISHOST.EXE” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “ATIPTA” = “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [“ATI Technologies, Inc.”] “AceGain LiveUpdate” = “F:\GRY\BTV\LiveUpdate.exe” [file not found] “DemonStarter” = “C:\Program Files\PWN\Definicje\Bin\Starter.exe” [null data] “WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [empty string] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [“France Télécom R&D”] “APVXDWIN” = ““C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE” /s” [“Panda Software International”] “WinampAgent” = “F:\Programy\Winamp\winampa.exe” [null data] “SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [“Sun Microsystems, Inc.”] “iTunesHelper” = ““F:\Programy\q\iTunesHelper.exe”” [“Apple Computer, Inc.”] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “AGEIA PhysX SysTray” = “C:\Program Files\AGEIA Technologies\TrayIcon.exe” [null data] “TkBellExe” = ““C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [file not found] “QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}(Default) = “BitComet ClickCapture” -> {HKLM…CLSID} = “BitComet Helper” \InProcServer32(Default) = “F:\Programy\BitComet\tools\BitCometBHO.dll” [“BitComet”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”]
adam9870
(adam9870)
15 Grudzień 2006 20:50
#5
Otwórz notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG i uruchom go w trybie awaryjnym.
Usuń w hjt.
Wpis R3 nie usuwasz hijackiem tylko usuniesz Registrar Lite , opis masz TUTAJ .
Po wykonaniu nowe logi. Tylko tym razem proszę wkleić cały z Silenta bo teraz jest ucięty.
przemo04
(Przemo04)
15 Grudzień 2006 20:54
#6
to log po resecie kompa po zrobieniu (niby) punktu z The avenger:
////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Syntax error in line — does not appear to be a valid registry path. Line will be ignored. Error code: 5 Line: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" | "{00E58BA7-0000-1045-8-048080030} Error: could not create zip file. Error code: 5 ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\rilxafcr ******************* Script file located at: ??\C:\Documents and Settings\iawiixkx.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\qcs.dll not found! Deletion of file C:\WINDOWS\system32\qcs.dll failed! Could not process line: C:\WINDOWS\system32\qcs.dll Status: 0xc0000034 File C:\WINDOWS\system32\drvxuh.dll not found! Deletion of file C:\WINDOWS\system32\drvxuh.dll failed! Could not process line: C:\WINDOWS\system32\drvxuh.dll Status: 0xc0000034 File C:\winstall.exe not found! Deletion of file C:\winstall.exe failed! Could not process line: C:\winstall.exe Status: 0xc0000034 File C:\WINDOWS\System32\vbsys2.dll not found! Deletion of file C:\WINDOWS\System32\vbsys2.dll failed! Could not process line: C:\WINDOWS\System32\vbsys2.dll Status: 0xc0000034 File C:\WINDOWS\SYSTEM32\winwea32.dll not found! Deletion of file C:\WINDOWS\SYSTEM32\winwea32.dll failed! Could not process line: C:\WINDOWS\SYSTEM32\winwea32.dll Status: 0xc0000034 Folder C:\PROGRA~1\COMMON~1\STEM~1 not found! Deletion of folder C:\PROGRA~1\COMMON~1\STEM~1 failed! Could not process line: C:\PROGRA~1\COMMON~1\STEM~1 Status: 0xc0000034 Folder C:\Program Files\Common Files{00E58BA7-0000-1045-8-048080030} not found! Deletion of folder C:\Program Files\Common Files{00E58BA7-0000-1045-8-048080030} failed! Could not process line: C:\Program Files\Common Files{00E58BA7-0000-1045-8-048080030} Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate.
adam9870
(adam9870)
15 Grudzień 2006 21:00
#7
Dobrze.
Proszę zrobić to co napisałem w poprzednim poście i wkleić nowe logi.
przemo04
(Przemo04)
15 Grudzień 2006 21:16
#8
log hijackthis Logfile of HijackThis v1.99.1 Scan saved at 22:17:24, on 2006-12-15 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavprot.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Prevsrv.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\PWN\Definicje\Bin\Starter.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE F:\Programy\Winamp\winampa.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe F:\Programy\q\iTunesHelper.exe C:\Program Files\AGEIA Technologies\TrayIcon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe F:\Programy\firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\TAIGER\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://206.165.1.6/signup R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\Programy\BitComet\tools\BitCometBHO.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [AceGain LiveUpdate] F:\GRY\BTV\LiveUpdate.exe O4 - HKLM…\Run: [DemonStarter] C:\Program Files\PWN\Definicje\Bin\Starter.exe O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [APVXDWIN] “C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE” /s O4 - HKLM…\Run: [WinampAgent] F:\Programy\Winamp\winampa.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [iTunesHelper] “F:\Programy\q\iTunesHelper.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU…\Run: [steam] F:\hl2\Steam.exe -silent O4 - HKCU…\Run: [spybotSD TeaTimer] F:\Programy\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Download all links using BitComet - res://F:\Programy\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://F:\Programy\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://F:\Programy\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip…{28A631F2-AB8E-4ACC-BDB8-00B0DD81B689}: NameServer = 194.204.152.34 217.98.63.164 O18 - Protocol: bw+0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {23921862-3CE9-47E2-A906-6FAE2A7F20D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - AppInit_DLLs: PAVWAIT.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Panda PAVFNSVR (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe O23 - Service: Panda PAVPROT (PAVPROT) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavprot.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Prevsrv.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe a tu log SilentRunners “Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] “LDM” = “C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe” [“Logitech”] “Steam” = “F:\hl2\Steam.exe -silent” [file not found] “SpybotSD TeaTimer” = “F:\Programy\Spybot - Search & Destroy\TeaTimer.exe” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “ATIPTA” = “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [“ATI Technologies, Inc.”] “AceGain LiveUpdate” = “F:\GRY\BTV\LiveUpdate.exe” [file not found] “DemonStarter” = “C:\Program Files\PWN\Definicje\Bin\Starter.exe” [null data] “WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [empty string] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [“France Télécom R&D”] “APVXDWIN” = ““C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE” /s” [“Panda Software International”] “WinampAgent” = “F:\Programy\Winamp\winampa.exe” [null data] “SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [“Sun Microsystems, Inc.”] “iTunesHelper” = ““F:\Programy\q\iTunesHelper.exe”” [“Apple Computer, Inc.”] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “AGEIA PhysX SysTray” = “C:\Program Files\AGEIA Technologies\TrayIcon.exe” [null data] “TkBellExe” = ““C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [file not found] “QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}(Default) = “BitComet ClickCapture” -> {HKLM…CLSID} = “BitComet Helper” \InProcServer32(Default) = “F:\Programy\BitComet\tools\BitCometBHO.dll” [“BitComet”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] jest cały
Złączono Posta : 15.12.2006 (Pią) 22:18
sorry to jest caly log SilentRunners
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] “LDM” = “C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe” [“Logitech”] “Steam” = “F:\hl2\Steam.exe -silent” [file not found] “SpybotSD TeaTimer” = “F:\Programy\Spybot - Search & Destroy\TeaTimer.exe” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “ATIPTA” = “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [“ATI Technologies, Inc.”] “AceGain LiveUpdate” = “F:\GRY\BTV\LiveUpdate.exe” [file not found] “DemonStarter” = “C:\Program Files\PWN\Definicje\Bin\Starter.exe” [null data] “WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [empty string] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [“France Télécom R&D”] “APVXDWIN” = ““C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE” /s” [“Panda Software International”] “WinampAgent” = “F:\Programy\Winamp\winampa.exe” [null data] “SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [“Sun Microsystems, Inc.”] “iTunesHelper” = ““F:\Programy\q\iTunesHelper.exe”” [“Apple Computer, Inc.”] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “AGEIA PhysX SysTray” = “C:\Program Files\AGEIA Technologies\TrayIcon.exe” [null data] “TkBellExe” = ““C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [file not found] “QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}(Default) = “BitComet ClickCapture” -> {HKLM…CLSID} = “BitComet Helper” \InProcServer32(Default) = “F:\Programy\BitComet\tools\BitCometBHO.dll” [“BitComet”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\Audiodev.dll” [MS] “{65756541-C65C-11CD-0000-4B656E696100}” = “Panda Antivirus” -> {HKLM…CLSID} = “Panda Antivirus” \InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\ShellTit.DLL” [“Panda Software International”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS] “{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}” = “iTunes” -> {HKLM…CLSID} = “iTunes” \InProcServer32(Default) = “F:\Programy\q\iTunesMiniPlayer.dll” [“Apple Computer, Inc.”] “{CCA60260-A2C9-11D2-BA62-0020188191B2}” = “Registrar Registry Manager SHell Extension” -> {HKLM…CLSID} = “Registrar Registry Manager SHell Extension” \InProcServer32(Default) = “rrShellX.dll” [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <> “AppInit_DLLs” = “PAVWAIT.DLL” [“Panda Software”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Panda Antivirus(Default) = “{65756541-C65C-11CD-0000-4B656E696100}” -> {HKLM…CLSID} = “Panda Antivirus” \InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\ShellTit.DLL” [“Panda Software International”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Panda Antivirus(Default) = “{65756541-C65C-11CD-0000-4B656E696100}” -> {HKLM…CLSID} = “Panda Antivirus” \InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\ShellTit.DLL” [“Panda Software International”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “%APPDATA%\Microsoft\Internet Explorer\Tapeta programu Internet Explorer.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\TAIGER\Dane aplikacji\Microsoft\Internet Explorer\Tapeta programu Internet Explorer.bmp” Startup items in “TAIGER” & “All Users” startup folders: -------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W” [empty string] “Logitech Desktop Messenger” -> shortcut to: “C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start” [“Logitech”] “Logitech SetPoint” -> shortcut to: “C:\Program Files\Logitech\SetPoint\KEM.exe” [“Logitech Inc.”] “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l” [MS] Enabled Scheduled Tasks: ------------------------ “AppleSoftwareUpdate” -> launches: “C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task” [“Apple Computer, Inc.”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavlsp.dll ["Panda Software "], 01 - 03, 09 %SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 10 - 23 %SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{EF99BD32-C1FB-11D2-892F-0090271D4F88}” -> {HKLM…CLSID} = “Yahoo! Toolbar” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [file not found] “{C1B4DEC2-2623-438E-9CA2-C9043AB28508}” -> {HKLM…CLSID} = “Bar888” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1{30E58~1\Bar888.dll” [file not found] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = “ToolBand Class” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <> “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided) -> {HKLM…CLSID} = “Search Class” \InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\system32\Ati2evxx.exe” [“ATI Technologies Inc.”] iPod Service, iPod Service, ““C:\Program Files\iPod\bin\iPodService.exe”” [“Apple Computer, Inc.”] Panda anti-virus service, PAVSRV, “C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe” [“Panda Software”] Panda IManager Service, PSIMSVC, ““C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe”” [“Panda Software Internacional”] Panda PAVFNSVR, PAVFNSVR, ““C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe”” [“Panda Software”] Panda PAVPROT, PAVPROT, ““C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavprot.exe”” [“Panda Software”] Panda Preventium+ Service, PREVSRV, ““C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Prevsrv.exe”” [“Panda Software”] Panda Process Protection Service, PavPrSrv, “C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe” [“Panda Software”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\System32\wdfmgr.exe” [MS] ---------- <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 65 seconds. ---------- (total run time: 115 seconds)
adam9870
(adam9870)
15 Grudzień 2006 21:24
#9
Proszę otworzyć Notatnik i wkleić w nim to:
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG i uruchom go w trybie awaryjnym.
Po wykonaniu możesz wkleić nowy log z Silenta.
adam9870
(adam9870)
15 Grudzień 2006 21:54
#11
przemo04
(Przemo04)
15 Grudzień 2006 22:44
#12
THX wielkie za pomoc Adamie
Bieniol
(Bbieniol)
15 Grudzień 2006 22:46
#13
Otwórz notatnik i wklej w nim to:
Plik -> zapisz jako -> zmień rozszerzenie na wszystkie pliki -> zapisz pod nazwą FIX.REG
Odpal plik FIX.REG i potwierdź dodanie do rejestru i reset kompa