Proszę o pomoc - C:\WINDOWS\scvhost.exe

adlerxx · 8 Marzec 2007 00:43

Podczas startu systemu wyświetla mi się komunikat: system windows nie może odnaleźć pliku "C:\WINDOWS\scvhost.exe. Podczas skanu systemu program Kaspersky AV wykrył i usunął : Koń trojański Backdoor.Win32.VB.ayh Plik: C:\WINDOWS\scvhost.exe. Za pomocą HIjackThis uzyskałem taki logfile:

Logfile of HijackThis v1.99.1 Scan saved at 01:19:06, on 2007-03-08 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Neostrada TP\taskbaricon.exe C:\Program Files\AGEIA Technologies\TrayIcon.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE F:\program files\powerstrip\pstrip.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL F2 - REG:system.ini: Shell=Explorer.exe scvhost.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\Program Files\Neostrada TP\taskbaricon.exe O4 - HKLM…\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe O4 - HKLM…\Run: [kav] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM…\Run: [instantAccess] c:\program files\TBRIDGE\BIN\InstantAccess.exe /h O4 - HKLM…\Run: [RegisterDropHandler] c:\program files\TBRIDGE\BIN\RegisterDropHandler.exe O4 - HKLM…\Run: [shellapi32] svcnet.exe O4 - HKLM…\Run: [i/O Controllers] svcnet.exe O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [PowerStrip] f:\program files\powerstrip\pstrip.exe O4 - HKLM…\Run: [system Restore] svcnet.exe O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [Windows Update] C:\WINDOWS\scvhost.exe O4 - HKLM…\Run: [msconfig] C:\WINDOWS\scvhost.exe O4 - HKLM…\Run: [icq lite] C:\WINDOWS\scvhost.exe O4 - HKLM…\Run: [update Checker] C:\WINDOWS\scvhost.exe O4 - HKLM…\Run: [AntiVir] C:\WINDOWS\scvhost.exe O4 - HKLM…\Run: [] C:\WINDOWS\scvhost.exe O4 - HKLM…\RunServices: [RegisterDropHandler] c:\program files\TBRIDGE\BIN\RegisterDropHandler.exe O4 - HKLM…\RunServices: [Windows Update] C:\WINDOWS\scvhost.exe O4 - HKLM…\RunServices: [msconfig] C:\WINDOWS\scvhost.exe O4 - HKLM…\RunServices: [icq lite] C:\WINDOWS\scvhost.exe O4 - HKLM…\RunServices: [update Checker] C:\WINDOWS\scvhost.exe O4 - HKLM…\RunServices: [AntiVir] C:\WINDOWS\scvhost.exe O4 - HKLM…\RunServices: [] C:\WINDOWS\scvhost.exe O4 - HKCU…\Run: [systweak Memory Optimizer] c:\program files\advanced system optimizer\memtuneup.exe O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [shellapi32] svcnet.exe O4 - HKCU…\Run: [i/O Controllers] svcnet.exe O4 - HKCU…\Run: [system Restore] svcnet.exe O4 - HKCU…\Run: [updateMgr] “C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_8 -reboot 1 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: START_PAGE_URL=about:blank O17 - HKLM\System\CCS\Services\Tcpip…{3B60FBB9-CC25-4974-AE6E-E9A22B6AC64D}: NameServer = 85.255.116.69,85.255.112.91 O17 - HKLM\System\CCS\Services\Tcpip…{7DF355CB-0A12-443D-B09E-6906E13C2C01}: NameServer = 85.255.116.69,85.255.112.91 O17 - HKLM\System\CCS\Services\Tcpip…{C0958865-FBF1-4D64-A379-46AE8E74F458}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.69 85.255.112.91 O17 - HKLM\System\CS1\Services\Tcpip…{3B60FBB9-CC25-4974-AE6E-E9A22B6AC64D}: NameServer = 85.255.116.69,85.255.112.91 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.69 85.255.112.91 O17 - HKLM\System\CS2\Services\Tcpip…{3B60FBB9-CC25-4974-AE6E-E9A22B6AC64D}: NameServer = 85.255.116.69,85.255.112.91 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.69 85.255.112.91 O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: AVP - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Proszę pomóżcie, bo sam jestem nie za bardzo kumaty w tych sprawach.

kuz5 · 8 Marzec 2007 01:33

Na początek przeleć system programami:

PestPatrol

Spybot Search & Destroy 1.4

SmitFraudFix

Ponieważ jest bardzo dużo syfu

I dopiero wklej loga

adlerxx · 8 Marzec 2007 10:16

Chyba pomogło - komunikat już się nie wywala (po skanie Spybotem), Pest Patrol też wykrył chyba 7 różnych wirusów. Oto log po zastosowaniu Hijacka

Logfile of HijackThis v1.99.1 Scan saved at 11:09:05, on 2007-03-08 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Neostrada TP\taskbaricon.exe C:\Program Files\AGEIA Technologies\TrayIcon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE F:\program files\powerstrip\pstrip.exe C:\Program Files\DAEMON Tools\daemon.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL F2 - REG:system.ini: Shell=Explorer.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\Program Files\Neostrada TP\taskbaricon.exe O4 - HKLM…\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM…\Run: [instantAccess] c:\program files\TBRIDGE\BIN\InstantAccess.exe /h O4 - HKLM…\Run: [RegisterDropHandler] c:\program files\TBRIDGE\BIN\RegisterDropHandler.exe O4 - HKLM…\Run: [shellapi32] svcnet.exe O4 - HKLM…\Run: [i/O Controllers] svcnet.exe O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [PowerStrip] f:\program files\powerstrip\pstrip.exe O4 - HKLM…\Run: [system Restore] svcnet.exe O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [Windows Update] C:\WINDOWS\scvhost.exe O4 - HKLM…\Run: [msconfig] C:\WINDOWS\scvhost.exe O4 - HKLM…\Run: [icq lite] C:\WINDOWS\scvhost.exe O4 - HKLM…\Run: [update Checker] C:\WINDOWS\scvhost.exe O4 - HKLM…\Run: [AntiVir] C:\WINDOWS\scvhost.exe O4 - HKLM…\Run: [] C:\WINDOWS\scvhost.exe O4 - HKLM…\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM…\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM…\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM…\Run: [kav] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” O4 - HKLM…\RunServices: [RegisterDropHandler] c:\program files\TBRIDGE\BIN\RegisterDropHandler.exe O4 - HKCU…\Run: [systweak Memory Optimizer] c:\program files\advanced system optimizer\memtuneup.exe O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [shellapi32] svcnet.exe O4 - HKCU…\Run: [i/O Controllers] svcnet.exe O4 - HKCU…\Run: [system Restore] svcnet.exe O4 - HKCU…\Run: [updateMgr] “C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_8 -reboot 1 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: START_PAGE_URL=about:blank O17 - HKLM\System\CCS\Services\Tcpip…{3B60FBB9-CC25-4974-AE6E-E9A22B6AC64D}: NameServer = 85.255.116.69,85.255.112.91 O17 - HKLM\System\CCS\Services\Tcpip…{7DF355CB-0A12-443D-B09E-6906E13C2C01}: NameServer = 85.255.116.69,85.255.112.91 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.69 85.255.112.91 O17 - HKLM\System\CS1\Services\Tcpip…{3B60FBB9-CC25-4974-AE6E-E9A22B6AC64D}: NameServer = 85.255.116.69,85.255.112.91 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.69 85.255.112.91 O17 - HKLM\System\CS2\Services\Tcpip…{3B60FBB9-CC25-4974-AE6E-E9A22B6AC64D}: NameServer = 85.255.116.69,85.255.112.91 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.69 85.255.112.91 O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: AVP - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Nie wiem, czy jest jeszcze jakieś badziewie, ale system śmiga aż miło. Jeżeli są jeszcze jakieś problemy, to proszę o info. W każdy razie wielkie dzięki kuz5

Złączono Posta : 08.03.2007 (Czw) 11:55

I jeszcze dodam raport ze skanu Smitfraudfixem (zrobionego na końcu, po wyczyszczeniu rejestru i usunięciu strefy zaufania, a także po użyciu Pestpatrola i Spybota). Pest patrol wykrył i usunąl 11 niebezp. plików, a Spybot 7.

SmitFraudFix v2.148 Scan done at 11:50:41,75, 2007-03-08 Run from C:\Documents and Settings\user\Pulpit\pliki pobierane\SmitfraudFix OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\user\Ulubione »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] “AppInit_DLLs”="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “System”="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End

Aqui · 8 Marzec 2007 11:48

Na poczatek uzyj Windows Worms Doors Cleanera zmien wszystkie znaczki z Disable na Enable ,wszystkie znaczki maja byc na zielono.

Nastepnie

Sciagnij Killbox

zaznacz opcje delete on reboot i w polu full patch of file to delete wklej

C:\WINDOWS\scvhost.exe

Klikasz X reset kompa.

Wyłacz przywracanie systemu,i wejdz w tryb awaryjny.

Wpisy zaznaczasz w Hijackthis i klikasz Fix Checked , pogrubiony plik usuwasz recznie z dysku.

Dodatkowo

To sa ukrainskie DNS-y,ktore sa efektem dzialania Rootkita Windows Security Center ,dlatego tez uzyj Fixwareout.exe

Wracasz z logami z Hijackthis, Silentrunners oraz Comboscan

kuz5 · 8 Marzec 2007 12:31

Jeszcze to

Możesz ciachnąć w HijackThis, ale nie musisz, to szit realteka

Wystarczy zwykły fix

Aqui · 8 Marzec 2007 12:56

Ile głow tyle zdan,zdarzyl mi sie 1 przypadek ze byla utrata dzwieku po usunieciu tego.

Uzycie Fixwareout napewno nie zaszkodzi,jesli zostana wpisy,to wtedy usuniemy w Hijackthis.

kuz5 · 8 Marzec 2007 13:53

Dokładnie jak mówisz, dlatego też zawsze piszę iż wybór należy do usera

W tym przypadku okroiłem to pisząc:

adlerxx · 8 Marzec 2007 16:56

Te wszystkie wpisy mam zaznaczyć w HiJackThis i kliknąć FIX Checked? A te 2 pliki pogrubione svcnet.exe to w jaki sposób ręcznie usunąć? Prosze o wyrozumiałośc.

Aqui · 8 Marzec 2007 17:00

Uruchamiasz Hijackthis>>Wybierasz opcje Do a system scan>>Zaznaczasz dany wpis i wciskasz Fix checked,potwierdzasz usuniecie.

Start>>wyszukaj>>pliki i foldery>>zaznacz zeby wyszukiwal ukryte pliki i foldery>>po kolei wpisujessz nazwy plikow ktore podalem i usuwasz.

adlerxx · 9 Marzec 2007 15:21

Oto log z HijackThis:

Logfile of HijackThis v1.99.1 Scan saved at 16:14:56, on 2007-03-09 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Neostrada TP\taskbaricon.exe C:\Program Files\AGEIA Technologies\TrayIcon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE F:\program files\powerstrip\pstrip.exe C:\Program Files\DAEMON Tools\daemon.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\NOTEPAD.EXE C:\WINDOWS\NOTEPAD.EXE C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\Program Files\Neostrada TP\taskbaricon.exe O4 - HKLM…\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM…\Run: [instantAccess] c:\program files\TBRIDGE\BIN\InstantAccess.exe /h O4 - HKLM…\Run: [RegisterDropHandler] c:\program files\TBRIDGE\BIN\RegisterDropHandler.exe O4 - HKLM…\Run: [shellapi32] svcnet.exe O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [PowerStrip] f:\program files\powerstrip\pstrip.exe O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM…\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM…\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM…\Run: [kav] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” O4 - HKLM…\RunServices: [RegisterDropHandler] c:\program files\TBRIDGE\BIN\RegisterDropHandler.exe O4 - HKCU…\Run: [systweak Memory Optimizer] c:\program files\advanced system optimizer\memtuneup.exe O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [updateMgr] “C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_8 -reboot 1 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: START_PAGE_URL=about:blank O17 - HKLM\System\CCS\Services\Tcpip…{C0958865-FBF1-4D64-A379-46AE8E74F458}: NameServer = 194.204.159.1 217.98.63.164 O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: AVP - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Log Silentrunners:

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Systweak Memory Optimizer” = “c:\program files\advanced system optimizer\memtuneup.exe” [file not found] “Steam” = “(empty string)” [file not found] “swg” = “C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [“Google Inc.”] “updateMgr” = ““C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_8 -reboot 1” [“Adobe Systems Incorporated”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe”” [“Sun Microsystems, Inc.”] “SpeedTouch USB Diagnostics” = ““C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”] “WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [empty string] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\Program Files\Neostrada TP\taskbaricon.exe” [“France Télécom R&D”] “AGEIA PhysX SysTray” = “C:\Program Files\AGEIA Technologies\TrayIcon.exe” [null data] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS] “PrinTray” = “C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe” [“Lexmark”] “InstantAccess” = “c:\program files\TBRIDGE\BIN\InstantAccess.exe /h” [null data] “RegisterDropHandler” = “c:\program files\TBRIDGE\BIN\RegisterDropHandler.exe” [empty string] “Shellapi32” = “svcnet.exe” [file not found] “RTHDCPL” = “RTHDCPL.EXE” [“Realtek Semiconductor Corp.”] “SkyTel” = “SkyTel.EXE” [“Realtek Semiconductor Corp.”] “Alcmtr” = “ALCMTR.EXE” [“Realtek Semiconductor Corp.”] “PowerStrip” = “f:\program files\powerstrip\pstrip.exe” [“EnTech Taiwan”] “DAEMON Tools” = ““C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”] “PestPatrol Control Center” = “c:\PROGRA~1\PESTPA~1\PPControl.exe” [“Computer Associates International”] “PPMemCheck” = “c:\PROGRA~1\PESTPA~1\PPMemCheck.exe” [null data] “CookiePatrol” = “c:\PROGRA~1\PESTPA~1\CookiePatrol.exe” [“Computer Associates International”] “kav” = ““C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe”” [“Kaspersky Lab”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll” [“Sun Microsystems, Inc.”] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided) -> {HKLM…CLSID} = “Google Toolbar Helper” \InProcServer32(Default) = “c:\program files\google\googletoolbar3.dll” [“Google Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}” = “OpenOffice.org Column Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{087B3AE3-E237-4467-B8DB-5A38AB959AC9}” = “OpenOffice.org Infotip Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{63542C48-9552-494A-84F7-73AA6A7C99C1}” = “OpenOffice.org Property Sheet Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{3B092F0C-7696-40E3-A80F-68D74DA84210}” = “OpenOffice.org Thumbnail Viewer” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{D0FAC080-AE1A-11ce-8016-CE90976DC901}” = “Picture Publisher File Viewer” -> {HKLM…CLSID} = “Picture Publisher File Viewer” \InProcServer32(Default) = “ppiv30.dll” [null data] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] HKLM\System\CurrentControlSet\Control\Session Manager\ <> “BootExecute” = “autocheck autochk *”|“pgdfgsvc C 1” [“Sysinternals - http://www.sysinternals.com”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> klogon\DLLName = “C:\WINDOWS\system32\klogon.dll” [“Kaspersky Lab”] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}(Default) = “OpenOffice.org Column Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\system32\OBJECT~1.SCR” (Object Browser For Trainz ScreenSaver.scr) [“Axialis Software”] Startup items in “user” & “All Users” startup folders: ------------------------------------------------------ C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] Enabled Scheduled Tasks: ------------------------ “AppleSoftwareUpdate” -> launches: “C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task” [“Apple Computer, Inc.”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar3.dll” [“Google Inc.”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided) -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar3.dll” [“Google Inc.”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = “ToolBand Class” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.5.0_11” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_11” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll” [“Sun Microsystems, Inc.”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to “Reset Web Settings”) Added lines (compared with English-language version): [strings]: START_PAGE_URL=about:blank Missing lines (compared with English-language version): [strings]: 1 line HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <> “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided) -> {HKLM…CLSID} = “Search Class” \InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ LexBce Server, LexBceS, “C:\WINDOWS\system32\LEXBCES.EXE” [“Lexmark International, Inc.”] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Lexmark Network Port\Driver = “LEXLMPM.DLL” [“Lexmark International, Inc.”] Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] ---------- <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 83 seconds. ---------- (total run time: 117 seconds)

Log Comboscan:

ComboScan v20070306.20 run by user on 2007-03-09 at 16:11:32 Computer is in Normal Mode. -------------------------------------------------------------------------------- – System Restore -------------------------------------------------------------- System Restore is disabled; attempting to re-enable…success. – Last 1 Restore Point(s) – 1: 2007-03-09 15:11:36 UTC - RP1 - Punkt kontrolny systemu Performed disk cleanup. – HijackThis (run as user.exe) ------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 16:11:48, on 2007-03-09 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Neostrada TP\taskbaricon.exe C:\Program Files\AGEIA Technologies\TrayIcon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE F:\program files\powerstrip\pstrip.exe C:\Program Files\DAEMON Tools\daemon.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\WINDOWS\system32\cidaemon.exe C:\Documents and Settings\user\Pulpit\pliki pobierane\comboscan.exe C:\PROGRA~1\HIJACK~1\user.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\Program Files\Neostrada TP\taskbaricon.exe O4 - HKLM…\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM…\Run: [instantAccess] c:\program files\TBRIDGE\BIN\InstantAccess.exe /h O4 - HKLM…\Run: [RegisterDropHandler] c:\program files\TBRIDGE\BIN\RegisterDropHandler.exe O4 - HKLM…\Run: [shellapi32] svcnet.exe O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [PowerStrip] f:\program files\powerstrip\pstrip.exe O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM…\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM…\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM…\Run: [kav] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” O4 - HKLM…\RunServices: [RegisterDropHandler] c:\program files\TBRIDGE\BIN\RegisterDropHandler.exe O4 - HKCU…\Run: [systweak Memory Optimizer] c:\program files\advanced system optimizer\memtuneup.exe O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [updateMgr] “C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_8 -reboot 1 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: START_PAGE_URL=about:blank O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: AVP - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe – HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups) -------------------- backup-20070309-152958-329 F2 - REG:system.ini: Shell=Explorer.exe backup-20070309-153259-260 O4 - HKCU…\Run: [system Restore] svcnet.exe backup-20070309-153259-328 O4 - HKCU…\Run: [shellapi32] svcnet.exe backup-20070309-153259-446 O4 - HKLM…\Run: [msconfig] C:\WINDOWS\scvhost.exe backup-20070309-153259-574 O4 - HKLM…\Run: [] C:\WINDOWS\scvhost.exe backup-20070309-153259-580 O4 - HKLM…\Run: [AntiVir] C:\WINDOWS\scvhost.exe backup-20070309-153259-588 O4 - HKCU…\Run: [i/O Controllers] svcnet.exe backup-20070309-153259-623 O4 - HKLM…\Run: [Windows Update] C:\WINDOWS\scvhost.exe backup-20070309-153259-713 O4 - HKLM…\Run: [icq lite] C:\WINDOWS\scvhost.exe backup-20070309-153259-809 O4 - HKLM…\Run: [system Restore] svcnet.exe backup-20070309-153259-847 O4 - HKLM…\Run: [i/O Controllers] svcnet.exe backup-20070309-153259-911 O4 - HKLM…\Run: [update Checker] C:\WINDOWS\scvhost.exe backup-20070309-155745-289 O17 - HKLM\System\CS1\Services\Tcpip…{3B60FBB9-CC25-4974-AE6E-E9A22B6AC64D}: NameServer = 85.255.116.69,85.255.112.91 backup-20070309-155745-510 O17 - HKLM\System\CCS\Services\Tcpip…{7DF355CB-0A12-443D-B09E-6906E13C2C01}: NameServer = 85.255.116.69,85.255.112.91 backup-20070309-155745-530 O17 - HKLM\System\CCS\Services\Tcpip…{3B60FBB9-CC25-4974-AE6E-E9A22B6AC64D}: NameServer = 85.255.116.69,85.255.112.91 backup-20070309-155745-561 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.69 85.255.112.91 backup-20070309-155745-747 O17 - HKLM\System\CS2\Services\Tcpip…{3B60FBB9-CC25-4974-AE6E-E9A22B6AC64D}: NameServer = 85.255.116.69,85.255.112.91 – File Associations ----------------------------------------------------------- .bat - batfile - “%1” %* .chm - chm.file - “C:\WINDOWS\hh.exe” %1 .cmd - cmdfile - “%1” %* .com - comfile - “%1” %* .exe - exefile - “%1” %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe “%1” %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - “%1” %* .reg - regfile - regedit.exe “%1” .scr - scrfile - “%1” /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe “%1” %* – Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 3R alcan5wn (SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - C:\WINDOWS\system32\drivers\alcan5wn.sys 3R alcaudsl (SpeedTouch ADSL Modem ATM Transport) - C:\WINDOWS\system32\drivers\alcaudsl.sys 1R AmdK8 (Sterownik procesora AMD) - C:\WINDOWS\system32\drivers\AmdK8.sys 3S AtcL001 (NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter) - C:\WINDOWS\system32\drivers\atl01_xp.sys 2R atksgt - C:\WINDOWS\system32\drivers\atksgt.sys 3S cpuz - D:\Nowy folder\cpuz.sys (not found) 0S d347bus - C:\WINDOWS\system32\drivers\d347bus.sys 0S d347prt - C:\WINDOWS\system32\drivers\d347prt.sys 3S dtscsi - C:\WINDOWS\system32\Drivers\dtscsi.sys (not found) 3S dump_wmimmc - C:\WINDOWS\system32\drivers\dump_wmimmc.sys (not found) 3S ENTECH - C:\WINDOWS\system32\drivers\Entech.sys 3R HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudbus.sys 3S HidUsb (Sterownik Microsoft klasy HID) - C:\WINDOWS\system32\drivers\hidusb.sys 3R IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - C:\WINDOWS\system32\drivers\RtkHDAud.Sys 2R ithsgt - C:\WINDOWS\system32\drivers\ithsgt.sys 1S kbdhid (Sterownik klawiatury HID) - C:\WINDOWS\system32\drivers\kbdhid.sys 0R kl1 - C:\WINDOWS\system32\drivers\kl1.sys 1R klif - C:\WINDOWS\system32\drivers\klif.sys 2R lilsgt - C:\WINDOWS\system32\drivers\lilsgt.sys 2R lirsgt - C:\WINDOWS\system32\drivers\lirsgt.sys 3S mouhid (Sterownik myszy HID) - C:\WINDOWS\system32\drivers\mouhid.sys 3R MTsensor (ATK0110 ACPI UTILITY) - C:\WINDOWS\system32\drivers\ASACPI.sys 0R mv614x - C:\WINDOWS\system32\drivers\mv614x.sys 1R NPPTNT2 - C:\WINDOWS\system32\npptNT2.sys 2R NTIOWP - C:\WINDOWS\system32\drivers\NTIOWP.SYS 3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys 2R PStrip - C:\WINDOWS\system32\drivers\pstrip.sys 0R PxHelp20 - C:\WINDOWS\system32\drivers\PxHelp20.sys 3S RTCore - D:\Nowy folder\rmclock\RTCore.sys (not found) 3S rtl8139 (Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet) - C:\WINDOWS\system32\drivers\RTL8139.sys 0R sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - C:\WINDOWS\system32\drivers\sfdrv01.sys 0R sfdrv01a (StarForce Protection Environment Driver (version 1.x.a)) - C:\WINDOWS\system32\drivers\sfdrv01a.sys 0R sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - C:\WINDOWS\system32\drivers\sfhlp02.sys 0R sfsync03 (StarForce Protection Synchronization Driver (version 3.x)) - C:\WINDOWS\system32\drivers\sfsync03.sys 0R sfsync04 (StarForce Protection Synchronization Driver (version 4.x)) - C:\WINDOWS\system32\drivers\sfsync04.sys 0R sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - C:\WINDOWS\system32\drivers\sfvfs02.sys 0R sptd - C:\WINDOWS\system32\drivers\sptd.sys 1R SSHDRV65 - C:\WINDOWS\system32\drivers\SSHDRV65.sys 1R SSHDRV85 - C:\WINDOWS\system32\drivers\SSHDRV85.sys 3R Tetris (Tetris driver) - C:\WINDOWS\system32\drivers\Tetris.sys 2S USB680x (Plustek USB Scanner) - C:\WINDOWS\system32\drivers\UScanner.SYS 3R usbehci (Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft) - C:\WINDOWS\system32\drivers\usbehci.sys 3R usbprint (Klasa PRINTER USB Microsoft) - C:\WINDOWS\system32\drivers\usbprint.sys 3S USBSTOR (Sterownik magazynu masowego USB) - C:\WINDOWS\system32\drivers\USBSTOR.SYS 3S vaxscsi - C:\WINDOWS\system32\Drivers\vaxscsi.sys (not found) 3R WmBEnum (Logitech Virtual Bus Enumerator Driver) - C:\WINDOWS\system32\drivers\WmBEnum.sys 3S WmFilter (Logitech WingMan HID Filter Driver) - C:\WINDOWS\system32\drivers\WmFilter.sys 3S WmVirHid (Logitech Virtual Hid Device Driver) - C:\WINDOWS\system32\drivers\WmVirHid.sys 3R WmXlCore (Logitech WingMan Translation Layer Driver) - C:\WINDOWS\system32\drivers\WmXlCore.sys – Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- 3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 2S AVP - “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -r” 3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 3S gusvc (Google Updater Service) - “C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe” 3S IDriverT (InstallDriver Table Manager) - “C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe” 2R LexBceS (LexBce Server) - C:\WINDOWS\system32\LEXBCES.EXE 2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\system32\nvsvc32.exe 3S ose (Office Source Engine) - “C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE” 3S usprserv (User Privilege Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs – Scheduled Tasks ------------------------------------------------------------- 2007-03-09 15:02:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job – Files created between 2007-02-09 and 2007-03-09 ----------------------------- 2007-03-09 15:51:05 0 d-------- C:\fixwareout 2007-03-08 17:30:37 0 d-------- C:\WINDOWS\CSC 2007-03-08 17:21:13 0 d-------- C:!KillBox 2007-03-08 10:08:26 0 d-------- C:\Program Files\PestPatrol 2007-03-08 00:54:26 4482 --a------ C:\WINDOWS\system32\tmp.reg 2007-03-08 00:53:53 79360 --a------ C:\WINDOWS\system32\swxcacls.exe 2007-03-08 00:53:53 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-03-06 10:28:25 0 d-------- C:\Program Files\Elfin 2007-02-28 23:26:25 48928 --a------ C:\WINDOWS\system32\drivers\Tetris.sys 2007-02-28 22:56:11 0 d-------- C:\Program Files\cFosSpeed 2007-02-25 21:52:23 0 d-------- C:\Program Files\DAEMON Tools 2007-02-23 22:36:41 68888 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-02-23 22:36:41 237848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2007-02-23 22:36:41 15128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2007-02-23 22:36:41 2414360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-02-23 22:36:40 62744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2007-02-23 22:36:40 236824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2007-02-22 23:16:01 5248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys 2007-02-22 23:16:01 155136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys 2007-02-22 18:21:18 0 d–h----- C:\WINDOWS\PIF 2007-02-21 18:18:55 18048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys 2007-02-21 18:18:55 271360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys 2007-02-20 08:38:10 0 d-------- C:\Program Files\Azureus 2007-02-18 22:04:28 0 d-------- C:\VideoConverterOutput 2007-02-18 22:04:13 0 d-------- C:\Program Files\Ultra Video Converter 2007-02-18 17:03:25 0 d-------- C:\Program Files\Real Alternative 2007-02-18 17:03:25 0 d-------- C:\Program Files\Media Player Classic 2007-02-17 02:09:04 0 d-------- C:\Program Files\Apple Software Update 2007-02-11 19:52:28 0 d-------- C:\Program Files\VUPlayer 2007-02-10 19:52:02 1198557 --a------ C:\WINDOWS\system32\Object Browser For Trainz ScreenSaver.scr 2007-02-10 17:27:34 0 d-------- C:\WINDOWS\msview – Find3M Report --------------------------------------------------------------- 2007-03-09 16:11:32 0 d-------- C:\Program Files\Neostrada TP 2007-03-09 16:07:51 0 d-------- C:\Program Files\Mozilla Firefox 2007-03-09 16:04:00 459378 --a------ C:\WINDOWS\system32\perfh015.dat 2007-03-09 16:04:00 80080 --a------ C:\WINDOWS\system32\perfc015.dat 2007-03-08 18:14:08 0 d-------- C:\Program Files\Kaspersky Lab 2007-03-08 18:12:24 0 d–h----- C:\Program Files\InstallShield Installation Information 2007-03-08 00:13:51 0 d-------- C:\Documents and Settings\user\Dane aplikacji\Azureus 2007-02-28 22:48:56 1662 --a------ C:\WINDOWS\unins000.dat 2007-02-27 17:01:34 0 d-------- C:\Program Files\Java 2007-02-18 17:04:35 0 d-------- C:\Documents and Settings\user\Dane aplikacji\Media Player Classic 2007-02-18 13:18:35 0 d-------- C:\Program Files\ABBYY FineReader 6.0 2007-02-17 02:10:15 0 d-------- C:\Documents and Settings\user\Dane aplikacji\Apple Computer 2007-02-16 13:47:29 0 d-------- C:\Documents and Settings\user\Dane aplikacji\THQ 2007-02-15 23:17:59 0 d-------- C:\Documents and Settings\user\Dane aplikacji\BitTorrent 2007-02-13 08:09:52 0 d-------- C:\Documents and Settings\user\Dane aplikacji\AdobeUM 2007-02-11 21:42:28 0 d-------- C:\Program Files\Tlen.pl 2007-02-11 19:55:48 0 d-------- C:\Documents and Settings\user\Dane aplikacji\VUPlayer 2007-02-10 12:01:24 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll 2007-02-09 17:41:30 0 d-------- C:\Documents and Settings\user\Dane aplikacji\Moje pliki zapisu Bitwy o Śródziemie 2007-02-08 22:14:42 0 d-------- C:\Documents and Settings\user\Dane aplikacji\Adobe 2007-02-07 20:27:07 0 d-------- C:\Documents and Settings\user\Dane aplikacji.ICSharpCode 2007-02-04 12:50:22 0 d-------- C:\Program Files\Google 2007-02-03 12:18:26 0 d-------- C:\Program Files\PlayLinc 2007-02-03 12:16:02 0 d-------- C:\Program Files\Common Files\Adobe 2007-01-29 18:43:50 287 --a------ C:\WINDOWS\EReg072.dat 2007-01-29 13:22:10 4608 --a------ C:\WINDOWS\system32\w95inf32.dll 2007-01-29 13:22:10 2272 --a------ C:\WINDOWS\system32\w95inf16.dll 2007-01-27 23:47:09 0 d-------- C:\Program Files\Common Files\EasyInfo 2007-01-26 15:09:30 0 d-------- C:\Program Files\Realtek 2007-01-25 10:41:45 1064 --a----c- C:\WINDOWS\eReg.dat 2007-01-19 19:21:20 0 d—s---- C:\Documents and Settings\user\Dane aplikacji\Microsoft 2007-01-09 10:33:48 243349 --a------ C:\Program Files\DeIsL1.isu 2007-01-09 10:33:31 0 d-------- C:\Program Files\TBridge 2007-01-09 10:33:31 0 d-------- C:\Program Files\Common Files\Xerox Shared 2007-01-09 10:33:19 0 d-------- C:\Program Files\Micrografx 2007-01-09 10:33:19 0 d-------- C:\Program Files\GUIDE 2007-01-09 10:33:18 0 d-------- C:\Program Files\UNINSTAL 2007-01-09 09:58:50 0 d-------- C:\Program Files\GoD 2007-01-09 09:41:50 0 d-------- C:\Documents and Settings\user\Dane aplikacji\ABBYY 2006-12-31 12:40:49 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe – Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “Systweak Memory Optimizer”=“c:\program files\advanced system optimizer\memtuneup.exe” “Steam”="" “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” “updateMgr”="“C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_8 -reboot 1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” “SunJavaUpdateSched”="“C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe”" “SpeedTouch USB Diagnostics”="“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon" “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” “WOOTASKBARICON”=“C:\Program Files\Neostrada TP\taskbaricon.exe” “AGEIA PhysX SysTray”=“C:\Program Files\AGEIA Technologies\TrayIcon.exe” “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” “nwiz”=“nwiz.exe /install” “NvMediaCenter”=“RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” “PrinTray”=“C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe” “InstantAccess”=“c:\program files\TBRIDGE\BIN\InstantAccess.exe /h” “RegisterDropHandler”=“c:\program files\TBRIDGE\BIN\RegisterDropHandler.exe” “Shellapi32”=“svcnet.exe” “RTHDCPL”=“RTHDCPL.EXE” “SkyTel”=“SkyTel.EXE” “Alcmtr”=“ALCMTR.EXE” “PowerStrip”=“f:\program files\powerstrip\pstrip.exe” “DAEMON Tools”="“C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033" “PestPatrol Control Center”=“c:\PROGRA~1\PESTPA~1\PPControl.exe” “PPMemCheck”=“c:\PROGRA~1\PESTPA~1\PPMemCheck.exe” “CookiePatrol”=“c:\PROGRA~1\PESTPA~1\CookiePatrol.exe” “kav”="“C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe”" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] “RegisterDropHandler”=“c:\program files\TBRIDGE\BIN\RegisterDropHandler.exe” @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Action Manager 32.lnk] “path”=“C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Action Manager 32.lnk” “backup”=“C:\WINDOWS\pss\Action Manager 32.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\ScannerU\AM32.exe " “item”=“Action Manager 32” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] “path”=“C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk” “backup”=“C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE " “item”=“Adobe Reader Speed Launch” [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 – End of ComboScan: finished at 2007-03-09 at 16:12:11 ------------------------ I Fixwareout: Fixwareout Last edited 2/11/2007 Post this report in the forums please … »»»»»Prerun check »»»»» System restarted »»»»» Postrun check HKLM\SOFTWARE~\Winlogon\ “System”=”” … … »»»»» Misc files. … »»»»» Checking for older varients. … Search five digit cs, dm, kd, jb, other, files. The following files NEED TO BE SUBMITTED to one of the following URL’S for further inspection. Click browse, find the file then click submit. http://www.virustotal.com/flash/index_en.html Or http://virusscan.jotti.org/ »»»»» Other »»»»» Current runs [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” “SunJavaUpdateSched”="“C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe”" “SpeedTouch USB Diagnostics”="“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon" “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” “WOOTASKBARICON”=“C:\Program Files\Neostrada TP\taskbaricon.exe” “AGEIA PhysX SysTray”=“C:\Program Files\AGEIA Technologies\TrayIcon.exe” “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” “nwiz”=“nwiz.exe /install” “NvMediaCenter”=“RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” “PrinTray”=“C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe” “InstantAccess”=“c:\program files\TBRIDGE\BIN\InstantAccess.exe /h” “RegisterDropHandler”=“c:\program files\TBRIDGE\BIN\RegisterDropHandler.exe” “Shellapi32”=“svcnet.exe” “RTHDCPL”=“RTHDCPL.EXE” “SkyTel”=“SkyTel.EXE” “Alcmtr”=“ALCMTR.EXE” “PowerStrip”=“f:\program files\powerstrip\pstrip.exe” “DAEMON Tools”="“C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033" “PestPatrol Control Center”=“c:\PROGRA~1\PESTPA~1\PPControl.exe” “PPMemCheck”=“c:\PROGRA~1\PESTPA~1\PPMemCheck.exe” “CookiePatrol”=“c:\PROGRA~1\PESTPA~1\CookiePatrol.exe” “kav”="“C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe”" “KernelFaultCheck”=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Systweak Memory Optimizer”=“c:\program files\advanced system optimizer\memtuneup.exe” “Steam”="" “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” “updateMgr”="“C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_8 -reboot 1" … Hosts file was reset, If you use a custom hosts file please replace it »»»»» End report »»»»» Tak w ogóle mam pytanie: Czy cały ten syf jest wynikiem używania programów P2P.

Aqui · 11 Marzec 2007 13:49

Sciagnij Killbox

zaznacz opcje delete on reboot i w polu full patch of file to delete wklej

C:\WINDOWS\System32\svcnet.exe

Klikasz X reset kompa.

W Hijackthis sfixuj ten wpis

Daj nowe logi Comboscan i Silentrunners.

adlerxx · 11 Marzec 2007 19:51

W Killboksie po wklejeniu tego pliku i naciśnięciu X pojawia się komunikat “This file does not seem to exist”, więc już go chyba nie ma.

Log Comboscan:

ComboScan v20070306.20 run by user on 2007-03-11 at 20:45:41 Computer is in Normal Mode. -------------------------------------------------------------------------------- – HijackThis (run as user.exe) ------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 20:45:43, on 2007-03-11 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Neostrada TP\taskbaricon.exe C:\Program Files\AGEIA Technologies\TrayIcon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE F:\program files\powerstrip\pstrip.exe C:\Program Files\DAEMON Tools\daemon.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\user\Pulpit\pliki pobierane\comboscan.exe C:\PROGRA~1\HIJACK~1\user.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\Program Files\Neostrada TP\taskbaricon.exe O4 - HKLM…\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM…\Run: [instantAccess] c:\program files\TBRIDGE\BIN\InstantAccess.exe /h O4 - HKLM…\Run: [RegisterDropHandler] c:\program files\TBRIDGE\BIN\RegisterDropHandler.exe O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [PowerStrip] f:\program files\powerstrip\pstrip.exe O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM…\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM…\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM…\Run: [kav] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” O4 - HKLM…\RunServices: [RegisterDropHandler] c:\program files\TBRIDGE\BIN\RegisterDropHandler.exe O4 - HKCU…\Run: [systweak Memory Optimizer] c:\program files\advanced system optimizer\memtuneup.exe O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [updateMgr] “C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_8 -reboot 1 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: START_PAGE_URL=about:blank O17 - HKLM\System\CCS\Services\Tcpip…{C0958865-FBF1-4D64-A379-46AE8E74F458}: NameServer = 194.204.159.1 217.98.63.164 O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: AVP - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe – Files created between 2007-02-11 and 2007-03-11 ----------------------------- 2007-03-09 15:51:05 0 d-------- C:\fixwareout 2007-03-08 17:30:37 0 d-------- C:\WINDOWS\CSC 2007-03-08 17:21:13 0 d-------- C:!KillBox 2007-03-08 10:08:26 0 d-------- C:\Program Files\PestPatrol 2007-03-08 00:54:26 4482 --a------ C:\WINDOWS\system32\tmp.reg 2007-03-08 00:53:53 79360 --a------ C:\WINDOWS\system32\swxcacls.exe 2007-03-08 00:53:53 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-03-06 10:28:25 0 d-------- C:\Program Files\Elfin 2007-02-28 23:26:25 48928 --a------ C:\WINDOWS\system32\drivers\Tetris.sys 2007-02-28 22:56:11 0 d-------- C:\Program Files\cFosSpeed 2007-02-25 21:52:23 0 d-------- C:\Program Files\DAEMON Tools 2007-02-23 22:36:41 68888 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-02-23 22:36:41 237848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2007-02-23 22:36:41 15128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2007-02-23 22:36:41 2414360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-02-23 22:36:40 62744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2007-02-23 22:36:40 236824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2007-02-22 23:16:01 5248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys 2007-02-22 23:16:01 155136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys 2007-02-22 18:21:18 0 d–h----- C:\WINDOWS\PIF 2007-02-21 18:18:55 18048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys 2007-02-21 18:18:55 271360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys 2007-02-20 08:38:10 0 d-------- C:\Program Files\Azureus 2007-02-18 22:04:28 0 d-------- C:\VideoConverterOutput 2007-02-18 22:04:13 0 d-------- C:\Program Files\Ultra Video Converter 2007-02-18 17:03:25 0 d-------- C:\Program Files\Real Alternative 2007-02-18 17:03:25 0 d-------- C:\Program Files\Media Player Classic 2007-02-17 02:09:04 0 d-------- C:\Program Files\Apple Software Update 2007-02-11 19:52:28 0 d-------- C:\Program Files\VUPlayer – Find3M Report --------------------------------------------------------------- 2007-03-11 20:32:29 0 d-------- C:\Program Files\Mozilla Firefox 2007-03-11 19:09:46 459378 --a------ C:\WINDOWS\system32\perfh015.dat 2007-03-11 19:09:46 80080 --a------ C:\WINDOWS\system32\perfc015.dat 2007-03-11 19:06:05 0 d-------- C:\Program Files\Neostrada TP 2007-03-10 18:19:20 0 d-------- C:\Documents and Settings\user\Dane aplikacji\THQ 2007-03-10 00:40:02 0 d-------- C:\Documents and Settings\user\Dane aplikacji\Azureus 2007-03-08 18:14:08 0 d-------- C:\Program Files\Kaspersky Lab 2007-03-08 18:12:24 0 d–h----- C:\Program Files\InstallShield Installation Information 2007-02-28 22:48:56 1662 --a------ C:\WINDOWS\unins000.dat 2007-02-27 17:01:34 0 d-------- C:\Program Files\Java 2007-02-18 17:04:35 0 d-------- C:\Documents and Settings\user\Dane aplikacji\Media Player Classic 2007-02-18 13:18:35 0 d-------- C:\Program Files\ABBYY FineReader 6.0 2007-02-17 02:10:15 0 d-------- C:\Documents and Settings\user\Dane aplikacji\Apple Computer 2007-02-15 23:17:59 0 d-------- C:\Documents and Settings\user\Dane aplikacji\BitTorrent 2007-02-13 08:09:52 0 d-------- C:\Documents and Settings\user\Dane aplikacji\AdobeUM 2007-02-11 21:42:28 0 d-------- C:\Program Files\Tlen.pl 2007-02-11 19:55:48 0 d-------- C:\Documents and Settings\user\Dane aplikacji\VUPlayer 2007-02-10 19:52:02 1198557 --a------ C:\WINDOWS\system32\Object Browser For Trainz ScreenSaver.scr 2007-02-10 12:01:24 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll 2007-02-09 17:41:30 0 d-------- C:\Documents and Settings\user\Dane aplikacji\Moje pliki zapisu Bitwy o Śródziemie 2007-02-08 22:14:42 0 d-------- C:\Documents and Settings\user\Dane aplikacji\Adobe 2007-02-07 20:27:07 0 d-------- C:\Documents and Settings\user\Dane aplikacji.ICSharpCode 2007-02-04 12:50:22 0 d-------- C:\Program Files\Google 2007-02-03 12:18:26 0 d-------- C:\Program Files\PlayLinc 2007-02-03 12:16:02 0 d-------- C:\Program Files\Common Files\Adobe 2007-01-29 18:43:50 287 --a------ C:\WINDOWS\EReg072.dat 2007-01-29 13:22:10 4608 --a------ C:\WINDOWS\system32\w95inf32.dll 2007-01-29 13:22:10 2272 --a------ C:\WINDOWS\system32\w95inf16.dll 2007-01-27 23:47:09 0 d-------- C:\Program Files\Common Files\EasyInfo 2007-01-26 15:09:30 0 d-------- C:\Program Files\Realtek 2007-01-25 10:41:45 1064 --a----c- C:\WINDOWS\eReg.dat 2007-01-19 19:21:20 0 d—s---- C:\Documents and Settings\user\Dane aplikacji\Microsoft 2007-01-09 10:33:48 243349 --a------ C:\Program Files\DeIsL1.isu 2006-12-31 12:40:49 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe – Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “Systweak Memory Optimizer”=“c:\program files\advanced system optimizer\memtuneup.exe” “Steam”="" “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” “updateMgr”="“C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_8 -reboot 1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” “SunJavaUpdateSched”="“C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe”" “SpeedTouch USB Diagnostics”="“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon" “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” “WOOTASKBARICON”=“C:\Program Files\Neostrada TP\taskbaricon.exe” “AGEIA PhysX SysTray”=“C:\Program Files\AGEIA Technologies\TrayIcon.exe” “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” “nwiz”=“nwiz.exe /install” “NvMediaCenter”=“RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” “PrinTray”=“C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe” “InstantAccess”=“c:\program files\TBRIDGE\BIN\InstantAccess.exe /h” “RegisterDropHandler”=“c:\program files\TBRIDGE\BIN\RegisterDropHandler.exe” “RTHDCPL”=“RTHDCPL.EXE” “SkyTel”=“SkyTel.EXE” “Alcmtr”=“ALCMTR.EXE” “PowerStrip”=“f:\program files\powerstrip\pstrip.exe” “DAEMON Tools”="“C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033" “PestPatrol Control Center”=“c:\PROGRA~1\PESTPA~1\PPControl.exe” “PPMemCheck”=“c:\PROGRA~1\PESTPA~1\PPMemCheck.exe” “CookiePatrol”=“c:\PROGRA~1\PESTPA~1\CookiePatrol.exe” “kav”="“C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe”" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] “RegisterDropHandler”=“c:\program files\TBRIDGE\BIN\RegisterDropHandler.exe” @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Action Manager 32.lnk] “path”=“C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Action Manager 32.lnk” “backup”=“C:\WINDOWS\pss\Action Manager 32.lnkCommon Startup” “location”=“Common Startup” “command”="C:\PROGRA~1\ScannerU\AM32.exe " “item”=“Action Manager 32” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] “path”=“C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk” “backup”=“C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup” “location”=“Common Startup” “command”="C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE " “item”=“Adobe Reader Speed Launch” [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{b16b6842-3771-11db-8827-806d6172696f}] Shell\AutoRun\command E:\CojLauncher.exe – End of ComboScan: finished at 2007-03-11 at 20:46:04 ------------------------ Log Silentrunners: “Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Systweak Memory Optimizer” = “c:\program files\advanced system optimizer\memtuneup.exe” [file not found] “Steam” = “(empty string)” [file not found] “swg” = “C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [“Google Inc.”] “updateMgr” = ““C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_8 -reboot 1” [“Adobe Systems Incorporated”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe”” [“Sun Microsystems, Inc.”] “SpeedTouch USB Diagnostics” = ““C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”] “WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [empty string] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom RD”] “WOOTASKBARICON” = “C:\Program Files\Neostrada TP\taskbaricon.exe” [“France Télécom RD”] “AGEIA PhysX SysTray” = “C:\Program Files\AGEIA Technologies\TrayIcon.exe” [null data] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS] “PrinTray” = “C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe” [“Lexmark”] “InstantAccess” = “c:\program files\TBRIDGE\BIN\InstantAccess.exe /h” [null data] “RegisterDropHandler” = “c:\program files\TBRIDGE\BIN\RegisterDropHandler.exe” [empty string] “RTHDCPL” = “RTHDCPL.EXE” [“Realtek Semiconductor Corp.”] “SkyTel” = “SkyTel.EXE” [“Realtek Semiconductor Corp.”] “Alcmtr” = “ALCMTR.EXE” [“Realtek Semiconductor Corp.”] “PowerStrip” = “f:\program files\powerstrip\pstrip.exe” [“EnTech Taiwan”] “DAEMON Tools” = ““C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”] “PestPatrol Control Center” = “c:\PROGRA~1\PESTPA~1\PPControl.exe” [“Computer Associates International”] “PPMemCheck” = “c:\PROGRA~1\PESTPA~1\PPMemCheck.exe” [null data] “CookiePatrol” = “c:\PROGRA~1\PESTPA~1\CookiePatrol.exe” [“Computer Associates International”] “kav” = ““C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe”” [“Kaspersky Lab”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) - {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) - {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll” [“Sun Microsystems, Inc.”] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided) - {HKLM…CLSID} = “Google Toolbar Helper” \InProcServer32(Default) = “c:\program files\google\googletoolbar3.dll” [“Google Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” - {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” - {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}” = “OpenOffice.org Column Handler” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{087B3AE3-E237-4467-B8DB-5A38AB959AC9}” = “OpenOffice.org Infotip Handler” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{63542C48-9552-494A-84F7-73AA6A7C99C1}” = “OpenOffice.org Property Sheet Handler” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{3B092F0C-7696-40E3-A80F-68D74DA84210}” = “OpenOffice.org Thumbnail Viewer” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” - {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” - {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{D0FAC080-AE1A-11ce-8016-CE90976DC901}” = “Picture Publisher File Viewer” - {HKLM…CLSID} = “Picture Publisher File Viewer” \InProcServer32(Default) = “ppiv30.dll” [null data] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” - {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” - {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” - {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” - {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] HKLM\System\CurrentControlSet\Control\Session Manager\ “BootExecute” = “autocheck autochk *”|“pgdfgsvc C 1” [“Sysinternals - http://www.sysinternals.com”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ klogon\DLLName = “C:\WINDOWS\system32\klogon.dll” [“Kaspersky Lab”] HKLM\Software\Classes\PROTOCOLS\Filter\ text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}(Default) = “OpenOffice.org Column Handler” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” - {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\system32\OBJECT~1.SCR” (Object Browser For Trainz ScreenSaver.scr) [“Axialis Software”] Startup items in “user” “All Users” startup folders: ------------------------------------------------------ C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Reader Speed Launch” - shortcut to: “C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] Enabled Scheduled Tasks: ------------------------ “AppleSoftwareUpdate” - launches: “C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task” [“Apple Computer, Inc.”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” - {HKLM…CLSID} = “Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar3.dll” [“Google Inc.”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided) - {HKLM…CLSID} = “Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar3.dll” [“Google Inc.”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = “ToolBand Class” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}” - {HKCU…CLSID} = “Java Plug-in 1.5.0_11” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll” [“Sun Microsystems, Inc.”] - {HKLM…CLSID} = “Java Plug-in 1.5.0_11” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll” [“Sun Microsystems, Inc.”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to “Reset Web Settings”) Added lines (compared with English-language version): [strings]: START_PAGE_URL=about:blank Missing lines (compared with English-language version): [strings]: 1 line HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided) - {HKLM…CLSID} = “Search Class” \InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ LexBce Server, LexBceS, “C:\WINDOWS\system32\LEXBCES.EXE” [“Lexmark International, Inc.”] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Lexmark Network Port\Driver = “LEXLMPM.DLL” [“Lexmark International, Inc.”] Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] ---------- : Suspicious data at a malware launch point. : Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 94 seconds. ---------- (total run time: 129 seconds)

Gutek · 12 Marzec 2007 23:59

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177 albo jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509