Proszę o sprawdzenie loga na drugim systemie

Arturos167 · 21 Listopad 2005 18:11

Logfile of HijackThis v1.99.1

Scan saved at 19:15:10, on 2005-11-21

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Program Files\ArcaVir\Bin\NetMonSv.exe

E:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

E:\WINDOWS\System32\nvsvc32.exe

E:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe

E:\WINDOWS\Explorer.EXE

E:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe

E:\Program Files\HP\hpcoretech\hpcmpmgr.exe

E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

E:\Program Files\ArcaVir\Bin\ABmenu.exe

E:\Program Files\ArcaVir\Bin\ABregmon.exe

E:\WINDOWS\SOUNDMAN.EXE

E:\Program Files\Messenger\MSMSGS.EXE

E:\Program Files\Gadu-Gadu\gg.exe

E:\Program Files\Skype\Phone\Skype.exe

E:\Program Files\Tlen.pl\tlen.exe

E:\WINDOWS\System32\rundll32.exe

E:\WINDOWS\system32\RaConfig.exe

E:\Program Files\ArcaVir\Bin\arcascan.exe

E:\WINDOWS\System32\wuauclt.exe

C:\totalcmd\TOTALCMD.EXE

E:\Program Files\Internet Explorer\iexplore.exe

E:\DOCUME~1\Biuro\USTAWI~1\Temp\_tc\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FlashGet\jccatch.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [Media Access] E:\Program Files\Media Access\MediaAccK.exe

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "E:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [CloneCDTray] "E:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [HP Component Manager] "E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] "E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Outpost Firewall] E:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /waitservice

O4 - HKLM\..\Run: [IST Service] E:\Program Files\ISTsvc\istsvc.exe

O4 - HKLM\..\Run: [PcDC] E:\WINDOWS\csggqvq.exe

O4 - HKLM\..\Run: [ABmenu] E:\Program Files\ArcaVir\Bin\ABmenu.exe

O4 - HKLM\..\Run: [ABREGMON] E:\Program Files\ArcaVir\Bin\ABregmon.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\MSMSGS.EXE" /background

O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Komunikator] E:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [MarBitTorrent] C:\Program Files\MarBit\MBTorrent\MBTorrent.exe

O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: RaConfig.lnk = E:\WINDOWS\system32\RaConfig.exe

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - E:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - E:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - E:\Program Files\Agnitum\Outpost Firewall\TRASH.EXE (HKCU)

O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - E:\Program Files\Agnitum\Outpost Firewall\TRASH.EXE (HKCU)

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/Bridge-c139.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117511171042

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1B90DD1F-E805-49DA-844E-E4D21E1470E5}: NameServer = 194.204.159.1,194.204.152.34

O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - E:\Program Files\ArcaVir\Bin\NetMonSv.exe

O23 - Service: ArcaVir Monitor (ArcaMonSvc) - ArcaBit - E:\Program Files\ArcaVir\Bin\avmonsv.exe

O23 - Service: ArcaScan - ArcaBit - E:\Program Files\ArcaVir\Bin\arcascan.exe

O23 - Service: arcaserv - ArcaBit Sp. z o. o. - E:\Program Files\ArcaVir\bin\arcaserv.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - E:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe

====================================

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.

Pozdrawiam kuz5

Gutek · 21 Listopad 2005 19:40

Wyłączyć Przywracanie systemu w XP TU
Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).
Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte.
Skasować z dysku pliki i foldery, które podkreśliłem na czerwono
Dokończyć skanerami online - Scanery do wyboru
Pokazać nowy log

Użyj FxIstbar.exe.

Arturos167 · 21 Listopad 2005 20:59

Logfile of HijackThis v1.99.1

Scan saved at 22:01:18, on 2005-11-21

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Program Files\ArcaVir\Bin\NetMonSv.exe

E:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

E:\WINDOWS\System32\nvsvc32.exe

E:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe

E:\WINDOWS\Explorer.EXE

E:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe

E:\Program Files\HP\hpcoretech\hpcmpmgr.exe

E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

E:\Program Files\ArcaVir\Bin\ABmenu.exe

E:\Program Files\ArcaVir\Bin\ABregmon.exe

E:\WINDOWS\SOUNDMAN.EXE

E:\Program Files\Messenger\MSMSGS.EXE

E:\Program Files\Gadu-Gadu\gg.exe

E:\Program Files\Skype\Phone\Skype.exe

E:\Program Files\Tlen.pl\tlen.exe

E:\WINDOWS\System32\rundll32.exe

C:\Program Files\MarBit\MBTorrent\MBTorrent.exe

E:\WINDOWS\system32\RaConfig.exe

C:\Program Files\MarBit\MBTorrent\MBClient.exe

C:\Program Files\MarBit\MBTorrent\MBClient.exe

C:\Program Files\MarBit\MBTorrent\MBClient.exe

E:\WINDOWS\System32\wuauclt.exe

E:\WINDOWS\System32\wuauclt.exe

C:\totalcmd\TOTALCMD.EXE

E:\Program Files\Internet Explorer\iexplore.exe

E:\DOCUME~1\Biuro\USTAWI~1\Temp\_tc\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FlashGet\jccatch.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "E:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [CloneCDTray] "E:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [HP Component Manager] "E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] "E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ABmenu] E:\Program Files\ArcaVir\Bin\ABmenu.exe

O4 - HKLM\..\Run: [ABREGMON] E:\Program Files\ArcaVir\Bin\ABregmon.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\MSMSGS.EXE" /background

O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Komunikator] E:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [MarBitTorrent] C:\Program Files\MarBit\MBTorrent\MBTorrent.exe

O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: RaConfig.lnk = E:\WINDOWS\system32\RaConfig.exe

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - E:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - E:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - E:\Program Files\Agnitum\Outpost Firewall\TRASH.EXE (HKCU)

O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - E:\Program Files\Agnitum\Outpost Firewall\TRASH.EXE (HKCU)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117511171042

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1B90DD1F-E805-49DA-844E-E4D21E1470E5}: NameServer = 194.204.159.1,194.204.152.34

O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - E:\Program Files\ArcaVir\Bin\NetMonSv.exe

O23 - Service: ArcaVir Monitor (ArcaMonSvc) - ArcaBit - E:\Program Files\ArcaVir\Bin\avmonsv.exe

O23 - Service: ArcaScan - ArcaBit - E:\Program Files\ArcaVir\Bin\arcascan.exe

O23 - Service: arcaserv - ArcaBit Sp. z o. o. - E:\Program Files\ArcaVir\bin\arcaserv.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - E:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe

Gutek · 21 Listopad 2005 21:26

czysto zbędniki

Start >>> Uruchom >>> msconfig >>> w zakładce Uruchamianie wyłącz te wpisy.

XP-Antispy odinstaluj messengera, zaznacz opcję w ustawieniach.

Start >>> Programy >>> Autostart >>> kasacja z prawokliku.

Arturos167 · 21 Listopad 2005 22:23

Logfile of HijackThis v1.99.1

Scan saved at 23:23:48, on 2005-11-21

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Program Files\ArcaVir\Bin\NetMonSv.exe

E:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

E:\WINDOWS\System32\nvsvc32.exe

E:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe

E:\WINDOWS\Explorer.EXE

E:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe

E:\Program Files\HP\hpcoretech\hpcmpmgr.exe

E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

E:\Program Files\ArcaVir\Bin\ABmenu.exe

E:\Program Files\ArcaVir\Bin\ABregmon.exe

E:\WINDOWS\SOUNDMAN.EXE

E:\Program Files\Gadu-Gadu\gg.exe

E:\Program Files\Skype\Phone\Skype.exe

E:\Program Files\Tlen.pl\tlen.exe

E:\WINDOWS\System32\rundll32.exe

C:\Program Files\MarBit\MBTorrent\MBTorrent.exe

E:\WINDOWS\system32\RaConfig.exe

E:\WINDOWS\System32\wuauclt.exe

C:\totalcmd\TOTALCMD.EXE

E:\Program Files\ArcaVir\Bin\avmonsv.exe

E:\Program Files\ArcaVir\Bin\arcascan.exe

E:\DOCUME~1\Biuro\USTAWI~1\Temp\_tc\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FlashGet\jccatch.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "E:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [CloneCDTray] "E:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [HP Component Manager] "E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [ABmenu] E:\Program Files\ArcaVir\Bin\ABmenu.exe

O4 - HKLM\..\Run: [ABREGMON] E:\Program Files\ArcaVir\Bin\ABregmon.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Komunikator] E:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [MarBitTorrent] C:\Program Files\MarBit\MBTorrent\MBTorrent.exe

O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: RaConfig.lnk = E:\WINDOWS\system32\RaConfig.exe

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - E:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - E:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - E:\Program Files\Agnitum\Outpost Firewall\TRASH.EXE (HKCU)

O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - E:\Program Files\Agnitum\Outpost Firewall\TRASH.EXE (HKCU)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117511171042

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1B90DD1F-E805-49DA-844E-E4D21E1470E5}: NameServer = 194.204.159.1,194.204.152.34

O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - E:\Program Files\ArcaVir\Bin\NetMonSv.exe

O23 - Service: ArcaVir Monitor (ArcaMonSvc) - ArcaBit - E:\Program Files\ArcaVir\Bin\avmonsv.exe

O23 - Service: ArcaScan - ArcaBit - E:\Program Files\ArcaVir\Bin\arcascan.exe

O23 - Service: arcaserv - ArcaBit Sp. z o. o. - E:\Program Files\ArcaVir\bin\arcaserv.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - E:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe

Gutek · 21 Listopad 2005 22:29

To była kosmetyka nie musiałeś dawac log-a już OK

nie bój się— Start >>> Programy >>> Autostart >>> kasacja z prawokliku.

kuz5 · 21 Listopad 2005 23:19

Możesz sobie jeszcze ciachnąć kosmetycznie to:

Arturos167 · 22 Listopad 2005 14:45

mam znowu problem chciałem sprawdzić czy mam dobre zabezpieczenia niestety okazało się że nie i znowu mam syf nie mogę sobie poradzić z tym posiadam program antywirusowy ARCAVIR2005 z firewallem może brak jakichś aktualizacji niewiem.

Logfile of HijackThis v1.99.1

Scan saved at 15:40:43, on 2005-11-22

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ArcaVir\Bin\NetMonSv.exe

C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\nvctrl.exe

C:\WINDOWS\System32\mssearchnet.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\ArcaVir\Bin\ABmenu.exe

C:\Program Files\ArcaVir\Bin\ABregmon.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\system32\RaConfig.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\System32\wuauclt.exe

C:\totalcmd\TOTALCMD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\imapi.exe

C:\DOCUME~1\AGNIES~1\USTAWI~1\Temp\_tc\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: HomepageBHO - {7caf96a2-c556-460a-988e-76fc7895d284} - C:\WINDOWS\System32\hp5A83.tmp

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [ABmenu] C:\Program Files\ArcaVir\Bin\ABmenu.exe

O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\ArcaVir\Bin\ABregmon.exe

O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [MarBitTorrent] C:\Program Files\MarBit\MBTorrent\MBTorrent.exe

O4 - Global Startup: RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/activex/EPUWALControl_v1-0-3-18.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117503097285

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{485E5BF4-69B6-4A8F-8B6C-E0AAA33FF8B3}: NameServer = 194.204.159.1,194.204.152.34

O17 - HKLM\System\CS1\Services\Tcpip\..\{485E5BF4-69B6-4A8F-8B6C-E0AAA33FF8B3}: NameServer = 194.204.159.1,194.204.152.34

O17 - HKLM\System\CS2\Services\Tcpip\..\{485E5BF4-69B6-4A8F-8B6C-E0AAA33FF8B3}: NameServer = 194.204.159.1,194.204.152.34

O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll

O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program Files\ArcaVir\Bin\NetMonSv.exe

O23 - Service: ArcaVir Monitor (ArcaMonSvc) - ArcaBit - C:\Program Files\ArcaVir\Bin\avmonsv.exe

O23 - Service: ArcaScan - ArcaBit - C:\Program Files\ArcaVir\Bin\arcascan.exe

O23 - Service: arcaserv - ArcaBit Sp. z o. o. - C:\Program Files\ArcaVir\bin\arcaserv.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Złączono Posta : 22.11.2005 (Wto) 15:49

aha nie wiem czy to code się dodało czy nie próbowałem awaryjnie usunąć O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll

nie da rady

Złączono Posta : 22.11.2005 (Wto) 16:43

proszę jeszcze raz o pomoc

Gutek · 22 Listopad 2005 17:04

Zobacz: Usuwanie updatescenter.com / security2k.net / syserrors.com oraz TROJAN STYDLER

Arturos167 · 22 Listopad 2005 23:22

[code]NIE WIEM CHYBA JESTEM SŁABO ZABEZPIECZONY DLA SPRAWDZENIA WESZŁEM SOBIE NA STRONKI KTÓRE MAJĄ TROJANY WIRUSY ITP.NO I LIPA MOŻE JAKIEŚ AKTUALIZACJE CZY LEPSZY PROGRAM ANTYWIRUSOWY POSIADAM ANTYVIR2005 Z FIREWALLEM PROSZĘ O JAKĄŚ PORADĘ Z GÓRY DZIĘKI DLA GUTKA2222

[code]Logfile of HijackThis v1.99.1

Scan saved at 00:21:13, on 2005-11-23

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ArcaVir\Bin\NetMonSv.exe

C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\ArcaVir\Bin\ABmenu.exe

C:\Program Files\ArcaVir\Bin\ABregmon.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\MarBit\MBTorrent\MBTorrent.exe

C:\WINDOWS\system32\RaConfig.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\MarBit\MBTorrent\MBClient.exe

C:\Program Files\MarBit\MBTorrent\MBClient.exe

C:\Program Files\MarBit\MBTorrent\MBClient.exe

C:\WINDOWS\System32\wuauclt.exe

C:\totalcmd\TOTALCMD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\ArcaVir\Bin\avmonsv.exe

C:\Program Files\ArcaVir\Bin\arcascan.exe

C:\DOCUME~1\AGNIES~1\USTAWI~1\Temp\_tc\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://www.google.pl/]http://www.google.pl/[/url]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [ABmenu] C:\Program Files\ArcaVir\Bin\ABmenu.exe

O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\ArcaVir\Bin\ABregmon.exe

O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [MarBitTorrent] C:\Program Files\MarBit\MBTorrent\MBTorrent.exe

O4 - Global Startup: RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - [url=http://arcaonline.arcabit.com/ArcaOnline.cab]http://arcaonline.arcabit.com/ArcaOnline.cab[/url]

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - [url=http://tools.ebayimg.com/eps/activex/EPUWALControl_v1-0-3-18.cab]http://tools.ebayimg.com/eps/activex/EP ... 0-3-18.cab[/url]

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url=http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117503097285]http://v5.windowsupdate.microsoft.com/v ... 7503097285[/url]

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - [url=http://skaner.mks.com.pl/SkanerOnline.cab]http://skaner.mks.com.pl/SkanerOnline.cab[/url]

O17 - HKLM\System\CCS\Services\Tcpip\..\{485E5BF4-69B6-4A8F-8B6C-E0AAA33FF8B3}: NameServer = 194.204.159.1,194.204.152.34

O17 - HKLM\System\CS1\Services\Tcpip\..\{485E5BF4-69B6-4A8F-8B6C-E0AAA33FF8B3}: NameServer = 194.204.159.1,194.204.152.34

O17 - HKLM\System\CS2\Services\Tcpip\..\{485E5BF4-69B6-4A8F-8B6C-E0AAA33FF8B3}: NameServer = 194.204.159.1,194.204.152.34

O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program Files\ArcaVir\Bin\NetMonSv.exe

O23 - Service: ArcaVir Monitor (ArcaMonSvc) - ArcaBit - C:\Program Files\ArcaVir\Bin\avmonsv.exe

O23 - Service: ArcaScan - ArcaBit - C:\Program Files\ArcaVir\Bin\arcascan.exe

O23 - Service: arcaserv - ArcaBit Sp. z o. o. - C:\Program Files\ArcaVir\bin\arcaserv.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Złączono Posta : 23.11.2005 (Sro) 0:24

Gutek · 23 Listopad 2005 00:02

Już Ok zobacz TUTAJ

Arturos167 · 23 Listopad 2005 22:04

Na drugim systemie coś mi się on nie podoba nie mogę odebrać poczty nie mogę wejś do internetu przez IE nie chce się otworzyć

wcześniej nie mogłem pobrać aktualizacji programu antywirusowego no dzisiaj się jakoś udało, dziwna sprawa.

Logfile of HijackThis v1.99.1

Scan saved at 23:08:01, on 2005-11-23

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

E:\WINDOWS\System32\nvsvc32.exe

E:\WINDOWS\Explorer.EXE

E:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe

E:\Program Files\HP\hpcoretech\hpcmpmgr.exe

E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

E:\Program Files\ArcaVir\Bin\ABmenu.exe

E:\Program Files\ArcaVir\Bin\ABregmon.exe

E:\WINDOWS\SOUNDMAN.EXE

E:\Program Files\Gadu-Gadu\gg.exe

E:\Program Files\Skype\Phone\Skype.exe

E:\Program Files\Tlen.pl\tlen.exe

C:\Program Files\MarBit\MBTorrent\MBTorrent.exe

E:\WINDOWS\system32\RaConfig.exe

E:\WINDOWS\System32\rundll32.exe

E:\WINDOWS\System32\wuauclt.exe

C:\Program Files\MarBit\MBTorrent\MBClient.exe

C:\totalcmd\TOTALCMD.EXE

E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTW10.exe

E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTW10.exe

E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTW10.exe

E:\Program Files\ArcaVir\Bin\avmonsv.exe

E:\Program Files\ArcaVir\Bin\arcascan.exe

C:\Program Files\MarBit\MBTorrent\MBClient.exe

C:\Program Files\MarBit\MBTorrent\MBClient.exe

E:\Program Files\Internet Explorer\iexplore.exe

E:\Program Files\ArcaVir\Bin\NetMonSv.exe

E:\DOCUME~1\Biuro\USTAWI~1\Temp\_tc\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FlashGet\jccatch.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "E:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [CloneCDTray] "E:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [HP Component Manager] "E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [ABmenu] E:\Program Files\ArcaVir\Bin\ABmenu.exe

O4 - HKLM\..\Run: [ABREGMON] E:\Program Files\ArcaVir\Bin\ABregmon.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Komunikator] E:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [MarBitTorrent] C:\Program Files\MarBit\MBTorrent\MBTorrent.exe

O4 - Global Startup: RaConfig.lnk = E:\WINDOWS\system32\RaConfig.exe

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - E:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - E:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - E:\Program Files\Agnitum\Outpost Firewall\TRASH.EXE (HKCU)

O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - E:\Program Files\Agnitum\Outpost Firewall\TRASH.EXE (HKCU)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117511171042

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1B90DD1F-E805-49DA-844E-E4D21E1470E5}: NameServer = 194.204.159.1,194.204.152.34

O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - E:\Program Files\ArcaVir\Bin\NetMonSv.exe

O23 - Service: ArcaVir Monitor (ArcaMonSvc) - ArcaBit - E:\Program Files\ArcaVir\Bin\avmonsv.exe

O23 - Service: ArcaScan - ArcaBit - E:\Program Files\ArcaVir\Bin\arcascan.exe

O23 - Service: arcaserv - ArcaBit Sp. z o. o. - E:\Program Files\ArcaVir\bin\arcaserv.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - E:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe

Gutek · 23 Listopad 2005 22:09

Jest Ok moze to coś z netem było?

Arturos167 · 24 Listopad 2005 23:36

[code][code]Nie wiem już jak sobie ztym poradzić na jednym systemie wyłącza mi się komp sam później jakiś niebieski ekran,na drugim systemie wyskakuje komputer zainfekowany Arcavir2005 informuje mnie jak jest po ptokach nie mogę plku BHO HP5062 NAWET W SYSTEMIE AWARYJNYM PO WYŁĄCZENIU PRZYWRACANIA SYSTEMU,MOŻE BYM ZAINSTALOWAŁ TEN PACK2

Logfile of HijackThis v1.99.1

Scan saved at 00:34:27, on 2005-11-25

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ArcaVir\Bin\NetMonSv.exe

C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\nvctrl.exe

C:\WINDOWS\System32\mssearchnet.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\ArcaVir\Bin\ABmenu.exe

C:\Program Files\ArcaVir\Bin\ABregmon.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\MarBit\MBTorrent\MBTorrent.exe

C:\WINDOWS\system32\RaConfig.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\MarBit\MBTorrent\MBClient.exe

C:\Program Files\MarBit\MBTorrent\MBClient.exe

C:\totalcmd\TOTALCMD.EXE

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\ArcaVir\Bin\avmonsv.exe

C:\Program Files\ArcaVir\Bin\arcascan.exe

C:\WINDOWS\explorer.exe

C:\DOCUME~1\AGNIES~1\USTAWI~1\Temp\_tc\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://www.google.pl/]http://www.google.pl/[/url]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {7caf96a2-c556-460a-988e-76fc7895d284} - C:\WINDOWS\System32\hp5062.tmp

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [ABmenu] C:\Program Files\ArcaVir\Bin\ABmenu.exe

O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\ArcaVir\Bin\ABregmon.exe

O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [MarBitTorrent] C:\Program Files\MarBit\MBTorrent\MBTorrent.exe

O4 - Global Startup: RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - [url=http://arcaonline.arcabit.com/ArcaOnline.cab]http://arcaonline.arcabit.com/ArcaOnline.cab[/url]

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - [url=http://tools.ebayimg.com/eps/activex/EPUWALControl_v1-0-3-18.cab]http://tools.ebayimg.com/eps/activex/EP ... 0-3-18.cab[/url]

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url=http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117503097285]http://v5.windowsupdate.microsoft.com/v ... 7503097285[/url]

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - [url=http://skaner.mks.com.pl/SkanerOnline.cab]http://skaner.mks.com.pl/SkanerOnline.cab[/url]

O17 - HKLM\System\CCS\Services\Tcpip\..\{485E5BF4-69B6-4A8F-8B6C-E0AAA33FF8B3}: NameServer = 194.204.159.1,194.204.152.34

O17 - HKLM\System\CS1\Services\Tcpip\..\{485E5BF4-69B6-4A8F-8B6C-E0AAA33FF8B3}: NameServer = 194.204.159.1,194.204.152.34

O17 - HKLM\System\CS2\Services\Tcpip\..\{485E5BF4-69B6-4A8F-8B6C-E0AAA33FF8B3}: NameServer = 194.204.159.1,194.204.152.34

O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program Files\ArcaVir\Bin\NetMonSv.exe

O23 - Service: ArcaVir Monitor (ArcaMonSvc) - ArcaBit - C:\Program Files\ArcaVir\Bin\avmonsv.exe

O23 - Service: ArcaScan - ArcaBit - C:\Program Files\ArcaVir\Bin\arcascan.exe

O23 - Service: arcaserv - ArcaBit Sp. z o. o. - C:\Program Files\ArcaVir\bin\arcaserv.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32nvsvc32.exe

Gutek · 25 Listopad 2005 06:09

A jaki błąd STOP na niebieskim ekranie wyskakuje?

Znowu siepoojawiły pliki daj log Silent Runners

Arturos167 · 25 Listopad 2005 11:06

TAMTEN SYSSTEM SZLAG TRAFIŁ WCHODZĘ A CZĘŚĆ PROGRAMÓW WOGÓLE NIE MA GDY SIĘ LOGOWAŁEM WINDOWS COŚ MNIE TAM POWIADAMIAŁ O ZABEZPIECZENIACH PODAJĘ NOWY LOG Z NASTĘPONEGO SYSTEMU

Logfile of HijackThis v1.99.1

Scan saved at 12:05:26, on 2005-11-25

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Program Files\ArcaVir\Bin\NetMonSv.exe

E:\Program Files\ArcaVir\Bin\avmonsv.exe

E:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

E:\WINDOWS\System32\nvsvc32.exe

E:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe

E:\WINDOWS\Explorer.EXE

E:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe

E:\Program Files\HP\hpcoretech\hpcmpmgr.exe

E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

E:\Program Files\ArcaVir\Bin\ABmenu.exe

E:\Program Files\ArcaVir\Bin\ABregmon.exe

E:\WINDOWS\SOUNDMAN.EXE

E:\Program Files\Gadu-Gadu\gg.exe

E:\Program Files\Skype\Phone\Skype.exe

E:\Program Files\Tlen.pl\tlen.exe

E:\WINDOWS\System32\rundll32.exe

E:\WINDOWS\system32\RaConfig.exe

E:\Program Files\ArcaVir\Bin\arcascan.exe

C:\totalcmd\TOTALCMD.EXE

E:\WINDOWS\System32\wuauclt.exe

E:\WINDOWS\System32\wuauclt.exe

E:\Program Files\Internet Explorer\iexplore.exe

E:\DOCUME~1\Biuro\USTAWI~1\Temp\_tc\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FlashGet\jccatch.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "E:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [CloneCDTray] "E:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [HP Component Manager] "E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [ABmenu] E:\Program Files\ArcaVir\Bin\ABmenu.exe

O4 - HKLM\..\Run: [ABREGMON] E:\Program Files\ArcaVir\Bin\ABregmon.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Komunikator] E:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [MarBitTorrent] C:\Program Files\MarBit\MBTorrent\MBTorrent.exe

O4 - Global Startup: RaConfig.lnk = E:\WINDOWS\system32\RaConfig.exe

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - E:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - E:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - E:\Program Files\Agnitum\Outpost Firewall\TRASH.EXE (HKCU)

O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - E:\Program Files\Agnitum\Outpost Firewall\TRASH.EXE (HKCU)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117511171042

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1B90DD1F-E805-49DA-844E-E4D21E1470E5}: NameServer = 194.204.159.1,194.204.152.34

O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - E:\Program Files\ArcaVir\Bin\NetMonSv.exe

O23 - Service: ArcaVir Monitor (ArcaMonSvc) - ArcaBit - E:\Program Files\ArcaVir\Bin\avmonsv.exe

O23 - Service: ArcaScan - ArcaBit - E:\Program Files\ArcaVir\Bin\arcascan.exe

O23 - Service: arcaserv - ArcaBit Sp. z o. o. - E:\Program Files\ArcaVir\bin\arcaserv.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - E:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe

LOG SILLENT RUNERS “Silent Runners.vbs”, revision 41, http://www.silentrunners.org/Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “Gadu-Gadu” = ““E:\Program Files\Gadu-Gadu\gg.exe” /tray” [“sms-express.com”] “Skype” = ““E:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] “Komunikator” = “E:\Program Files\Tlen.pl\tlen.exe” [null data] “NVIEW” = “rundll32.exe nview.dll,nViewLoadHook” [MS] “MarBitTorrent” = “C:\Program Files\MarBit\MBTorrent\MBTorrent.exe” [“MarBit”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “CloneCDElbyCDFL” = ““E:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe” /L ElbyCDFL” [“Elaborate Bytes AG”] “CloneCDTray” = ““E:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe”” [“Elaborate Bytes AG”] “NvCplDaemon” = “RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS] “HP Component Manager” = ““E:\Program Files\HP\hpcoretech\hpcmpmgr.exe”” [“Hewlett-Packard Company”] “HPDJ Taskbar Utility” = “E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe” [“HP”] “ABmenu” = “E:\Program Files\ArcaVir\Bin\ABmenu.exe” [“ArcaBit”] “ABREGMON” = “E:\Program Files\ArcaVir\Bin\ABregmon.exe” [“ArcaBit”] “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] HKLM\Software\Microsoft\Active Setup\Installed Components\ {5945c046-1e7d-11d1-bc44-00c04fd912be}(Default) = “Windows Messenger 4.7” \StubPath = “rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\msmsgs.inf,BLC.Remove.PerUser” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = “AcroIEHlprObj Class” [from CLSID] -> {CLSID}\InProcServer32(Default) = “E:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx” [empty string] {A5366673-E8CA-11D3-9CD9-0090271D075B}(Default) = “IeCatch2 Class” [from CLSID] -> {CLSID}\InProcServer32(Default) = “E:\PROGRA~1\FlashGet\jccatch.dll” [“Amaze Soft”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {CLSID}\InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {CLSID}\InProcServer32(Default) = “E:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {CLSID}\InProcServer32(Default) = “E:\Program Files\WinRAR\rarext.dll” [null data] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {CLSID}\InProcServer32(Default) = “E:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL” [MS] “{0E6C58A9-F592-4862-B35F-CA45E24003B3}” = “CloneCD” -> {CLSID}\InProcServer32(Default) = “E:\Program Files\Elaborate Bytes\CloneCD\ElbyVCDShell.dll” [“Elaborate Bytes”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Eksplorator pulpitów” -> {CLSID}\InProcServer32(Default) = “E:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {CLSID}\InProcServer32(Default) = “E:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ ArcaVir(Default) = “{39D48A26-EB1E-494c-973B-DDF4B2BEFE3F}” -> {CLSID}\InProcServer32(Default) = “E:\Program Files\ArcaVir\Bin\ArcaShl.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {CLSID}\InProcServer32(Default) = “E:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {CLSID}\InProcServer32(Default) = “E:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ ArcaVir(Default) = “{39D48A26-EB1E-494c-973B-DDF4B2BEFE3F}” -> {CLSID}\InProcServer32(Default) = “E:\Program Files\ArcaVir\Bin\ArcaShl.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {CLSID}\InProcServer32(Default) = “E:\Program Files\WinRAR\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “E:\WINDOWS\web\wallpaper\Idylla.bmp” Active Desktop web content: HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\ “FriendlyName” = “” “Source” = “http://www.musiq.pl/images/6/Grant_Green_Carryin__On.jpg” “SubscribedURL” = “http://www.musiq.pl/images/6/Grant_Green_Carryin__On.jpg” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\1\ “SCRNSAVE.EXE” = “E:\WINDOWS\System32\logon.scr” [MS] Startup items in “Biuro” & “All Users” startup folders: ------------------------------------------------------- E:\Documents and Settings\All Users\Menu Start\Programy\Autostart “RaConfig” -> shortcut to: “E:\WINDOWS\system32\RaConfig.exe” [“Ralink Technology, Corp.”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{E0E899AB-F487-11D5-8D29-0050BA6940E3}” = “FlashGet Bar” -> {CLSID}\InProcServer32(Default) = “E:\PROGRA~1\FlashGet\fgiebar.dll” [“Amaze Soft”] Extensions (Tools menu items, main toolbar menu buttons) HKCU\Software\Microsoft\Internet Explorer\Extensions\ {072F3B8A-2DA2-40E2-B841-88899F240200}\ “ButtonText” = “Trashcan” “MenuText” = “Show Trashcan” “Exec” = “E:\Program Files\Agnitum\Outpost Firewall\TRASH.EXE” [“Agnitum Ltd.”] HKLM\Software\Microsoft\Internet Explorer\Extensions\ {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ “ButtonText” = “FlashGet” “MenuText” = “&FlashGet” “Exec” = “E:\PROGRA~1\FlashGet\flashget.exe” [“Amaze Soft”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ArcaBit NetMonitor, ABNetMon, “E:\Program Files\ArcaVir\Bin\NetMonSv.exe” [“ArcaBit sp. z o.o.”] ArcaScan, ArcaScan, “E:\Program Files\ArcaVir\Bin\arcascan.exe” [“ArcaBit”] ArcaVir Monitor, ArcaMonSvc, “E:\Program Files\ArcaVir\Bin\avmonsv.exe” [“ArcaBit”] MSSQLSERVER, MSSQLSERVER, “E:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -sMSSQLSERVER” [MS] NVIDIA Driver Helper Service, NVSvc, “E:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”] Outpost Firewall Service, OutpostFirewall, “E:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /service” [“Agnitum”] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt10\Driver = “hpzsnt10.dll” [“HP”] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer “No” at the first message box. ---------- (total run time: 41 seconds, including 5 seconds for message boxes)

Gutek · 25 Listopad 2005 13:29

Jest Ok

Jak to 2 system trafił szlag? Co się stało opis?

Arturos167 · 25 Listopad 2005 19:53

[code]"Silent Runners.vbs", revision 41, [url=http://www.silentrunners.org/]http://www.silentrunners.org/[/url]

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Gadu-Gadu" = ""E:\Program Files\Gadu-Gadu\gg.exe" /tray" ["sms-express.com"]

"Skype" = ""E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

"Komunikator" = "E:\Program Files\Tlen.pl\tlen.exe" [null data]

"NVIEW" = "rundll32.exe nview.dll,nViewLoadHook" [MS]

"MarBitTorrent" = "C:\Program Files\MarBit\MBTorrent\MBTorrent.exe" ["MarBit"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CloneCDElbyCDFL" = ""E:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL" ["Elaborate Bytes AG"]

"CloneCDTray" = ""E:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"" ["Elaborate Bytes AG"]

"NvCplDaemon" = "RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]

"HP Component Manager" = ""E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]

"HPDJ Taskbar Utility" = "E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe" ["HP"]

"ABmenu" = "E:\Program Files\ArcaVir\Bin\ABmenu.exe" ["ArcaBit"]

"ABREGMON" = "E:\Program Files\ArcaVir\Bin\ABregmon.exe" ["ArcaBit"]

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]


HKLM\Software\Microsoft\Active Setup\Installed Components\

{5945c046-1e7d-11d1-bc44-00c04fd912be}\(Default) = "Windows Messenger 4.7"

                                       \StubPath = "rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\msmsgs.inf,BLC.Remove.PerUser" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx" [empty string]

{A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = "IeCatch2 Class" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\FlashGet\jccatch.dll" ["Amaze Soft"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

  -> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]

"{0E6C58A9-F592-4862-B35F-CA45E24003B3}" = "CloneCD"

  -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Elaborate Bytes\CloneCD\ElbyVCDShell.dll" ["Elaborate Bytes"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Eksplorator pulpitów"

  -> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

ArcaVir\(Default) = "{39D48A26-EB1E-494c-973B-DDF4B2BEFE3F}"

  -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\ArcaVir\Bin\ArcaShl.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

ArcaVir\(Default) = "{39D48A26-EB1E-494c-973B-DDF4B2BEFE3F}"

  -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\ArcaVir\Bin\ArcaShl.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is enabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "E:\WINDOWS\web\wallpaper\Idylla.bmp"


Active Desktop web content:


HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\

"FriendlyName" = ""

"Source" = "http://www.musiq.pl/images/6/Grant_Green_Carryin__On.jpg"

"SubscribedURL" = "http://www.musiq.pl/images/6/Grant_Green_Carryin__On.jpg"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\


HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\1\

"SCRNSAVE.EXE" = "E:\WINDOWS\System32\logon.scr" [MS]



Startup items in "Biuro" & "All Users" startup folders:

-------------------------------------------------------


E:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"RaConfig" -> shortcut to: "E:\WINDOWS\system32\RaConfig.exe" ["Ralink Technology, Corp."]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{01E69986-A054-4C52-ABE8-EF63DF1C5211}" = "Cram Toolbar" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Cram Toolbar\untitled1.dll" ["IE Toolbar"]


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar"

  -> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\FlashGet\fgiebar.dll" ["Amaze Soft"]


Extensions (Tools menu items, main toolbar menu buttons)


HKCU\Software\Microsoft\Internet Explorer\Extensions\

{072F3B8A-2DA2-40E2-B841-88899F240200}\

"ButtonText" = "Trashcan"

"MenuText" = "Show Trashcan"

"Exec" = "E:\Program Files\Agnitum\Outpost Firewall\TRASH.EXE" ["Agnitum Ltd."]


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\

"ButtonText" = "FlashGet"

"MenuText" = "&FlashGet"

"Exec" = "E:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"]



Miscellaneous IE Hijack Points

------------------------------


HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\


Missing lines (compared with English-language version):

"{01E69986-A054-4C52-ABE8-EF63DF1C5211}" = "Cram Toolbar" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Cram Toolbar\untitled1.dll" ["IE Toolbar"]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


ArcaBit NetMonitor, ABNetMon, "E:\Program Files\ArcaVir\Bin\NetMonSv.exe" ["ArcaBit sp. z o.o."]

ArcaScan, ArcaScan, "E:\Program Files\ArcaVir\Bin\arcascan.exe" ["ArcaBit"]

ArcaVir Monitor, ArcaMonSvc, "E:\Program Files\ArcaVir\Bin\avmonsv.exe" ["ArcaBit"]

MSSQLSERVER, MSSQLSERVER, "E:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -sMSSQLSERVER" [MS]

NVIDIA Driver Helper Service, NVSvc, "E:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]

Outpost Firewall Service, OutpostFirewall, "E:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /service" ["Agnitum"]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

hpzsnt10\Driver = "hpzsnt10.dll" ["HP"]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

  use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 32 seconds, including 2 seconds for message boxes)

Złączono Posta : 25.11.2005 (Pią) 21:03

część programów znikła z pulpitu nie chcą działać nie chcę się włączyć IE dopiero wemę właściwości internetowe a tam kwadracik zamiast strony google startowej

Gutek · 25 Listopad 2005 20:10

Jaki masz problem w tym systemie bo się zgubiłem?

Arturos167 · 25 Listopad 2005 21:27

Logfile of HijackThis v1.99.1

Scan saved at 22:22:48, on 2005-11-25

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ArcaVir\Bin\NetMonSv.exe

C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\ArcaVir\Bin\ABmenu.exe

C:\Program Files\ArcaVir\Bin\ABregmon.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\MarBit\MBTorrent\MBTorrent.exe

C:\WINDOWS\system32\RaConfig.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\MarBit\MBTorrent\MBClient.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\MarBit\MBTorrent\MBClient.exe

C:\totalcmd\TOTALCMD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\DOCUME~1\AGNIES~1\USTAWI~1\Temp\_tc\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://www.google.pl/]http://www.google.pl/[/url]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [ABmenu] C:\Program Files\ArcaVir\Bin\ABmenu.exe

O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\ArcaVir\Bin\ABregmon.exe

O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [MarBitTorrent] C:\Program Files\MarBit\MBTorrent\MBTorrent.exe

O4 - Global Startup: RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - [url=http://arcaonline.arcabit.com/ArcaOnline.cab]http://arcaonline.arcabit.com/ArcaOnline.cab[/url]

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - [url=http://tools.ebayimg.com/eps/activex/EPUWALControl_v1-0-3-18.cab]http://tools.ebayimg.com/eps/activex/EP ... 0-3-18.cab[/url]

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url=http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117503097285]http://v5.windowsupdate.microsoft.com/v ... 7503097285[/url]

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - [url=http://skaner.mks.com.pl/SkanerOnline.cab]http://skaner.mks.com.pl/SkanerOnline.cab[/url]

O17 - HKLM\System\CCS\Services\Tcpip\..\{485E5BF4-69B6-4A8F-8B6C-E0AAA33FF8B3}: NameServer = 194.204.159.1,194.204.152.34

O17 - HKLM\System\CS1\Services\Tcpip\..\{485E5BF4-69B6-4A8F-8B6C-E0AAA33FF8B3}: NameServer = 194.204.159.1,194.204.152.34

O17 - HKLM\System\CS2\Services\Tcpip\..\{485E5BF4-69B6-4A8F-8B6C-E0AAA33FF8B3}: NameServer = 194.204.159.1,194.204.152.34

O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program Files\ArcaVir\Bin\NetMonSv.exe

O23 - Service: ArcaVir Monitor (ArcaMonSvc) - ArcaBit - C:\Program Files\ArcaVir\Bin\avmonsv.exe

O23 - Service: ArcaScan - ArcaBit - C:\Program Files\ArcaVir\Bin\arcascan.exe

O23 - Service: arcaserv - ArcaBit Sp. z o. o. - C:\Program Files\ArcaVir\bin\arcaserv.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


log z sillent runners

"Silent Runners.vbs", revision 41, [url=http://www.silentrunners.org/]http://www.silentrunners.org/[/url]

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit" [MS]

"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" [file not found]

"NVIEW" = "rundll32.exe nview.dll,nViewLoadHook" [MS]

"MarBitTorrent" = "C:\Program Files\MarBit\MBTorrent\MBTorrent.exe" ["MarBit"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}

"wininet.dll" = "mscornet.exe" [null data]

"nvctrl.exe" = "nvctrl.exe" [file not found]

"kernel32.dll" = "C:\WINDOWS\System32\mssearchnet.exe" [file not found]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe" ["HP"]

"ABmenu" = "C:\Program Files\ArcaVir\Bin\ABmenu.exe" ["ArcaBit"]

"ABREGMON" = "C:\Program Files\ArcaVir\Bin\ABregmon.exe" ["ArcaBit"]

"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" [file not found]

"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" [file not found]


HKLM\Software\Microsoft\Active Setup\Installed Components\

{5945c046-1e7d-11d1-bc44-00c04fd912be}\(Default) = "Windows Messenger 4.7"

                                       \StubPath = "rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Remove.PerUser" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Eksplorator pulpitów"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\

INFECTION WARNING! "{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}" = "st3"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\st3.dll" [file not found]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

ArcaVir\(Default) = "{39D48A26-EB1E-494c-973B-DDF4B2BEFE3F}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ArcaVir\Bin\ArcaShl.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

ArcaVir\(Default) = "{39D48A26-EB1E-494c-973B-DDF4B2BEFE3F}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ArcaVir\Bin\ArcaShl.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Agnieszka\Dane aplikacji\Microsoft\Internet Explorer\Tapeta programu Internet Explorer.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]



Startup items in "Agnieszka" & "All Users" startup folders:

-----------------------------------------------------------


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"RaConfig" -> shortcut to: "C:\WINDOWS\system32\RaConfig.exe" ["Ralink Technology, Corp."]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{01E69986-A054-4C52-ABE8-EF63DF1C5211}" = "Cram Toolbar" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Cram Toolbar\untitled1.dll" [file not found]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\

"ButtonText" = "FlashGet"

"MenuText" = "&FlashGet"

"Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


ArcaBit NetMonitor, ABNetMon, "C:\Program Files\ArcaVir\Bin\NetMonSv.exe" ["ArcaBit sp. z o.o."]

MSSQLSERVER, MSSQLSERVER, "C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -sMSSQLSERVER" [MS]

NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

hpzsnt10\Driver = "hpzsnt10.dll" ["HP"]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

  use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 27 seconds, including 2 seconds for message boxes)

Mówiłem o tym systemie,teraz znowóż weszłem wszystko jest na swoim miejscu,nie rozumiem tego,dzieją się dziwne rzeczy na obydwóch systemach,zegar przestawiony data również.I co chwila zainfekowany. 


[color=darkblue][size=75][i][b]Złączono Posta[/b]: 25.11.2005 (Pią) 22:28[/i][/size][/color]

[code][code]Logfile of HijackThis v1.99.1

Scan saved at 22:22:48, on 2005-11-25

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ArcaVir\Bin\NetMonSv.exe

C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\ArcaVir\Bin\ABmenu.exe

C:\Program Files\ArcaVir\Bin\ABregmon.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\MarBit\MBTorrent\MBTorrent.exe

C:\WINDOWS\system32\RaConfig.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\MarBit\MBTorrent\MBClient.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\MarBit\MBTorrent\MBClient.exe

C:\totalcmd\TOTALCMD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\DOCUME~1\AGNIES~1\USTAWI~1\Temp\_tc\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://www.google.pl/]http://www.google.pl/[/url]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [ABmenu] C:\Program Files\ArcaVir\Bin\ABmenu.exe

O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\ArcaVir\Bin\ABregmon.exe

O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [MarBitTorrent] C:\Program Files\MarBit\MBTorrent\MBTorrent.exe

O4 - Global Startup: RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - [url=http://arcaonline.arcabit.com/ArcaOnline.cab]http://arcaonline.arcabit.com/ArcaOnline.cab[/url]

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - [url=http://tools.ebayimg.com/eps/activex/EPUWALControl_v1-0-3-18.cab]http://tools.ebayimg.com/eps/activex/EP ... 0-3-18.cab[/url]

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url=http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117503097285]http://v5.windowsupdate.microsoft.com/v ... 7503097285[/url]

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - [url=http://skaner.mks.com.pl/SkanerOnline.cab]http://skaner.mks.com.pl/SkanerOnline.cab[/url]

O17 - HKLM\System\CCS\Services\Tcpip\..\{485E5BF4-69B6-4A8F-8B6C-E0AAA33FF8B3}: NameServer = 194.204.159.1,194.204.152.34

O17 - HKLM\System\CS1\Services\Tcpip\..\{485E5BF4-69B6-4A8F-8B6C-E0AAA33FF8B3}: NameServer = 194.204.159.1,194.204.152.34

O17 - HKLM\System\CS2\Services\Tcpip\..\{485E5BF4-69B6-4A8F-8B6C-E0AAA33FF8B3}: NameServer = 194.204.159.1,194.204.152.34

O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program Files\ArcaVir\Bin\NetMonSv.exe

O23 - Service: ArcaVir Monitor (ArcaMonSvc) - ArcaBit - C:\Program Files\ArcaVir\Bin\avmonsv.exe

O23 - Service: ArcaScan - ArcaBit - C:\Program Files\ArcaVir\Bin\arcascan.exe

O23 - Service: arcaserv - ArcaBit Sp. z o. o. - C:\Program Files\ArcaVir\bin\arcaserv.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


log z sillent runners

"Silent Runners.vbs", revision 41, [url=http://www.silentrunners.org/]http://www.silentrunners.org/[/url]

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit" [MS]

"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" [file not found]

"NVIEW" = "rundll32.exe nview.dll,nViewLoadHook" [MS]

"MarBitTorrent" = "C:\Program Files\MarBit\MBTorrent\MBTorrent.exe" ["MarBit"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}

"wininet.dll" = "mscornet.exe" [null data]

"nvctrl.exe" = "nvctrl.exe" [file not found]

"kernel32.dll" = "C:\WINDOWS\System32\mssearchnet.exe" [file not found]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe" ["HP"]

"ABmenu" = "C:\Program Files\ArcaVir\Bin\ABmenu.exe" ["ArcaBit"]

"ABREGMON" = "C:\Program Files\ArcaVir\Bin\ABregmon.exe" ["ArcaBit"]

"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" [file not found]

"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" [file not found]


HKLM\Software\Microsoft\Active Setup\Installed Components\

{5945c046-1e7d-11d1-bc44-00c04fd912be}\(Default) = "Windows Messenger 4.7"

                                       \StubPath = "rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Remove.PerUser" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Eksplorator pulpitów"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\

INFECTION WARNING! "{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}" = "st3"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\st3.dll" [file not found]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

ArcaVir\(Default) = "{39D48A26-EB1E-494c-973B-DDF4B2BEFE3F}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ArcaVir\Bin\ArcaShl.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

ArcaVir\(Default) = "{39D48A26-EB1E-494c-973B-DDF4B2BEFE3F}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ArcaVir\Bin\ArcaShl.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Agnieszka\Dane aplikacji\Microsoft\Internet Explorer\Tapeta programu Internet Explorer.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]



Startup items in "Agnieszka" & "All Users" startup folders:

-----------------------------------------------------------


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"RaConfig" -> shortcut to: "C:\WINDOWS\system32\RaConfig.exe" ["Ralink Technology, Corp."]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{01E69986-A054-4C52-ABE8-EF63DF1C5211}" = "Cram Toolbar" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Cram Toolbar\untitled1.dll" [file not found]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\

"ButtonText" = "FlashGet"

"MenuText" = "&FlashGet"

"Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


ArcaBit NetMonitor, ABNetMon, "C:\Program Files\ArcaVir\Bin\NetMonSv.exe" ["ArcaBit sp. z o.o."]

MSSQLSERVER, MSSQLSERVER, "C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -sMSSQLSERVER" [MS]

NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

hpzsnt10\Driver = "hpzsnt10.dll" ["HP"]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

  use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 27 seconds, including 2 seconds for message boxes)

Mówiłem o tym systemie,teraz znowóż weszłem wszystko jest na swoim miejscu,nie rozumiem tego,dzieją się dziwne rzeczy na obydwóch systemach,zegar przestawiony data również.I co chwila zainfekowany.