Prosze o sprawdzenie loga


(Ninia27) #1
"Silent Runners.vbs", revision 43, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"AntiSpyware7" = ""C:\Programmer\Steganos AntiSpyware 7\aspy7.exe" /0" ["Steganos GmbH"]

"Gadu-Gadu" = ""C:\Programmer\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"ISUSScheduler" = ""C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"]

"Openwares LiveUpdate" = "C:\Program Files\LiveUpdate\LiveUpdate.exe" ["Openwares"]

"APVXDWIN" = ""C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s" ["Panda Software International"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "Adobe PDF Reader Link Helper" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = "SSVHelper Class" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "c:\programmer\google\googletoolbar2.dll" ["Google Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Kontrolpanel-udvidelse til skærmpanorering"

  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-ikon"

  -> {CLSID}\InProcServer32\(Default) = "blank" [file not found]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Microsoft Office\Office10\msohev.dll" [MS]

"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "Logitech-billeder"

  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Logitech\Video\Namespc2.dll" ["Logitech Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\WinRAR\rarext.dll" [null data]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\K-Lite Codec Pack\Media Player Classic\rpshell.dll" ["RealNetworks, Inc."]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Fælles filer\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Fælles filer\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{0572F6AE-950B-4ae1-80F4-9065417ABB21}" = "ContextMenuExt Extension"

  -> {CLSID}\InProcServer32\(Default) = "blank" [file not found]

"{DBD8E168-244D-448C-9922-25508950D1DC}" = "Ulead UDF Driver"

  -> {CLSID}\InProcServer32\(Default) = "blank" [file not found]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{B6F322A8-7E5F-483B-84AA-D2E30A6785C6}" = "Steganos AntiSpyware 7 Context Menu Integration"

  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\STEGAN~1\SSCtxMnu.dll" ["Steganos GmbH"]

"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser"

  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]

"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View"

  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"]

"{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a² Context Menu Shell Extension"

  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\a-squared\a2contmenu.dll" [null data]

"{5E2121EE-0300-11D4-8D3B-444553540000}" = "SimpleShlExt extension"

  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Spik\shellext_wpmsg.dll" [empty string]

"{65756541-C65C-11CD-0000-4B656E696100}" = "Panda Antivirus"

  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\ShellTit.DLL" ["Panda Software International"]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! avldr\DLLName = "avldr.dll" ["Panda Software"]

INFECTION WARNING! RegCompact\DLLName = "RegCompact.dll" ["AMUST Software"]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

Arcsoft\(Default) = "{0572F6AE-950B-4ae1-80F4-9065417ABB21}"

  -> {CLSID}\InProcServer32\(Default) = "blank" [file not found]

ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"

  -> {CLSID}\InProcServer32\(Default) = "blank" [file not found]

Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\ShellTit.DLL" ["Panda Software International"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\WinRAR\rarext.dll" [null data]

WPKontakt\(Default) = "{5E2121EE-0300-11D4-8D3B-444553540000}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Spik\shellext_wpmsg.dll" [empty string]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

Arcsoft\(Default) = "{0572F6AE-950B-4ae1-80F4-9065417ABB21}"

  -> {CLSID}\InProcServer32\(Default) = "blank" [file not found]

ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"

  -> {CLSID}\InProcServer32\(Default) = "blank" [file not found]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\a-squared\a2contmenu.dll" [null data]

AntiSpyware7\(Default) = "{B6F322A8-7E5F-483B-84AA-D2E30A6785C6}"

  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\STEGAN~1\SSCtxMnu.dll" ["Steganos GmbH"]

Arcsoft\(Default) = "{0572F6AE-950B-4ae1-80F4-9065417ABB21}"

  -> {CLSID}\InProcServer32\(Default) = "blank" [file not found]

ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"

  -> {CLSID}\InProcServer32\(Default) = "blank" [file not found]

Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\ShellTit.DLL" ["Panda Software International"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\WinRAR\rarext.dll" [null data]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Tommy\Lokale indstillinger\Application Data\Microsoft\Wallpaper1.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ssmypics.scr" [MS]



Startup items in "Tommy" & "All Users" startup folders:

-------------------------------------------------------


C:\Documents and Settings\All Users\Menuen Start\Programmer\Start

"Adobe Reader Hurtigstart" -> shortcut to: "C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavlsp.dll ["Panda Software "], 01 - 03, 17

%SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 09 - 16

%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "c:\programmer\google\googletoolbar2.dll" ["Google Inc."]


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "c:\programmer\google\googletoolbar2.dll" ["Google Inc."]


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint"

  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Canon\Easy-WebPrint\Toolband.dll" [null data]


"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "c:\programmer\google\googletoolbar2.dll" ["Google Inc."]


Explorer Bars


HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

{A1A7E22D-1587-4230-8F16-081C68D21448}\ = "Szybkie dostosowywanie programu Outpost Firewall Pro" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "blank" [file not found]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]


{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Programmer\Messenger\msmsgs.exe" [MS]



Miscellaneous IE Hijack Points

------------------------------


C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")


Added lines (compared with English-language version):

: ÿþ[V e r s i o n] 


: S i g n a t u r e = " $ C H I C A G O $ " 


: A d v a n c e d I N F = 2 . 5 , " Y o u n e e d a n e w v e r s i o n o f a d v p a c k . d l l " 


:  


: [R e s t o r e H o m e P a g e] 


: A d d R e g = R e s t o r e H o m e P a g e . r e g 


:  


: [R e s t o r e B r o w s e r S e t t i n g s] 


: A d d R e g = R e s t o r e B r o w s e r S e t t i n g s . r e g 


: D e l R e g = D e l e t e T e m p l a t e s . r e g , D e l e t e A u t o s e a r c h . r e g 


:  


: [R e s t o r e H o m e P a g e . r e g] 


: H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " S t a r t P a g e " , 0 , % S T A R T _ P A G E _ U R L % 


:  


: [R e s t o r e B r o w s e r S e t t i n g s . r e g] 


: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " D e f a u l t _ P a g e _ U R L " , 0 , % S T A R T _ P A G E _ U R L % 


: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " D e f a u l t _ S e a r c h _ U R L " , 0 , % S E A R C H _ P A G E _ U R L % 


: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " S e a r c h P a g e " , 0 , % S E A R C H _ P A G E _ U R L % 


: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 1 " , 0 , " w w w . % s . c o m " 


: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 2 " , 0 , " w w w . % s . o r g " 


: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 3 " , 0 , " w w w . % s . n e t " 


: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 4 " , 0 , " w w w . % s . e d u " 


: H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " S e a r c h P a g e " , 0 , % S E A R C H _ P A G E _ U R L % 


:  


: ; N O T E ( a n d r e w g u ) i e 5 . 5 b # 1 0 8 2 5 9 - a u t o s e a r c h s e t t i n g s a r e n o t p r o p e r l y r e s e t 


: H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ S e a r c h U r l " , " P r o v i d e r " , 0 , " " 


:  


: t m " 


: t m " 


: H K L M , " S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n t e r n e t S e t t i n g s \ S a f e S i t e s " , % S A F E S I T E _ V A L U E % , 0 , " h t t p : / / i e . s e a r c h . m s n . c o m / * " 


:  


: [D e l e t e T e m p l a t e s . r e g] 


: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 5 " 


: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 6 " 


: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 7 " 


: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 8 " 


: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 9 " 


:  


: [D e l e t e A u t o s e a r c h . r e g] 


: ; N O T E ( a n d r e w g u ) i e 5 . 5 b # 1 0 8 2 5 9 - a u t o s e a r c h s e t t i n g s a r e n o t p r o p e r l y r e s e t 


: H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " A u t o S e a r c h " 


:  


: [S t r i n g s] 


: S T A R T _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & p v e r = 6 & a r = m s n h o m e " 


: S E A R C H _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & a r = i e s e a r c h " 


: S A F E S I T E _ V A L U E = " i e . s e a r c h . m s n . c o m " 


:  


: ; I M P O R T A N T N O T E : 


: ; I E b r a n d i n g d l l ( i e d k c s 3 2 . d l l ) u s e s t h e f o l l o w i n g e n t r i e s t o r e s t o r e t h e d e f a u l t M S v a l u e s . 


: ; I n t h e v a n i l l a v e r s i o n o f I E , t h e v a l u e s m u s t b e t h e s a m e a s t h e i r c o r r e s p o n d i n g n o n M S _ * v a l u e s . 


: ; F o r e x a m p l e , S T A R T _ P A G E _ U R L a n d M S _ S T A R T _ P A G E _ U R L m u s t h a v e t h e s a m e U R L i n t h e I E v e r s i o n r e l e a s e d b y M S . 


: M S _ S T A R T _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & p v e r = 6 & a r = m s n h o m e " 


:  


Missing lines (compared with English-language version):

[Version]: 2 lines

[RestoreHomePage]: 1 line

[RestoreHomePage.reg]: 1 line

[RestoreBrowserSettings.reg]: 12 lines

[DeleteTemplates.reg]: 5 lines

[DeleteAutosearch.reg]: 1 line

[Strings]: 1 line

[RestoreBrowserSettings]: 2 lines

[Strings]: 3 lines



HOSTS file

----------


HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\

HIJACK WARNING! "DataBasePath" = "%SystemRoot%\System32\drivers\etc"



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


BrSplService, Brother XP spl Service, "C:\WINDOWS\system32\brsvc01a.exe" ["brother Industries Ltd"]

C-DillaSrv, C-DillaSrv, "C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE" ["C-Dilla Ltd"]

Panda anti-virus service, PAVSRV, ""C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe"" ["Panda Software International"]

Panda Function Service, PAVFNSVR, ""C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe"" ["Panda Software"]

Panda IManager Service, PSIMSVC, ""C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe"" ["Panda Software Internacional"]

Panda Network Manager, PNMSRV, ""c:\programmer\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE"" ["Panda Software"]

Panda Process Protection Service, PavPrSrv, ""C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe"" ["Panda Software"]

Panda TPSrv, TPSrv, ""C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe"" ["Panda Software"]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

Canon BJ Language Monitor MP760\Driver = "CNMLM6h.DLL" ["CANON INC."]

Canon BJ Language Monitor PIXMA iP3000\Driver = "CNMLM61.DLL" ["CANON INC."]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

  use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 73 seconds, including 10 seconds for message boxes)

(Gutek) #2

A co sie dzieje?


(Ninia27) #3

Jak na razie nic , ale ten log jest jakis dziwny.


(Gutek) #4

Ja się nad tymi wpisami zastanawiałem po czym i od czego klucze - od aparatu???

i zrób tak - otwórz notanik i wklej:

Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą FIX.REG >>> kliknij podwójnie zrobiony plik i potwierdź >>> reset kompa